Bonjour si le maître écrase une configuration qui n'était pas dans son fichier lors d'un push Par exemple, il écrase un index qui était juste sur les indexeurs pas sur son fichier de conf. existe-t-il un moyen de trouver ces journaux? ... View more

Hello I noticed a lot of the events not the same timestamp as Splunk. Can you tell me how I can compare the date of the event and timestamp of splunk please? Best regards   ... View more

Hello, I have a problem with daktrace collector. Monitor logs Darktrace Logs Darktrace [monitor:///srv/syslogdata/darktrace/] disabled = false recursive = true index = darktrace sourcetype = darktrace:syslog whitelist = \.log$ host_segment = 4 The data arrives in Splunk However the field of extraction does not work. the conf props.conf in .../Darktrace/defaults/ in syslog is: [darktrace] pulldown_type = true KV_MODE = json category = Structured description = Darktrace JSON syslog format. SEDCMD-remove_header = s/^[^\{]+// I have an architecture with utility server, search head, cluster indexers, syslog+UF (darktrace). I need some help, please. Thank you in advance. ... View more