cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
bread555
Explorer
Member since: ‎07-31-2012
‎06-05-2020
Community Statistics
Posts 7
Solutions 0
Karma Given 7
Karma Received 3
Member Since ‎07-31-2012
Activity Feed
View All

Re: Is it possible to send Syslog data to a forwar...

by in Getting Data In
‎06-24-2014 10:56 AM
‎06-24-2014 10:56 AM
Well then. Sweet point goodness for you kind sir. ... View more

Re: Is it possible to send Syslog data to a forwar...

by in Getting Data In
‎06-24-2014 10:45 AM
1 Karma
‎06-24-2014 10:45 AM
1 Karma
Thats what I was thinking, but I was hoping there was a way to cut out the middle man of a syslog daemon. If there is no way to do this natively in Splunk I'll give you full and due karma goodness! ... View more

Is it possible to send Syslog data to a forwarder ...

by in Getting Data In
‎06-24-2014 10:15 AM
‎06-24-2014 10:15 AM
I am using Suricata IDS to send Syslog data to an indexer. However, due to some overload (and very noisy Suricata) I wanted to shift that to sending it instead to a forwarder (preferably a local forwarder). Is that possible? ... View more

Re: Temporal Input lookups?

by in Splunk Search
‎11-27-2012 12:48 PM
‎11-27-2012 12:48 PM
So, I had tried this before, and I think because I am just trying to pull back the results in splunk raw rather than correlate these offset settings wouldn't apply. One of my goals would be to do graphs/statistics on the lookup file WITHOUT injesting it or correlating it. The reason being, that lookup file will be changing frequently (and may even have data that is deleted). Thus, I don't want to injest it. ... View more

Temporal Input lookups?

by in Splunk Search
‎11-27-2012 11:03 AM
1 Karma
‎11-27-2012 11:03 AM
1 Karma
We have been able to successfully use inputlookup with lookup files we have created. However, our lookup files have timestamps that are not being picked up by splunk despite annotating it in the transforms.conf. We are not currently using automatic lookups. Here is an example of our setup: The below is our "lookup" csv file test.csv date,interesting_data 2012-11-09 09:32:34,things that occurred and then this is in our transforms.conf transforms.conf [test_lookup_file] filename = test.csv time_field = date time_format = %Y-%m-%d %H:%M:%s We can invoke the inputlookup and return all of the data,but its time is exactly when we did the search IE: |inputlookup test_lookup_file | _time returns nothing |inputlookup test_lookup_file | table date interesting_data returns all of the data in the lookup file. My assumption is that I am either A: not understanding exactly how temporal lookup files work or B: have a really stupid mistake somewhere. Any help would be greatly appreciated. Please note, that my data has been sanitized an reviewed, so any typos that exist above are my own fault and not what is currently in the system ... View more

Re: Truncate on a SplunkUniversalForwarder

by in Getting Data In
‎11-07-2012 05:29 AM
‎11-07-2012 05:29 AM
This sounds like exactly what I need. As soon as I test, I'll +1 🙂 Thanks for the quick, concise, cited, and well worded answer. ... View more

Truncate on a SplunkUniversalForwarder

by in Getting Data In
‎11-06-2012 01:13 PM
1 Karma
‎11-06-2012 01:13 PM
1 Karma
One of my sources coming from a universal forwarder needs to have have it's truncate option set to 0. I have edited the local SPLUNKHOME/etc/apps/search/default/props.conf to do this on both the source and the sourcetype to no avail. Has anyone had luck with this? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to