cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
grodaas
Explorer
Member since: ‎07-31-2012
‎09-03-2021
Community Statistics
Posts 6
Solutions 0
Karma Given 3
Karma Received 2
Member Since ‎07-31-2012
Activity Feed
View All

Re: Splunk UBA and support for windows event log i...

by in Splunk User Behavior Analytics
‎09-03-2021 06:22 AM
‎09-03-2021 06:22 AM
I will try the xml solution and report back ... View more

Splunk UBA and support for windows event log in na...

by in Splunk User Behavior Analytics
‎06-24-2021 12:08 AM
‎06-24-2021 12:08 AM
Does the "Windows Event Log(Multiline)"  data source in UBA support event logs in native language(non English). For example Norwegian? If it is not supported how can we add this data to UBA?   ... View more
Labels

Re: Using CIDR in a lookup table

by in Splunk Search
‎09-03-2012 07:14 AM
‎09-03-2012 07:14 AM
Is it possible to add the "checkip" lookups from a web search? something like: index="html" | lookup ipcheck .... ... View more

Re: keep original sourcetype in summary index

by in Getting Data In
‎09-03-2012 01:21 AM
‎09-03-2012 01:21 AM
This does not seem to work for me. No matter what I do I can't get the Splunk to use the orgin sourcetype when reading from the summary index. This is the command that is stored in Manager » Searches and reports » View Recent » "latest" : index="pdns" | search "google" | eval orig_sourcetype=sourcetype | summaryindex spool=t uselb=t addtime=t index="testalarms" file="google_645699260.stash_new" name="google" marker="" I have also tried updating props.conf: [source::/opt/splunk/var/spool/splunk/*] sourcetype = pdns2 or [stash] sourcetype = pdns2 priority = 101 ... View more

index time field extraction

by in Getting Data In
‎08-30-2012 12:55 AM
2 Karma
‎08-30-2012 12:55 AM
2 Karma
When I do index time field extraction will Splunk create a new separate index for the values in the extracted field ( For example a B-tree index) or will Splunk add key=value pairs as keywords to the existing full-text indexes found in the *.tsidx files? ... View more

How to keep original sourcetype in summary index?

by in Getting Data In
‎08-28-2012 06:28 AM
‎08-28-2012 06:28 AM
I have multiple scheduled searches that run on large indexes and save the results to a summary index. There is no aggregation in the searches, only filtering. An example search would be something like "index=http google.com". My problem is that when I save the search to the summary index the sourcetype is changed to "stash". I would like to keep the old sourcetype. Is there a way to tell Splunk to keep the original sourcetype? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-03-2021 09:43 AM
Karma from
View All
Karma given to