Hey, Thanks for your awnser, I'll try to be as clearest as possible. We have data who are incomming from 2 differents index (microsoft exchange, and postfix(smtp)) and we need to generate a text with somes extracted fields from these index. For example, a search who find phishing mail will return only mail addresses, subject and co... We need to include this mail address and subject on a simple text. For now, the search work, but we need to include our results in a text to warn our user by mail. I hope it's clear for you. Best regards.
... View more
In a dashboard we have a form with two inputs (email & subject). We are looking for generate a text in this dashboard who including result from search.
For example a simple search :
index=myindex src=$email$ message_subject=$msg_sub$ | stats count(recipients) by src
this search will be used to generate a text in a dashboard :
" Sed et eros bibendum, fermentum nibh volutpat, convallis lorem. Nunc in dignissim lacus. Integer sodales tristique ultricies. In porta condimentum neque eget gravida. Sed magna dolor, laoreet non tortor sed, feugiat varius lacus. Donec semper hendrerit orci ac sodales. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Etiam mollis id augue non laoreet.
Etiam porttitor magna $email$ suscipit tortor luctus dignissim $msg_sub$
Morbi sit amet neque ipsum. Nam rhoncus dui nec neque bibendum commodo. Maecenas consequat imperdiet nisl a accumsan. Aenean pellentesque, justo sed elementum porta, nisl sem suscipit leo, quis consequat sapien velit et mi. Vivamus varius auctor risus, elementum pharetra nisl malesuada ut. Duis malesuada sollicitudin dignissim. In lacinia sagittis urna quis sollicitudin. Pellentesque a enim ultricies, blandit dui sit amet, tincidunt est."
A function/method exist to do that ?
Thanks for your help.
... View more
I know this topic isn't the first here, but I have some problem to get a good anwser for this specific problem.
In fact, we have a syslog server who collecting data from devices and we need to forward it to our Splunk server.
In our case syslog server running on syslog-ng and about our splunk server, we have only one server used to indexes and search.
My question is to know what is the best practices to forward data from our syslog-ng server to our splunk instance ?
For now, our syslog forward it directly over udp:514 but we have some problem with that (if splunk restart we loose some data and every-data are indexed in a unique index).
we need to know if its better to install an Universal forwarder on the syslog-ng to forward or install syslog-ng to our splunk instance and then monitor files sent by our syslog server over udp:514 ?
Thks for your help.
... View more