Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About mcweens
mcweens
Explorer
Member since:
12-12-2018
12-06-2023
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 12-12-2018 |
Activity Feed
- Got Karma for Re: Dropping Logs Sent Straight to Splunk Cloud. 2 weeks ago
- Posted Re: Dropping Logs Sent Straight to Splunk Cloud on Splunk Cloud Platform. 07-09-2021 09:48 AM
- Posted awsAddOn sourcetype=aws:config:notification configurationItem.resourceType = AWS::S3::Bucket no Longer Showing on Splunk Search. 07-09-2021 09:46 AM
- Posted Re: Dropping Logs Sent Straight to Splunk Cloud on Splunk Cloud Platform. 06-29-2021 07:49 AM
- Posted Dropping Logs Sent Straight to Splunk Cloud on Splunk Cloud Platform. 06-29-2021 06:06 AM
- Posted Re: Jenkins to Splunk, Only Connection Test Success on All Apps and Add-ons. 05-08-2019 12:31 PM
- Posted Jenkins to Splunk, Only Connection Test Success on All Apps and Add-ons. 05-07-2019 11:41 AM
- Tagged Jenkins to Splunk, Only Connection Test Success on All Apps and Add-ons. 05-07-2019 11:41 AM
- Tagged Jenkins to Splunk, Only Connection Test Success on All Apps and Add-ons. 05-07-2019 11:41 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
07-09-2021
09:48 AM
1 Karma
We ended up routing this data to the HF instead of it going straight to splunk cloud. We heard that the approval process for an app to get accepted is painful and also apparently Splunk Cloud doesn't want you having inputs on your search head anyways (it had been there for like 3 years though before they said anything). Thanks!
... View more
07-09-2021
09:46 AM
Hello, we use the AWS AddOn for Splunk for all of our AWS Inputs. For a few months, after many years of this showing correctly, we no longer see data under this search: sourcetype=aws:config:notification configurationItem.resourceType = AWS::S3::Bucket The thing is, nothing changed other than updates to the AWS AddOn. AND we still get data under here for every resourceType that I can think of EXCEPT S3, so the AWS side configuration and the inputs I have to assume are set fine. sourcetype=aws:config:notification I have looked over this in every facet I can think possible and have had a support case open for a while now. Any thoughts or similar cases? Thanks!
... View more
06-29-2021
07:49 AM
Ok so I would just make an app that has altered transforms and props and then upload that? Just confusing because on a HF you would just alter the props and transforms for splunk.
... View more
06-29-2021
06:06 AM
Hi all, So my Splunk architecture consists of just 1 Heavy Forwarder and Splunk Cloud. I have some logs that do not go through the HF (straight to Splunk Cloud) that I want to drop based on their IP and to do so was wanting to modify props and transforms on the Cloud (like you would do on a forwarder to drop logs). Support is telling me in order to do this I should make a custom app and modify props and transforms there and not giving me much more than that. Has anyone done something like this and what did you end up doing? Thanks!
... View more
Labels
05-08-2019
12:31 PM
Note: I just noticed I also need to use this since we have Pipeline jobs:
https://wiki.jenkins.io/display/JENKINS/Splunk+Plugin+for+Pipeline+Job+Support
I need to have someone else install that and I will update this ticket when I get to try the addiontal plugin. I will note that for some reason the Connection Test is no longer working, the only change was Splunk Support making the HEC public facing.
... View more
05-07-2019
11:41 AM
Hello, I know there are a few questions on there on this already, I have taken all the advice I can find from forums and documentation. I will try to provide lots of detail.
I am trying to get Jenkins to send all logs to Splunk, I am trying to go straight to our Splunk Cloud instance (I could go to the HF first if that would make sense). Currently none of the Jenkins dashboards on the Splunk app are populating.
Using the Jenkins Splunk Plugin (latest version) with no customization, I do get a successful connection test entering just the required parameters which I can see in Splunk search from the new HEC input I configured.
5/7/19 12:27:04.625 PM
ping from jenkins plugin
raw event ping
host = xxxxxx source = http:jenkins sourcetype = httpevent
From research I found that with the latest version of the Splunk Plugin on the Jenkins side that you do not need to customize any of the events or metadata and then everything will be sent.
Here are some other things I could not find documented anywhere:
- What are the indexes supposed to be on the HEC Input config? I originally had just main but then added all the Jenkins related ones, not sure how that is supposed to work.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-06-2023
03:47 PM
|
