×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
kst
Explorer
Member since: ‎04-20-2011
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎04-20-2011
View All

Re: DateParserVerbose - timestamp match is outside...

by in Getting Data In
‎06-02-2020 02:18 PM
‎06-02-2020 02:18 PM
I have been battling this for weeks. With the help of this post, I finally discovered that the log files received from a vendor do not have a modification time and a simple "touch $FILE" on Linux enables a nice clean ingest and timestamp parsing. Woohoo! THANKS! ... View more

Re: How do I block one forwarder from sending?

by in Getting Data In
‎11-21-2013 11:08 AM
3 Karma
‎11-21-2013 11:08 AM
3 Karma
Splunk should have a configurable way to do this at the indexer level. A rogue forwarder can easily take out an indexer by sending crap data or large volumes of data. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM
Karma from
View All