cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
AlexHauptner
Engager
Member since: ‎08-28-2018
Community Statistics
Posts 2
Solutions 0
Karma Given 4
Karma Received 1
Member Since ‎08-28-2018
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Defining Timestamp for HEC Input

by in Getting Data In
‎02-05-2021 04:54 AM
1 Karma
‎02-05-2021 04:54 AM
1 Karma
There is a solution for Splunk > 7.2 : INGEST_EVAL props.conf   [json-github] ... DATETIME_CONFIG = CURRENT TRANSFORMS-get-date = construct_date   transforms.conf   [construct_date] INGEST_EVAL=_time=strptime(substr(_raw,17,20),"%Y-%m-%dT%H:%M:%SZ")     This works for HEC-event and HEC-raw endpoint!   For further information look at: https://conf.splunk.com/files/2020/slides/PLA1154C.pdf ... View more

Re: Splunk TA for Citrix NetScaler

by in Splunk Search
‎12-05-2019 02:54 AM
‎12-05-2019 02:54 AM
Hey, it looks like a permission issue: Go to "Manage Apps" and find the "Splunk Add-On for Citrix NetScaler", then click on "Permissions" and below change it from "This app only" to "All apps" ... View more
Contact Me
Karma from
View All
Karma given to