Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About gerdhuber
gerdhuber
Explorer
Member since:
02-16-2017
06-05-2020
Community Statistics
| Posts | 11 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 02-16-2017 |
Activity Feed
- Got Karma for inputs.conf is there a difference. 06-05-2020 12:48 AM
- Posted Re: Whitelist for WinEventLog does not filter with two fields EventCode and Logon_Type on Deployment Architecture. 07-31-2017 01:51 AM
- Posted Whitelist for WinEventLog does not filter with two fields EventCode and Logon_Type on Deployment Architecture. 07-31-2017 12:27 AM
- Tagged Whitelist for WinEventLog does not filter with two fields EventCode and Logon_Type on Deployment Architecture. 07-31-2017 12:27 AM
- Posted Scheduled shell-script to copy data like csv-files with splunk on Deployment Architecture. 05-17-2017 05:28 AM
- Tagged Scheduled shell-script to copy data like csv-files with splunk on Deployment Architecture. 05-17-2017 05:28 AM
- Posted Re: Need help with regex in transforms.conf to find two words in an event on Splunk Search. 03-23-2017 11:33 PM
- Posted Need help with regex in transforms.conf to find two words in an event on Splunk Search. 03-23-2017 12:53 AM
- Tagged Need help with regex in transforms.conf to find two words in an event on Splunk Search. 03-23-2017 12:53 AM
- Tagged Need help with regex in transforms.conf to find two words in an event on Splunk Search. 03-23-2017 12:53 AM
- Posted Re: Set the default Dashboard to Splunk-Standard on Dashboards & Visualizations. 03-13-2017 12:22 AM
- Posted Re: Set the default Dashboard to Splunk-Standard on Dashboards & Visualizations. 03-10-2017 12:42 AM
- Posted Set the default Dashboard to Splunk-Standard on Dashboards & Visualizations. 03-09-2017 10:01 PM
- Tagged Set the default Dashboard to Splunk-Standard on Dashboards & Visualizations. 03-09-2017 10:01 PM
- Posted Re: inputs.conf is there a difference on Splunk Enterprise. 02-20-2017 02:18 AM
- Posted Re: inputs.conf is there a difference on Splunk Enterprise. 02-17-2017 01:01 AM
- Posted inputs.conf is there a difference on Splunk Enterprise. 02-16-2017 05:00 AM
- Tagged inputs.conf is there a difference on Splunk Enterprise. 02-16-2017 05:00 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 |
07-31-2017
01:51 AM
This works for me:
whitelist1 = EventCode=%^(4624)$% Message="Logon\sType:\t+10"
whitelist2 = EventCode=%^(4625|4647|4720|4722|4724|4725|4726|4738|4781)$%
... View more
07-31-2017
12:27 AM
Hallo,
i need help for this stanza. I want only Events for "EventCode=4624 and Logon_Type=10" .
Whitelist2 works fine.
[WinEventLog://Security]
disabled = false
start_from = oldest
evt_resolve_ad_obj = 0
checkpointInterval = 5
whitelist1 = EventCode=%^(4624)$% Logon_Type=%^10$%
whitelist2 = EventCode=%^(4625|4647|4720|4722|4724|4725|4726|4738|4781)$%
index = infrastrukturlog_windows
Thank you
Gerd
... View more
- Tags:
- splunk-enterprise
05-17-2017
05:28 AM
Hallo,
i want to execute daily a shell-script, that copys data to the csv-dir from Splunk.
Is it a good way to do this with splunk, or should i use therefore linux-cron.
please send me the necessary file to do this, thank you
Regards Gerd
... View more
- Tags:
- splunk-cloud
03-23-2017
12:53 AM
Hallo,
i have to filter the following literals in an event and i am new in regex:
user:info
ifconfig
both literals must be in that event.
this don't works:
^.?\buser:info\b.?\bifconfig\b.*?$
Thank you for helping
Gerd
... View more
- Tags:
- props.conf
- regex
03-13-2017
12:22 AM
i have choose there a dashboard, but i want to reset my choose to this default. I can't to this on the UI.
... View more
03-10-2017
12:42 AM
thanks for answering.
But i want to get the following default-page again.
... View more
03-09-2017
10:01 PM
Hallo
i have set on "app/launcher/home" a Default-Dashboard. Now i want to reset this page to the Splunk-Standard.
In the DropDown i can't choose this empty Page.
Where can i reset this ?
Thanks in advance.
... View more
- Tags:
- splunk-enterprise
02-16-2017
05:00 AM
1 Karma
Hallo,
i only want to monitor files in the directory pkorb and not files in subdirectory pkorb/oldlogs
What is the right monitor ?
[monitor:///var/log/pkorb]
[monitor:///var/log/pkorb/]
or any other ?
... View more
- Tags:
- splunk-enterprise
