Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About DavidCaputo
DavidCaputo
Path Finder
Member since:
08-21-2017
07-05-2023
Community Statistics
| Posts | 13 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 08-21-2017 |
Activity Feed
- Posted Time zone config not working as expected on Getting Data In. 07-05-2023 06:07 AM
- Posted Re: Configure maxDataSize for high volume on Splunk Enterprise. 04-05-2022 11:20 PM
- Posted Re: Configure maxDataSize for high volume on Splunk Enterprise. 04-05-2022 03:34 AM
- Posted How to Configure maxDataSize for high volume? on Splunk Enterprise. 04-05-2022 03:02 AM
- Posted Re: Line breaking : problem with blank lines ? on Getting Data In. 12-18-2019 06:17 AM
- Posted Line breaking : problem with blank lines ? on Getting Data In. 12-18-2019 01:32 AM
- Tagged Line breaking : problem with blank lines ? on Getting Data In. 12-18-2019 01:32 AM
- Tagged Line breaking : problem with blank lines ? on Getting Data In. 12-18-2019 01:32 AM
- Posted Re: How to run a scheduled report with Cron config on the first monday of each month? on Reporting. 06-04-2019 10:45 PM
- Posted Re: How to run a scheduled report with Cron config on the first monday of each month? on Reporting. 06-03-2019 03:54 AM
- Posted How to run a scheduled report with Cron config on the first monday of each month? on Reporting. 06-03-2019 02:28 AM
- Tagged How to run a scheduled report with Cron config on the first monday of each month? on Reporting. 06-03-2019 02:28 AM
- Tagged How to run a scheduled report with Cron config on the first monday of each month? on Reporting. 06-03-2019 02:28 AM
- Tagged How to run a scheduled report with Cron config on the first monday of each month? on Reporting. 06-03-2019 02:28 AM
- Tagged How to run a scheduled report with Cron config on the first monday of each month? on Reporting. 06-03-2019 02:28 AM
- Posted Re: Could someone tell me if the upgrade duration depends on the volume of data ? (6 to 7 / Linux) on Installation. 01-11-2019 05:42 AM
- Posted Could someone tell me if the upgrade duration depends on the volume of data? (6 to 7 / Linux) on Installation. 01-11-2019 02:08 AM
- Tagged Could someone tell me if the upgrade duration depends on the volume of data? (6 to 7 / Linux) on Installation. 01-11-2019 02:08 AM
- Tagged Could someone tell me if the upgrade duration depends on the volume of data? (6 to 7 / Linux) on Installation. 01-11-2019 02:08 AM
- Tagged Could someone tell me if the upgrade duration depends on the volume of data? (6 to 7 / Linux) on Installation. 01-11-2019 02:08 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-05-2023
06:07 AM
Hello, I'm trying to configure an ingestion of logs that are in UTC time. We are in Geneva and timezone is Europe/Zurich (=UTC+2), so, logs are displayed with the wrong date. For example, log ingested at 14:52 today is displayed in Splunk like this : 2023-07-05 12:52:40 .. These logs are coming from a simple UF (Windows, UF version is 8.2.4). My Splunk environment is Linux (RedHat 8 / Splunk version is 9.0.4) As documented, I tried to add in a props.conf something like this : [source::D:\path\to\file.log]
TZ = Europe/Zurich First I added it in the UF configuration. No effect. Then I tried to put it on indexers. No effect. I also tried to use the sourcetype name ([my_sourcetype] ) instead of the source path or replace the Europe\Zurich value with "TZ = UTC+2"... it didn't work any better. Help would be appreciated ! Thanks David
... View more
Labels
- Labels:
-
props.conf
-
universal forwarder
04-05-2022
11:20 PM
It looks like the maxTotalDataSizeMB solve my problem. Thanks smurf David
... View more
12-18-2019
06:17 AM
Problem solved :
I declared in my props.conf [sourcetype_name ] and it seems that the problem was the space after the sourcetype name.
with [sourcetype_name], the parameters above work perfectly.
Sorry for that stupid mistake !
David
... View more
06-04-2019
10:45 PM
Thanks for your suggestion. I'm going to try this.
... View more
01-11-2019
05:42 AM
Great, good news !
Thanks a lot for your quick answer.
David
... View more
08-27-2018
02:21 AM
Thanks ansif,
I tried to use this class (I used only tabs for indentation) but it doesn't work eather...
I looked to the internal index and found this :
"08-27-2018 11:00:06.975 +0200 ERROR ExecProcessor - message from "python /data/splunk/etc/apps/rest_ta/bin/rest.py" HTTP Request error: 401 Client Error: Not Authorized"
I guess the python code you provide is correct but the problem is somewhere else...
David
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-05-2023
10:29 AM
|
