×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ashurack_qmulos
Explorer
Member since: ‎10-23-2023
‎04-04-2024
Community Statistics
Posts 4
Solutions 1
Karma Given 1
Karma Received 1
Member Since ‎10-23-2023
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Blacklists

by in Getting Data In
‎04-04-2024 07:15 AM
‎04-04-2024 07:15 AM
Yup, that would work too. Sysmon - Configuration Files  Sysmon - Event Filtering  ... View more

Re: Blacklists

by in Getting Data In
‎04-04-2024 06:05 AM
‎04-04-2024 06:05 AM
Is renderXml = 1 set on the input for working and non-working? And any chance what you have working locally includes delimiters around the regex?  Ex...  blacklist1 = $XmlRegex="(C:\\Program Files\\Preton\\PretonSaver\\PretonService.exe)" inputs.conf - Splunk Documentation * key=regex format: [...] * The regex consists of a leading delimiter, the regex expression, and a trailing delimiter. Examples: %regex%, *regex*, "regex" [...]   ... View more

Re: Event Breaking events Zscaler

by in Getting Data In
‎04-03-2024 07:31 AM
‎04-03-2024 07:31 AM
Setting supportOctetCountedFraming="off" on the input fixes newlines being encoded to #012.   ... View more

Re: Event Breaking events Zscaler

by in Getting Data In
‎04-03-2024 06:02 AM
1 Karma
‎04-03-2024 06:02 AM
1 Karma
I'm by no means an rsyslog guru but ran into it recently.  There may be a better way to solve this but the quick fix was to turn off both supportOctetCountedFraming (input) and escapeControlCharacterTab (global).   $EscapeControlCharacterTab off [...other config...] input(type="imtcp" port="<port>" name="<name>" ruleset="<ruleset>" supportOctetCountedFraming="off")     ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-04-2024 04:16 PM
Karma from
View All
Karma given to
View All