Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Anto
Anto
Explorer
Member since:
11-30-2020
02-17-2021
Community Statistics
| Posts | 7 |
| Solutions | 1 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 11-30-2020 |
Activity Feed
- Got Karma for Re: Forward logs to third party and no duplicates in splunk. 02-18-2021 05:42 AM
- Posted Re: Forward logs to third party and no duplicates in splunk on Getting Data In. 02-17-2021 09:21 AM
- Posted Re: Forward logs to third party and no duplicates in splunk on Getting Data In. 02-17-2021 05:09 AM
- Posted Re: Forward logs to third party and no duplicates in splunk on Getting Data In. 02-16-2021 11:29 AM
- Posted Forward logs to third party and no duplicates in splunk on Getting Data In. 02-16-2021 10:48 AM
- Tagged Forward logs to third party and no duplicates in splunk on Getting Data In. 02-16-2021 10:48 AM
- Tagged Forward logs to third party and no duplicates in splunk on Getting Data In. 02-16-2021 10:48 AM
- Tagged Forward logs to third party and no duplicates in splunk on Getting Data In. 02-16-2021 10:48 AM
- Tagged Forward logs to third party and no duplicates in splunk on Getting Data In. 02-16-2021 10:48 AM
- Tagged Forward logs to third party and no duplicates in splunk on Getting Data In. 02-16-2021 10:48 AM
- Posted Normalize feed before indexing on Getting Data In. 01-25-2021 01:35 AM
- Tagged Normalize feed before indexing on Getting Data In. 01-25-2021 01:35 AM
- Tagged Normalize feed before indexing on Getting Data In. 01-25-2021 01:35 AM
- Tagged Normalize feed before indexing on Getting Data In. 01-25-2021 01:35 AM
- Tagged Normalize feed before indexing on Getting Data In. 01-25-2021 01:35 AM
- Tagged Normalize feed before indexing on Getting Data In. 01-25-2021 01:35 AM
- Posted Re: Same ip address in different host on Splunk Search. 12-01-2020 01:23 AM
- Karma Re: Same ip address in different host for richgalloway. 12-01-2020 01:13 AM
- Posted Same ip address in different host on Splunk Search. 11-30-2020 10:33 AM
- Tagged Same ip address in different host on Splunk Search. 11-30-2020 10:33 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
02-17-2021
09:21 AM
1 Karma
I find out the solution. In the transform.conf just replace DEST_KEY as follow: [not_send_to_syslog] REGEX = MY REGEX DEST_KEY =_TCP_ROUTING FORMAT =nullQueue All done now. thanks to all
... View more
02-17-2021
05:09 AM
Thank you for your answer but it didn't help. Logs aren't forwarded to syslog and they entered in nullqueue so i don't saw them also in splunk. Any other ideas?
... View more
02-16-2021
11:29 AM
Because i don't need them for the analysis in Splunk but i want to preserve the logs without exceed my license just for 2 GB. So you are telling me that this isn't possible to do directly from splunk? Thank you for your reply, i want just to understand
... View more
02-16-2021
10:48 AM
I want to forward logs to third party system (syslog) without index these data into splunk but i can't accomplish it, help. On my heavy forwarder i set up outputs.conf, transforms.conf, props.conf as follow: outuputs.conf [syslog:my_syslog_group] server = <IP>:PORT transforms.conf [send_to_syslog] REGEX = MY REGEX DEST_KEY = _SYSLOG_ROUTING FORMAT = my_syslog_group [not_send_to_syslog] REGEX = MY REGEX DEST_KEY =queue FORMAT =nullQueue props.conf [source::MY_SOURCE] TRANSFORMS-t0=send_to_syslog,not_send_to_syslog In this way logs don't forward to my syslog, they will be just deleted and not indexed. Removing [not_send_to_syslog] from props and transforms data will be indexed on splunk and also forwarded to syslog. How can i achieve my problem, sending data to syslog and not indexing them on splunk? Thanks in advantage to those who will help me.
... View more
Labels
01-25-2021
01:35 AM
Is possible to rename values of feeds? i am going to explain it better: I have open source feeds but some values of them are written in different form, for example, i am going to group all malware names under the same field but i have this trouble: Malware Name NjRat command & control NjRat Njrat NJraat Njratt c&c Is possible to modify them at indexing time under the same name NjRat so when i am going to analyze it i have no problem and they are all grouped? Thanks in advance
... View more
Labels
- Labels:
-
index
-
scripted input
-
source
11-30-2020
10:33 AM
I want to catch from my index=ip the field value ip_address in common in one or more hosts. I want to get something like this: This IP ADDRESS is in common with 3 host and so have a list or a chart where i can see all the ip address in common in the hosts. Don't know how to get it, thank you in advantage.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-17-2021
12:43 PM
|
