cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ssoftility
Loves-to-Learn
Member since: ‎10-27-2021
‎11-02-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-27-2021
Activity Feed
View All

Re: What are the configurations required to forwar...

by in Getting Data In
‎11-01-2021 08:10 AM
‎11-01-2021 08:10 AM
Hi  ,Please find the answers below. what architecture do you have: stand-alone or distributed? Stand-alone which kind of logs are you speaking of (wineventlog, syslog, linux, firewall, etc...)? Application logs do you want to find the word "ScanStatistics" searching in your logs or do you want to index only the logs containing this word? Yes, we want to index/forward logs which contains word "ScanStatistics". how do you ingest your logs, or you're not able to ingest logs and this is your main question?No, we use splunk forwarder to ingest logs. But here I need specific configuartions required to forward only "Scanstatistics" logs to splunk terminating all other log could you share some example of your logs? Yes 2021-10-28 01:31:47,535 - cm_scan_statistics.cm_scan_statistics - INFO - c0:a0:0d:06:5b:c7 - CmScanStatistics. CM(c0:a0:0d:06:5b:c7) fbc.status=SUCCESS 2021-10-28 01:31:47,535 - cm_scan_statistics.cm_scan_statistics - INFO - c0:a0:0d:06:5b:c7 - CmScanStatistics: updating cm(c0:a0:0d:06:5b:c7) for ['metadata.scans.success', 'metadata.scans.lastupdate', 'metadata.scans.lastevent'] In few words, I need to understand: the kind of logs you're speaking; Application logs if you need an help in searching the word in your logs or in ingesting and indexing logs. because: knowing the kind of your logs I can suggest the best way to ingest and parse your logs; if you're speaking of a search, I can hint the search to find the events that contain the above word; if you're speaking of ingesting logs, I can hint how to ingest, parse and eventually filter your logs. @gcusello ... View more

What are the configurations required to forward sp...

by in Getting Data In
‎10-29-2021 05:54 AM
‎10-29-2021 05:54 AM
What are the configurations required to forward specific log messages to Splunk. Every  log message that contains "ScanStatistics" this phrase needs to get forwarded to Splunk. Let us know what are the configurations to be done. ... View more

Filtering out HTTP/1.1 200 logs from being forward...

by in Splunk Search
‎10-27-2021 10:16 AM
‎10-27-2021 10:16 AM
Hi, We have a large amount of data in /opt/app/axtract_fe1/var/log/apache2/main_collector_access-*.log file, and we do not want HTTP 200, 204 or 401 logs. How do I filter this out from being indexed? //SAMPLE LOG 70.166.76.65 - - [27/Oct/2021:12:42:56 -0400] "POST / HTTP/1.1" 200 2949 "-" "-" R:1 Conn:- PID:12954 RD:45125 CSt:+ FT:forwarded CPE_IP:70.166.77.73, 70.166.76.65 RespTime:0/45125 70.166.76.65 - - [27/Oct/2021:12:42:56 -0400] "POST / HTTP/1.1" 204 248 "-" "-" R:1 Conn:close PID:12954 RD:40522 CSt:- FT:forwarded CPE_IP:70.166.77.73, 70.166.76.65 RespTime:0/40522 70.166.76.65 - - [27/Oct/2021:12:43:03 -0400] "POST / HTTP/1.1" 200 800 "-" "-" R:0 Conn:- PID:12945 RD:34579 CSt:+ FT:forwarded CPE_IP:70.166.77.73, 70.166.76.65 RespTime:0/34579 70.166.76.65 - - [27/Oct/2021:12:43:03 -0400] "POST / HTTP/1.1" 200 2949 "-" "-" R:1 Conn:- PID:12945 RD:43790 CSt:+ FT:forwarded CPE_IP:70.166.77.73, 70.166.76.65 RespTime:0/43790 70.166.76.65 - - [27/Oct/2021:12:43:03 -0400] "POST / HTTP/1.1" 204 248 "-" "-" R:1 Conn:close PID:12945 RD:40819 CSt:- FT:forwarded CPE_IP:70.166.77.73, 70.166.76.65 RespTime:0/40819 //Props.conf file [source::/path/to/your/access.log*] TRANSFORMS-null= setnull     ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-02-2021 11:03 AM