Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About pvuong
pvuong
Explorer
Member since:
07-05-2016
06-05-2020
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 2 |
| Member Since | 07-05-2016 |
Activity Feed
- Got Karma for Re: Why is the Splunk Add-on for F5 BIG-IP not separating sourcetypes as expected?. 06-28-2021 08:45 AM
- Got Karma for Re: Why is the Splunk Add-on for F5 BIG-IP not separating sourcetypes as expected?. 06-05-2020 12:48 AM
- Karma Re: Transfering data from one index to another for linu1988. 06-05-2020 12:46 AM
- Posted Re: Why is the Splunk App for Unix and Linux displaying events for data from another index? on All Apps and Add-ons. 07-27-2016 01:30 AM
- Posted Re: Why is the Splunk Add-on for F5 BIG-IP not separating sourcetypes as expected? on All Apps and Add-ons. 07-25-2016 04:00 AM
- Posted Re: Why is the Splunk App for Unix and Linux displaying events for data from another index? on All Apps and Add-ons. 07-25-2016 02:34 AM
- Posted Re: Why is the Splunk App for Unix and Linux displaying events for data from another index? on All Apps and Add-ons. 07-21-2016 01:51 AM
- Posted Why is the Splunk App for Unix and Linux displaying events for data from another index? on All Apps and Add-ons. 07-19-2016 02:12 AM
- Tagged Why is the Splunk App for Unix and Linux displaying events for data from another index? on All Apps and Add-ons. 07-19-2016 02:12 AM
- Tagged Why is the Splunk App for Unix and Linux displaying events for data from another index? on All Apps and Add-ons. 07-19-2016 02:12 AM
- Tagged Why is the Splunk App for Unix and Linux displaying events for data from another index? on All Apps and Add-ons. 07-19-2016 02:12 AM
- Tagged Why is the Splunk App for Unix and Linux displaying events for data from another index? on All Apps and Add-ons. 07-19-2016 02:12 AM
- Posted Re: Same sourcetype in different TA or APPs on Getting Data In. 07-07-2016 05:34 AM
- Posted Re: Same sourcetype in different TA or APPs on Getting Data In. 07-06-2016 12:22 AM
- Posted Same sourcetype in different TA or APPs on Getting Data In. 07-05-2016 07:48 AM
- Tagged Same sourcetype in different TA or APPs on Getting Data In. 07-05-2016 07:48 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
07-27-2016
01:30 AM
The recent version : splunk_app_for_nix 5.1.0
In this Unix app searches powering, it search in all index that i created for differents apps and TA
I think it's normal that the search powering can search for all index which are allowed in user control roles.
In WebUI Unix App, i thought that each App can only see the index belong to its own contexte ?
Thnx
... View more
07-25-2016
04:00 AM
2 Karma
Hello,
Did you get any answer about this question ? I have the same problem for all my F5:big IP logs
... View more
07-25-2016
02:34 AM
Up again ....
No body hast'n met the problem i mentioned ? Only my Splunk Instance have this symptom ?
... View more
07-21-2016
01:51 AM
Hello everyone,
Any help, please ??
... View more
07-19-2016
02:12 AM
Hello,
I installed SA-nix, splunk_app_for_nix, Splunk_TA_nix for indexing all my Linux host system data.
I have several questions about these three apps/add-ons
Where I do I put my local inputs.conf and local indexes.conf ?
SA-nix/local/[inputs.conf | indexes.conf ]
splunk_app_for_nix/local/[inputs.conf | indexes.conf ]
splunk_app_for_nix/install/SA-nix/local/[inputs.conf | indexes.conf ]
splunk_app_for_nix/install/Splunk_TA_nix/local/[inputs.conf | indexes.conf ]
Splunk_TA_nix/local/[inputs.conf | indexes.conf ]
Which changes can it make according to these different locations of my inputs.conf or indexes.conf?
Web interface of Splunk App For Unix
In the settings parameters, I have configured my Linux Index(es) to contain Linux host data.
Example:
index=os
index=sys_linux (which has all my linux syslog indexed with sourcetype=syslog)
In this logic, Splunk App For Unix can display only all events in these indexes ...
But in Metrics/Hosts tab, I can see Cisco events from other hosts which has been indexing in another index (index=net_cisco) and another sourcetype (sourcetype=cisco:ios)
I don't understand why my Splunk App For Unix can display the information/events which from another index that doesn't concern Linux data.
Any help is appreciated, thank you
Marie
... View more
07-07-2016
05:34 AM
Ok Thanks for your answer. For Cisco asa and Cisoc ios, i have indeed used cisco:asa, cisco:ios for my cisco log sourcetype
So it not recommanded to have multiple different styles of data with the same sourcetype. Why the Apps or TA didn't configured with the default/props.conf to different kind of log like
nix_syslog
ios_syslog
postfix_syslog
instead of the same name "syslog" which can quite lead to confusion ...
Thanks for your answer.
Marie
... View more
07-06-2016
12:22 AM
Hi,
Thanks for your answer.
I wanted to add data to different index for each kind of equipment : index_nix, index_cisco, index_asa to allow the diffrent role permission.
I know that *nix need to create other index like "os", "unix_summary" ....
My question is how SPLUNK can know the different kind sourcetype of the same name "syslog" dedicated and configured in different APPs or TA ("syslog" of cisco ios or "syslog" of splunk_app_for_nix ? ). In this case, which file props.conf or transforms.conf that SPLUNK uses (the cisco one or the nix one ) ?
Thanks for any help
... View more
07-05-2016
07:48 AM
Hello,
I have a Splunk server which is Indexer and SearchHead. All of the logs are splited to different file by rsyslog in front process.
So i have all log in File format by host like :
/var/rsyslog/HOST1
/var/rsyslog/HOST2
/var/rsyslog/HOST3
/var/rsyslog/HOST4
All input to Splunk is indexed by monitor file method for one or several file (broadcast /var/rsyslog/*)
I installed three apps:
- splunk_app_for_nix( included SA-nix, Splunk_TA_nix) dedicated for Linux, Unix systeme event dashbord.
- cisco_ios (included TA-cisco_ios) dedicated for Cisco Switch event dashbord
- Splunk_CiscoSecuritySuite (included Splunk_TA_cisco-asa) dedicated for ASA event dashbord
My three input are :
For splunk_app_for_nix --> splunk_app_for_nix/local/inputs.conf
[monitor:///var/rsyslog/linux_HostName*]
disabled = false
host_segment = 4
index = index_nix
sourcetype = syslog
For cisco_ios ---> cisco_ios/local/inputs.conf
[monitor:///var/rsyslog/cisco_switch_HostName*]
disabled = false
host = cisco_swith_HostName
index = net_cisco
sourcetype = syslog
Splunk_CiscoSecuritySuite ---> Splunk_TA_cisco-asa/local/inputs.conf
[monitor:///var/rsyslog/cisco_asa_HostaName*]
disabled = false
host = cisco_asa_Hostname
index = net_asa
sourcetype = syslog
My Dashboard of cisco_ios and CiscoSecuritySuite are ok. All events are displayed correctly except the systeme nix .
All log in index "index_nix" arent extracted correctly in according to nix extract.
My question is how SPLUNK know the different "syslog" to use to adapt it to each kind of log : linux syslog, cisco ios syslog or cisco asa syslog ?
Any help is appreciated. Thanks by advance.
... View more
- Tags:
- splunk-enterprise
