cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
goldone
Engager
Member since: ‎07-01-2021
‎07-02-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-01-2021
View All

Re: How to prevent new data ingestion not pushed f...

by in Getting Data In
‎07-02-2021 02:29 AM
‎07-02-2021 02:29 AM
Hi Giuseppe Thank you for your quick response. Unfortunately, customers own the hosts installed the splunk forwarders and their own config not only sit under /system/local, but also be found under /etc/apps/SplunkUniversialForwarder/local as well. Pushing an app with script may help. It needs POC. For the HEC/network input, for example, once customer has the token or port they can specify the index name and sourcetype name in the curl command before sending to endpoint, they do not have the permission to modify it on SH or IDX. Could you please advise further, thanks. ... View more

How to prevent new data ingestion not pushed from ...

by in Getting Data In
‎07-01-2021 10:43 PM
‎07-01-2021 10:43 PM
Hello, In order to protect our server performance and data quality.  I found some customers trying to on board their data by themselves, which cause a lot of operation overheads. How can I prevent for this? Does the future version of splunk have such feature? Scenario 1: Customer built their own apps installed on their own forwarders with/without new sourcetype name without parsing config and these apps not pushed from our deployment server. How can we detect and block these data instead blocking the whole forwarder? Scenario 2: For both HEC and tcp:udp input, how can we avoid customer not overwritten the index name and sourcetype name which should be used the configured on our side? If we detect the unwanted names we can drop it before going to our indexer. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-02-2021 08:34 PM