×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
leiniao
Explorer
Member since: ‎11-15-2011
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎11-15-2011
Activity Feed
View All

Pre-index filtering

by in Getting Data In
‎01-18-2012 12:25 AM
1 Karma
‎01-18-2012 12:25 AM
1 Karma
Requirment Drop events before they get sent to the splunk indexer. Want to just send the lines with "Authentication_failed" on the file to the indexer. Information Using heavy forwarder and on 4.2.4 input.conf c:\splunk\etc\system\local\iputs.conf [monitor://c:\Programs Files\WebProxyLogs] sourcetype=WebProxy props.conf c:\splunk\etc\system\local\props.conf [source:://c:\Programs Files\WebProxyLogs] TRANSFORMS-set=setnull,setparsing transforms.conf c:\splunk\etc\system\local\transforms.conf [setnull] REGEX = DEST_KEY = queue FORMAT = nullQueue [setparsing] REGEX = \[Authentication_failed\] DEST_KEY = queue FORMAT = indexQueue Result Unable to index the logs Problem In need of guidance on how to solve this problem. ... View more

Re: splunk index logs from network drive

by in Getting Data In
‎11-29-2011 10:41 PM
‎11-29-2011 10:41 PM
following ur method i am able to index the logs now. thks alot. ... View more

splunk index logs from network drive

by in Getting Data In
‎11-29-2011 06:14 PM
‎11-29-2011 06:14 PM
i wish to index all the log files in the network drive Y but i am getting the error msg - In handler'monitor':Parameter name:Path does not exist Manager -> Data Inputs -> Add Data -> From files and Directories -> continuously index data from a file or directory this splunk instance can access full path to your data : Y:\ i am getting the error msg - In handler'monitor':Parameter name:Path does not exist full path to your data : $Y:\ i am getting the error msg - In handler'monitor':Parameter name:Path must be absolute how to index data from the network drive? ... View more

Re: Search - Fields function

by in Splunk Search
‎11-28-2011 12:42 AM
‎11-28-2011 12:42 AM
Thank it really help alots. ... View more

Search - Fields function

by in Splunk Search
‎11-27-2011 11:46 PM
‎11-27-2011 11:46 PM
Hello, I want to display only the specify field(s) of the logs in the results display. Using: *|fields + ProductName Instead of displaying only the ProductName field, splunk display me with the whole log. Is there something wrong with the search string i key in? or i grip the concept of fields function wrongly? Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All