×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
SAF_IT
Engager
Member since: ‎12-30-2016
‎01-03-2024
Community Statistics
Posts 6
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎12-30-2016
Activity Feed
Topics I've Started
No posts to display.
View All

Re: How to edit inputs.conf to prevent WinNetMon f...

by in Getting Data In
‎01-04-2017 11:26 AM
‎01-04-2017 11:26 AM
I found that I could add protocol = tcp;udp to the inbound and outbound WinNetMon stanzas in inputs.conf file on the UF. That stopped the ICMP traffic, which helps. ... View more

Re: How to edit inputs.conf to prevent WinNetMon f...

by in Getting Data In
‎01-04-2017 11:05 AM
‎01-04-2017 11:05 AM
I found that I could add protocol = tcp;udp to the inbound and outbound WinNetMon stanzas in inputs.conf file on the UF. That stopped the ICMP traffic, which helps. ... View more

Re: How to edit inputs.conf to prevent WinNetMon f...

by in Getting Data In
‎01-04-2017 10:09 AM
‎01-04-2017 10:09 AM
I'm wrestling with this as well. The WinNetMon traffic generates the largest number of events. Is there a way to write a RegEx to exclude processes, like ICMP which generates a lot of traffic? ... View more

Re: Is there any online regex tool to create regul...

by in Splunk Search
‎12-30-2016 04:05 PM
‎12-30-2016 04:05 PM
The other sites were great for testing, but this one builds a RegEx from your Index data. Very helpful, thanks! ... View more

Re: Filtering windows security event logs with Reg...

by in Splunk Search
‎12-30-2016 10:42 AM
‎12-30-2016 10:42 AM
Does this break when you render your events in XML format? That seems to have happened to me. Any thoughts on how to fix it, besides changing back? ... View more

Re: How to edit inputs.conf to prevent WinNetMon f...

by in Getting Data In
‎12-30-2016 10:38 AM
‎12-30-2016 10:38 AM
I am trying to figure this out too. Can someone provide some examples from the inputs.conf file? Using multikv mode seems to break the Splunk Microsoft Windows App. for network monitoring. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-03-2024 02:23 PM
Karma given to
View All