Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About amit2301
amit2301
New Member
Member since:
08-28-2017
06-05-2020
Community Statistics
| Posts | 4 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 08-28-2017 |
Activity Feed
- Posted How can I filter events before they are indexed so they aren't indexed? on Getting Data In. 09-26-2017 06:16 AM
- Tagged How can I filter events before they are indexed so they aren't indexed? on Getting Data In. 09-26-2017 06:16 AM
- Tagged How can I filter events before they are indexed so they aren't indexed? on Getting Data In. 09-26-2017 06:16 AM
- Tagged How can I filter events before they are indexed so they aren't indexed? on Getting Data In. 09-26-2017 06:16 AM
- Tagged How can I filter events before they are indexed so they aren't indexed? on Getting Data In. 09-26-2017 06:16 AM
- Tagged How can I filter events before they are indexed so they aren't indexed? on Getting Data In. 09-26-2017 06:16 AM
- Posted Re: How do i exclude some events from being indexed by Splunk? on Getting Data In. 09-26-2017 02:05 AM
- Posted Re: filter events on indexer on Splunk Search. 09-26-2017 12:41 AM
- Posted I have 100 alerts configured with certain condition, I have to change the condition but don't want to go to every alert and change the condition instead change in 1 place and it should change in all the places on Getting Data In. 08-28-2017 02:51 AM
- Tagged I have 100 alerts configured with certain condition, I have to change the condition but don't want to go to every alert and change the condition instead change in 1 place and it should change in all the places on Getting Data In. 08-28-2017 02:51 AM
- Tagged I have 100 alerts configured with certain condition, I have to change the condition but don't want to go to every alert and change the condition instead change in 1 place and it should change in all the places on Getting Data In. 08-28-2017 02:51 AM
Topics I've Started
09-26-2017
06:16 AM
I tried this solution but no success.
I am trying to filter data from being indexed.I need only the Error events
In props conf:
[source:://C:\Windows\System32\winevt\Logs]
Transforms must be applied in this order
to make sure events are dropped on the
floor prior to making their way to the
index processor
TRANSFORMS-set = setnull, setparsing
In transforms.conf:
[setnull]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue
[setparsing]
REGEX = Error
DEST_KEY = queue
FORMAT = indexQueue
... View more
09-26-2017
02:05 AM
I tried this solution but no success.
I am trying to filter data from being indexed.I need only the Error events
In props conf:
[source:://C:\Windows\System32\winevt\Logs]
Transforms must be applied in this order
to make sure events are dropped on the
floor prior to making their way to the
index processor
TRANSFORMS-set = setnull, setparsing
In transforms.conf:
[setnull]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue
[setparsing]
REGEX = Error
DEST_KEY = queue
FORMAT = indexQueue
... View more
09-26-2017
12:41 AM
Hi ,
I am trying to nullify the windows event log which are of "type=Information" and i want only the events having errors and warnings.
i am not able to achieve kindly help .
I am using below:
props.conf
[WinEventLog:Application]
TRANSFORMS-set= setnull
transforms.conf
[setnull]
REGEX = "Type=Information"
DEST_KEY = queue
FORMAT = nullQueue
... View more
08-28-2017
02:51 AM
I have 100 alerts configured with certain condition, I have to change the condition but don't want to go to every alert and change the condition instead change in 1 place and it should change in all the places
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
