×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
cesca
Engager
Member since: ‎09-05-2011
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-05-2011
Activity Feed
View All

Re: CISCO_ESA

by in All Apps and Add-ons
‎02-07-2013 03:32 AM
‎02-07-2013 03:32 AM
Hi, It works like a charm ! I didn't know that only one stanza per port number was currently supported, I expected it to take the most specific. I've followed the examples and I've done it like this: transforms.conf: [cisco_esa_parser] REGEX = :\d\d\s+(?:\d+\s+|(?:user|daemon|local.?).\w+\s+)[?(MachineName)[\w.-]]?\s FORMAT = sourcetype::cisco_esa DEST_KEY = MetaData:Sourcetype props.conf: [source::udp:514] TRANSFORMS-changesourcetype = cisco_esa_parser Thanks for your help, -- Xavier ... View more

Re: Merge DNS logs and IP logs

by in Splunk Search
‎05-25-2012 03:22 AM
‎05-25-2012 03:22 AM
Hi, No answer yet? Has anyone had this problem before? ... View more

Re: Missing records when exporting to a text file

by in Reporting
‎11-29-2011 11:37 PM
‎11-29-2011 11:37 PM
Hi, Thanks for the information. I'll try to export it using the CLI commands until the 4.3 is released: splunk search '*' -maxout 0 splunk search '*' -maxout 0 | wc -l splunk search '*' -maxout 0 > exportfile.txt I'll try to find out how to define the time range with theses commands. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All