×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Gil
Explorer
Member since: ‎06-05-2023
‎02-25-2025
Community Statistics
Posts 14
Solutions 0
Karma Given 5
Karma Received 0
Member Since ‎06-05-2023
Activity Feed
View All

Re: Creating new role to edit dashboards

by in Dashboards & Visualizations
‎02-25-2025 06:24 AM
‎02-25-2025 06:24 AM
i tried to avoid give them the write permission to that app. so it will probably work but wont answer all my desires. ... View more

Re: Creating new role to edit dashboards

by in Dashboards & Visualizations
‎02-25-2025 06:21 AM
‎02-25-2025 06:21 AM
i see what you say, but it does not help me with the fact that those users cannot change their dashboards to public. ... View more

Creating new role to edit dashboards

by in Dashboards & Visualizations
‎02-25-2025 05:21 AM
‎02-25-2025 05:21 AM
Hi there, I'm trying to create a new role that can give permission to some users (who has the basic inheritance role) to edit other dashboards and make their own dashboards public. I tried various ways to solve it without reach any success, like adding specific capabilities.   any help?! ... View more

Re: inputs.conf - configure "source"

by in Getting Data In
‎09-24-2024 02:30 AM
‎09-24-2024 02:30 AM
i tried transforms and props yesterday and it didnt work, but what is "EXTRACT or REPORT" you mention. ... View more

Re: inputs.conf - configure "source"

by in Getting Data In
‎09-23-2024 10:46 PM
‎09-23-2024 10:46 PM
I'll probably make a meta field as you suggested, I didn't  wanted to do it at the start but it seems the only way. ... View more

Re: inputs.conf - configure "source"

by in Getting Data In
‎09-23-2024 07:54 AM
‎09-23-2024 07:54 AM
tried those 2 option already with no good results. thank you. ... View more

inputs.conf - configure "source"

by in Getting Data In
‎09-23-2024 06:01 AM
‎09-23-2024 06:01 AM
Hi all, i have a monitor stanza in inputs.conf  that monitor our organization proxy, the logs are sent by syslog-ng i have only one stanza that monitor 4 diff sources IP's from that proxy. i want to configure diff "source" to each source ip's without seeing in the value (under the source field) the name of the log. lets say the monitor path is (in the deployment server): $SPLUNK_HOME/syslog/proxy/*/*.log in the source field i will see: $SPLUNK_HOME/syslog/proxy/<proxy_source_a|b|c|d>/<proxy_date_and_time>.log i want the source to stop at proxy_source_a|b|c|d, example: $SPLUNK_HOME/syslog/proxy/<proxy_source_a|b|c|d>/ is that possible?   ... View more

Re: WEF .conf files

by in Getting Data In
‎07-25-2024 03:19 AM
‎07-25-2024 03:19 AM
you didn't say to drop the "g" at the end. of course your suggestion helped but not fully. ... View more

Re: WEF .conf files

by in Getting Data In
‎07-23-2024 10:16 PM
‎07-23-2024 10:16 PM
as mention we drop one of the "s/" and also the "g" at the end: SEDCMD-CLean_powershell_800 = s/\n\s+Context Information\:.*([\r\n]+.*){0,500}// SEDCMD-CLean_powershell_4103 = s/\s+Context\:.*([\r\n]+.*){0,500}// ... View more

Re: WEF .conf files

by in Getting Data In
‎07-23-2024 06:47 AM
‎07-23-2024 06:47 AM
we found something else that helped us. but thanks for your help! ... View more

Re: WEF .conf files

by in Getting Data In
‎07-23-2024 02:18 AM
‎07-23-2024 02:18 AM
your suggestion didn't help unfortunately , this is an example for a log, I need to cut all the data after "Context Information" (include) attachment is added.     ... View more

WEF .conf files

by in Getting Data In
‎07-21-2024 02:08 AM
‎07-21-2024 02:08 AM
Hi, in our organization we use wef to monitor windows. we configure an inputs.conf for monitoring from the Event viewer. the powershell events (mainly event code 800 and 4103) logs received too long and we want to cut duplicated data. we tried various test with props.conf and transforms.conf and nothing works, here some of our stanzas we tried in props.conf [source::"XmlWinEventLog:Windows PowerShell"] SEDCMD-CLean_powershell_800 = s/s/\n\s+Context\sInformation\:.*([\r\n]+.*){0,500}////g SEDCMD-CLean_powershell_4103 = s/s/\s+Context\:.*([\r\n]+.*){0,500}////g [source::XmlWinEventLog:Microsoft-Windows-PowerShell/Operational] SEDCMD-CLean_powershell_800 = s/s/\n\s+Context\sInformation\:.*([\r\n]+.*){0,500}////g SEDCMD-CLean_powershell_4103 = s/s/\s+Context\:.*([\r\n]+.*){0,500}////g [WinEventLog://Microsoft-Windows-PowerShell/Operational] SEDCMD-CLean_powershell_800 = s/s/\n\s+Context\sInformation\:.*([\r\n]+.*){0,500}////g SEDCMD-CLean_powershell_4103 = s/s/\s+Context\:.*([\r\n]+.*){0,500}////g   also i wanted to make sure the inputs.conf stanza for powershell is correctly when i used : renderXml = true over: wec_event_format = rendered_event ... View more

Re: Issue with receiving data

by in Getting Data In
‎06-09-2024 09:26 PM
‎06-09-2024 09:26 PM
Thank you for your help. ... View more

Issue with receiving data

by in Getting Data In
‎06-05-2024 05:39 AM
‎06-05-2024 05:39 AM
hello, I have a problem that I'm not receiving data to some of my indexes when it is related to monitoring.  for the monitor I created an app in the server I pull the data from, it worked for a while and now it stopped. the stanza of the inputs.conf looks like that: [monitor://\\<my_server_ip>\<folder>\*.csv] index=<my_index> disabled = 0 ignoreOlderThan = 2d sourcetype = csv source=<source_name>   it happens in 2 indexes of mine that have the same stanza structure. I checked the connection from my server to the monitor path and it was ok. I checked the _internal index for errors with no results. I opened wireshark no see any connections error which i didn't found any errors.   any ideas? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-25-2025 09:02 AM
Karma given to