×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
borshoff
Explorer
Member since: ‎07-12-2016
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 2
Karma Received 1
Member Since ‎07-12-2016
Activity Feed
View All

Re: Extract value from Microsoft-windows-PrintServ...

by in Dashboards & Visualizations
‎08-02-2017 07:41 AM
‎08-02-2017 07:41 AM
try below [ testxmlst ] CHARSET=UTF-8 DATETIME_CONFIG=CURRENT KV_MODE=xml NO_BINARY_CHECK=true SHOULD_LINEMERGE=false disabled=false pulldown_type=true ... View more

Re: How to filter XmlWinEventLog in Heavy Forwarde...

by in Splunk Search
‎03-16-2017 06:11 AM
‎03-16-2017 06:11 AM
I found what was wrong. In input.conf we set "renderXml = true" . That's why props.conf doesn't apply to source::WinEventLog://ForwardedEvents. Cause source::WinEventLog://ForwardedEvents doesn't exist ! When i change it to "renderXml = false", filter start working! But, i still need get this events in XML. Is there any way to do that? "How are you getting the data into heavy forwarder, from universal forwarder?" No, we collect all events by Windows Event collecor server in ForwardedEvents log. On the same VM we deploy heavy forwarder + Windows_TA addon with all necessary conf. ... View more

Re: Whitelist regex in Windows Universal Forwarder...

by SplunkTrust in Splunk Search
‎08-05-2016 05:02 AM
‎08-05-2016 05:02 AM
There's no need for a capturing group. Also, (!? is not a valid regex construct. Perhaps you meant (?! , but there's no need for negation. Have you tried whitelist1 = EventCode="4656" Message="ObjectType:\s+File" ? ... View more

Re: Virustotal Checker: How to set the VT API key?

by in Splunk Search
‎01-09-2018 07:12 PM
‎01-09-2018 07:12 PM
since this app looks to be abandoned - see this one... seems pretty good. https://splunkbase.splunk.com/app/2895/#/details ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All