Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About ahmedragy922
ahmedragy922
Explorer
Member since:
06-08-2019
06-05-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 6 |
| Member Since | 06-08-2019 |
Activity Feed
- Got Karma for what is the difference between override source type from forwarder and from indexer???. 06-05-2020 12:50 AM
- Got Karma for Re: what is the difference between override source type from forwarder and from indexer???. 06-05-2020 12:50 AM
- Got Karma for Re: what is the difference between override source type from forwarder and from indexer???. 06-05-2020 12:50 AM
- Got Karma for data pipeline and configuration files location. 06-05-2020 12:50 AM
- Got Karma for Re: data pipeline and configuration files location. 06-05-2020 12:50 AM
- Got Karma for Power user study guide. 06-05-2020 12:50 AM
- Posted splunk ES and Esesntial app prequiest on Splunk Enterprise Security. 07-08-2019 02:00 AM
- Tagged splunk ES and Esesntial app prequiest on Splunk Enterprise Security. 07-08-2019 02:00 AM
- Posted what is Splunk Add-on for Box on All Apps and Add-ons. 06-26-2019 12:37 AM
- Tagged what is Splunk Add-on for Box on All Apps and Add-ons. 06-26-2019 12:37 AM
- Posted Splunk Enterprise Security: How to route data into app on Splunk Enterprise Security. 06-24-2019 03:05 PM
- Tagged Splunk Enterprise Security: How to route data into app on Splunk Enterprise Security. 06-24-2019 03:05 PM
- Tagged Splunk Enterprise Security: How to route data into app on Splunk Enterprise Security. 06-24-2019 03:05 PM
- Tagged Splunk Enterprise Security: How to route data into app on Splunk Enterprise Security. 06-24-2019 03:05 PM
- Tagged Splunk Enterprise Security: How to route data into app on Splunk Enterprise Security. 06-24-2019 03:05 PM
- Tagged Splunk Enterprise Security: How to route data into app on Splunk Enterprise Security. 06-24-2019 03:05 PM
- Posted Power user study guide on Training + Certification Discussions. 06-22-2019 05:24 AM
- Tagged Power user study guide on Training + Certification Discussions. 06-22-2019 05:24 AM
- Tagged Power user study guide on Training + Certification Discussions. 06-22-2019 05:24 AM
- Tagged Power user study guide on Training + Certification Discussions. 06-22-2019 05:24 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 1 | |||
| 1 |
07-08-2019
02:00 AM
hi,
is there any prerequisite to install or make ES or Essential app work ??? like should I install CIM add-on before deploying ES or Essential app???
... View more
06-26-2019
12:37 AM
hi,
what Splunk Add-on for Box is used for?? is there any app depend on that add-on?
... View more
- Tags:
- splunk-enterprise
06-24-2019
03:05 PM
Hi,
I can't find any material for studying Splunk security essential app, is there any documentation or videos explaining that app?
How do you get the data into SSE app ???
Do I have to use CIM to change source type to common name that SSE will understand?
... View more
06-22-2019
05:24 AM
1 Karma
Hi,
I'm planning to take power user certificate.
I didn't take the training for fundamentals 2 because it will cost me a lot of money.
so is there any material/study guide that I can study to prepare for power user certificate ??
... View more
06-11-2019
06:47 AM
1 Karma
thank you
... View more
06-09-2019
04:41 AM
1 Karma
thank you for your reply , but if i want to dynamically identify the sourcetype of data the are coming to indexer from forwarder , in this case i need to modify props.conf in indexer (parsing phase) to create regex matching the data and gives it a sourcetype ???
... View more
06-08-2019
03:19 PM
1 Karma
thank you for the answer , but i think i can override sourcetype,index,source and host in inputs.conf in Universal Forwarder , also i can do the same in indexer and Heavy Forwarder.
but i think there is the difference between them , in Universal Forwarder i can just write the index where the data will be stored in indexer but i don't have any power to filter the data as in inputs level splunk can't determine the events. in the opposite in indexer , the splunk can parse the data so i can dynamically override (writing regex to change a subset of data or routing some data to index and other to another index) the sourcetype,index,host,source for the data .
can you correct me if i'm wrong ??
... View more
06-08-2019
09:36 AM
1 Karma
Hello,
i'm confused about where configuration files (Search Head or Indexer) should i modify when i want to do filed extraction ??
or when i want to override sourcetype,source,host , should i do that in forwarder or indexer or search head???
is there any reference that map the configuration files to which data pipeline applies ?? for example : if i want to do field extraction >>> i should do that in Search head and configure props.conf and transforms.conf
i just found those 2 articles but i still confused.
https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/Configurationparametersandthedatapipeline
https://docs.splunk.com/Documentation/Splunk/7.2.6/Deploy/Datapipeline
... View more
- Tags:
- splunk-enterprise
06-08-2019
06:55 AM
1 Karma
Hi,
i'm new to splunk , i just wounder what is the difference between override source type/index from forwarder and from indexer???
and also if i choose to override sourcetype of files in universal forwarder , should i create a sourcetype and regex in transforms.conf on Search head with the new name that i specified in Universal Forwarder inputs.conf file to extract fields???
... View more
