Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About cesca
cesca
Engager
Member since:
09-05-2011
06-05-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 09-05-2011 |
Activity Feed
- Karma Re: CISCO_ESA for sdaniels. 06-05-2020 12:46 AM
- Posted Re: CISCO_ESA on All Apps and Add-ons. 02-07-2013 03:32 AM
- Posted CISCO_ESA on All Apps and Add-ons. 02-05-2013 03:45 AM
- Tagged CISCO_ESA on All Apps and Add-ons. 02-05-2013 03:45 AM
- Tagged CISCO_ESA on All Apps and Add-ons. 02-05-2013 03:45 AM
- Tagged CISCO_ESA on All Apps and Add-ons. 02-05-2013 03:45 AM
- Tagged CISCO_ESA on All Apps and Add-ons. 02-05-2013 03:45 AM
- Tagged CISCO_ESA on All Apps and Add-ons. 02-05-2013 03:45 AM
- Posted Re: Merge DNS logs and IP logs on Splunk Search. 05-25-2012 03:22 AM
- Posted Merge DNS logs and IP logs on Splunk Search. 05-03-2012 03:17 AM
- Tagged Merge DNS logs and IP logs on Splunk Search. 05-03-2012 03:17 AM
- Tagged Merge DNS logs and IP logs on Splunk Search. 05-03-2012 03:17 AM
- Tagged Merge DNS logs and IP logs on Splunk Search. 05-03-2012 03:17 AM
- Tagged Merge DNS logs and IP logs on Splunk Search. 05-03-2012 03:17 AM
- Posted Re: Missing records when exporting to a text file on Reporting. 11-29-2011 11:37 PM
- Posted Missing records when exporting to a text file on Reporting. 11-29-2011 08:07 AM
- Tagged Missing records when exporting to a text file on Reporting. 11-29-2011 08:07 AM
- Tagged Missing records when exporting to a text file on Reporting. 11-29-2011 08:07 AM
- Tagged Missing records when exporting to a text file on Reporting. 11-29-2011 08:07 AM
- Tagged Missing records when exporting to a text file on Reporting. 11-29-2011 08:07 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
02-07-2013
03:32 AM
Hi,
It works like a charm ! I didn't know that only one stanza per port number was currently supported, I expected it to take the most specific.
I've followed the examples and I've done it like this:
transforms.conf:
[cisco_esa_parser]
REGEX = :\d\d\s+(?:\d+\s+|(?:user|daemon|local.?).\w+\s+)[?(MachineName)[\w.-]]?\s
FORMAT = sourcetype::cisco_esa
DEST_KEY = MetaData:Sourcetype
props.conf:
[source::udp:514]
TRANSFORMS-changesourcetype = cisco_esa_parser
Thanks for your help,
-- Xavier
... View more
02-05-2013
03:45 AM
Hi,
Hi, I have installed the Splunk_CiscoSecuritySuite and the Splunk_CiscoIronportEmailSecurity.
The problem is that I'm not getting any data with the sourcetype=cisco_esa, I have the following in the inputs.conf:
[udp://514] #regular syslog
disabled = false
sourcetype = syslog
connection_host = dns
[udp://192.168.1.200:514] #ironport syslog
disabled = false
host = 192.168.1.200
sourcetype = cisco_esa
connection_host = dns
However, data from host 192.168.1.200 is being indexed with the [udp://514] index and not the [udp://192.168.1.200:514].
What do I have to change to have it recorded with the sourcetype=cisco_esa?
Thanks a lot,
-- Xavier
... View more
05-03-2012
03:17 AM
Hi,
I have about 40 machines sending logs to splunk via syslog. All the machines have A and PTR registers in the DNS. However, sometimes Splunk stops logging using the machine name in the host section and logs using just the IP address.
Is there any command to merge the logs with the DNS name and the logs with the IP address? What can I do to prevent it from happening again? The DNS hasn't stop working so I can't understand the reason why it happens.
Thanks a lot,
-- Xavier
... View more
11-29-2011
11:37 PM
Hi,
Thanks for the information. I'll try to export it using the CLI commands until the 4.3 is released:
splunk search '*' -maxout 0
splunk search '*' -maxout 0 | wc -l
splunk search '*' -maxout 0 > exportfile.txt
I'll try to find out how to define the time range with theses commands.
... View more
11-29-2011
08:07 AM
Hi,
I'm using splunk 4.2.4 and performed in the GUI a search that says something easy like host="AAA" OR host="BBB". It works since I can see the records for the AAA host and the BBB host and if pickup just the BBB host I see about 40 records. However, when I export the search result to a text file using the GUI and choosing the Raw data option, there are some records missing in the text file. If there were 1000 entries regarding host AAA and 40 entries regarding host BBB I just see the 1000 from AAA and only 3 entries of host BBB.
Do you have any idea why it can be happening? It only occurs in the exported file. In the GUI I can see all the entries correctly. I'm exporting about 102.000 records.
Thanks a lot,
-- Xavi
... View more
