cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
GaetanVP
Explorer
Member since: ‎01-29-2021
yesterday
Community Statistics
Posts 7
Solutions 0
Karma Given 55
Karma Received 0
Member Since ‎01-29-2021
Activity Feed
View All

Re: Configure different index time transformations...

by in Getting Data In
Tuesday
Tuesday
Hello  PickleRick, thanks for the answer! I followed your instructions and it does the job!  Thanks again ... View more

Re: Configure different index time transformations...

by in Getting Data In
Monday
Monday
Hello Azeemering,  thanks for your answer! The thing is I need to be sure that the events that leave the HF are already anonymized for compliance reason. And I don't have access to the indexer pool n°2. Regarding SEDCMD or regular expression is equivalent if I'm not mistaken. ... View more

Configure different index time transformations for...

by in Getting Data In
Monday
Monday
Hello Splunker, I'm currently working on a new use case and need some helps  I'm working on a HF receiving Microsoft Cloud Logs (with https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices) and I would like to forwards those logs to two differents TCP output (Splunk indexers), one with some fields anonymized, and the other without any index time transformation. Here is a schema to help you understand my problem : My thoughts : I currently have a inputs.conf configured on my HF to receive the logs from MS Cloud (with sourcetype set to mscs:azure:eventhub, I think it's compulsory to keep this sourcetype) Then I created props.conf & transforms.conf but should I put two TRANSFORMS-<class> in order to have two differents transforms depending on the destination ? My props.conf : [mscs:azure:eventhub] TRANSFORMS-anonymize = user-anonymizer My transforms.conf : [user-anonymizer] REGEX = ^(.*?)"\[{\\"UserName\\":[^,]*(.*) FORMAT = $1"###"$2 DEST_KEY = _raw Thanks a lot, Gaétan ... View more

Vmware Indexers | How do I increase the size of th...

by in Getting Data In
‎03-29-2022 02:40 AM
‎03-29-2022 02:40 AM
Hello Splunk commu! I am using Indexers as Virtual Machine in VMWare, and I would like to increase the size of the drive where my logs are indexed.  I am using lvm and I would like to know if there are some best practices to follow before extending the drive size on VMware side. Do I need to stop Splunk on the indexers before increasing the drive size ? What are the potential risks during this operation ?  Thanks a lot for your help!  ... View more
Labels

Re: Splunk 8 installation - Ubuntu default python ...

by in Splunk Search
‎08-17-2021 02:25 PM
‎08-17-2021 02:25 PM
Thanks for you reply, that helped me to find the root cause. I used the tarball but I also added a line in my .bashrc file to add /opt/splunk/bin to my path (I just wanted the Splunk bin to be easier accessible) But with that it also include the python bins that are located in that folder... Makes sense Thanks again 🙂   ... View more

Splunk 8 installation - Ubuntu default python used

by in Splunk Search
‎08-17-2021 01:13 PM
‎08-17-2021 01:13 PM
Hello everyone, When I install Splunk enterprise on my personal Ubuntu machine, it directly changed the default python bin. It means that after the install when I type :    which python   It will return a bin located in /opt/splunk/bin/python, which is not the default python I want for my system. I'm having trouble to find information about what is done during the install and how to change this behavior... Thanks a lot for your help!  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
yesterday
Karma given to