×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
d3
Explorer
Member since: ‎12-08-2011
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 7
Member Since ‎12-08-2011
Activity Feed
Topics I've Started
No posts to display.
View All

Re: scrub IP only

by in Splunk Search
‎03-07-2023 03:41 AM
‎03-07-2023 03:41 AM
After lots of reading and too many attempts.  Renaming the fields is the best option, IMO.  Example below is where src is the IP address.  This is undocumented. | rename * AS _* | rename _src AS src | scrub | rename _* AS * (It would be nice if scrub took a field listing as an option.  It appears you can do this through config files, but getting that done on splunkcloud would be $#%^py.  Please upvote the idea.) ... View more

Re: Duplicate GUIDs for cloned forwarders - how to...

by in Deployment Architecture
‎10-12-2022 03:01 AM
‎10-12-2022 03:01 AM
I am facing similar issue these days with many Servers as Splunk forwarder was installed on Template Server . I was not able to find guid in server.conf however there is surely an instance.cfg . What do you all recommend . Should I try below command OR just remove the instance.cfg file .However those cloned serves are getting wrong host name as well so I need to remove two things . $SPLUNK_HOME/bin/splunk clone-prep-clear-config   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from