×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
dbritch
Explorer
Member since: ‎10-29-2010
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎10-29-2010
Activity Feed
Topics I've Started
View All

Re: System Name from Syslog File

by in Getting Data In
‎10-29-2010 08:05 PM
‎10-29-2010 08:05 PM
I gess that should have been a comment rather than an answer - sorry. I'm just learning this interface. dbr ... View more

Re: System Name from Syslog File

by in Getting Data In
‎10-29-2010 07:28 PM
‎10-29-2010 07:28 PM
Sure - here's an example. Everything from /var/log/secure is attributed to r00n06, my syslog and splunk server: 2010-10-29T19:27:29+00:00 r07n15 sshd[8158]: Connection closed by 10.253.0.6 2010-10-29T19:27:29+00:00 r07n15 sshd[8160]: Connection closed by 10.0.0.6 2010-10-29T19:27:29+00:00 r01n40 sshd[24669]: Connection closed by 10.253.0.6 2010-10-29T19:27:29+00:00 r01n40 sshd[24671]: Connection closed by 10.0.0.6 2010-10-29T19:27:29+00:00 r07n11 sshd[9969]: Connection closed by 10.253.0.6 2010-10-29T19:27:29+00:00 r07n11 sshd[9971]: Connection closed by 10.0.0.6 2010-10-29T19:27:29+00:00 r03n03 sshd[13527]: Connection closed by 10.0.0.6 2010-10-29T19:27:29+00:00 r03n03 sshd[13526]: Connection closed by 10.253.0.6 2010-10-29T19:27:29+00:00 r02n07 sshd[21721]: Connection closed by 10.0.0.6 2010-10-29T19:27:29+00:00 r02n07 sshd[21722]: Connection closed by 10.253.0.6 2010-10-29T19:27:29+00:00 r06n26 sshd[30827]: Connection closed by 10.253.0.6 2010-10-29T19:27:29+00:00 r06n26 sshd[30829]: Connection closed by 10.0.0.6 2010-10-29T19:27:29+00:00 r10n32 sshd[3410]: Connection closed by 10.253.0.6 2010-10-29T19:27:29+00:00 r10n32 sshd[3411]: Connection closed by 10.0.0.6 2010-10-29T19:27:29+00:00 r09n27 sshd[637]: Connection closed by 10.253.0.6 2010-10-29T19:27:29+00:00 r09n27 sshd[639]: Connection closed by 10.0.0.6 2010-10-29T19:27:30+00:00 r05n06 sshd[7678]: Connection closed by 10.253.0.6 2010-10-29T19:27:30+00:00 r05n06 sshd[7680]: Connection closed by 10.0.0.6 ... View more

System Name from Syslog File

by in Getting Data In
‎10-29-2010 06:12 AM
1 Karma
‎10-29-2010 06:12 AM
1 Karma
I'm using splunk to monitor /var/log on a RHEL-5.5 syslog server. It's running rsyslog, not syslog-ng. For some log messages, Splunk can get the name of the originating node, but on for others it simply attributes them to the log server. How can I get Splunk to use the node name in all cases? Thanks, David ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM
Karma from
View All