Hi @vijaysri , I have given a sample config below. You can try like that. props.conf [mentionsourcetype] TRANSFORMS-acctmasking = mask-acctcode Transforms.conf [mask-acctcode] REGEX = (.* DetectedValues{}.Value =\d+).* DEST_KEY = _raw FORMAT = $1-XXXX ... View more

The config only helps to process multiple events at a time and send logs in a real time without much delay. If any use cases are configured to monitor those events . Then you can monitor the logs in real time. ... View more

Hi @PickleRick , In order to process the events faster you can try increasing the pipeline in the UF. But this will consume more resources from the UF server end. cd %SPLUNK_HOME%\etc\system\local [general] parallelIngestionPipelines = 2 https://docs.splunk.com/Documentation/Forwarder/8.2.3/Forwarder/Configureaforwardertohandlemultiplepipelinesets     ... View more

Hi @Prakash23, You can remove the data from summary index using delete command. Add the | delete command to the end of the search string and run it again - for example:  index=summary "exception message logs" | delete Note: To use a delete command you should have a additional capability to your role like "can_delete" . The delete command will not remove data from the index. But the data is not searchable. Instead Identify the reports which are sending duplicate logs to summary index. And use the dedup command to control it. If this answer helps you then upvote it. ... View more

Hi @johan, I have observed few things after installing and testing the Splunk Add-on for BMC Remedy  with ITSI. Below is the list of my findings.​ ​The TA can be installed and used for Ticket creation and all the functionalities are working fine. The Assignee group will be taken by default by the Splunk TA. No control over the assignee group.​ It is because the Splunk TA WSDL Action(parameter) is using as PROCESS_EVENT for ticket creation. Whereas it supposed to be used Action as CREAT_INCIDENT for ticket creation.​ The CI information is not processing by TA correctly. So, we can't control the Assignee group.​ In order to proceed, you need to create the Custom Addon by using Splunk Add-on builder. Create a Separate WSDL and username and password in order to access Remedy. And develop a script to Pass the payload in XML format to remedy. Before passing the payload test the payload in the SOAP UI.   ... View more

Hi @Noorzai , There is no other way to download ITSI. Try contacting the sales option. ... View more

Hi @Azeemering , In the new Azure Addon version, the interface and settings have been changed. So if you are trying with the old local config like Passwords.conf&ta_ms_aad_settings.conf it will not work in the new version. Try to do a fresh config and erase all the old configs. ... View more

Hi @anandhalagaras1 ,   What was your previous Splunk version? ... View more

Hi @anandhalagaras1 , Yes remove the Splunkforwarder package and keep only the Splunk package. In Linux, any Splunk command should run  with (./) as a prefix. Whereas in windows you can run the Splunk commands without  (./) as a prefix. ... View more

Hi @mnagpal87,   The fundamentals 1 course validity for only 30 days.After that the course will be expired and you cant access the course modules. ... View more