Activity Feed
- Karma Is there a timeline for the Timewrap app to be supported for Splunk 6.2? for stu2. 06-05-2020 12:47 AM
- Got Karma for Re: Splunk Add-on for Cisco IPS: Why am I getting this error message trying to add a new Cisco IPS Sensor?. 06-05-2020 12:47 AM
- Karma Splunk Add-on for PowerShell for Splunk for SQL App - where do I install it? for davidts. 06-05-2020 12:46 AM
- Karma Re: Splunk Add-on for PowerShell for Splunk for SQL App - where do I install it? for ahall_splunk. 06-05-2020 12:46 AM
- Karma Re: EMail and LDAP for dwaddle. 06-05-2020 12:46 AM
- Karma Re: cisco firewall add on data in index but no data in dashboard for ShaneNewman. 06-05-2020 12:46 AM
- Karma Re: Splunk Add-on for Netflow Windows compatibility for rgaleone1. 06-05-2020 12:46 AM
- Karma Re: Another RegEx Question for wpreston. 06-05-2020 12:46 AM
- Got Karma for PREAMBLE_REGEX. 06-05-2020 12:46 AM
- Got Karma for PREAMBLE_REGEX. 06-05-2020 12:46 AM
- Got Karma for PREAMBLE_REGEX. 06-05-2020 12:46 AM
- Posted Re: Splunk Add-on for Cisco IPS: Why am I getting this error message trying to add a new Cisco IPS Sensor? on All Apps and Add-ons. 12-15-2014 01:21 PM
- Posted PREAMBLE_REGEX on Splunk Search. 03-19-2014 09:36 AM
- Tagged PREAMBLE_REGEX on Splunk Search. 03-19-2014 09:36 AM
- Tagged PREAMBLE_REGEX on Splunk Search. 03-19-2014 09:36 AM
- Tagged PREAMBLE_REGEX on Splunk Search. 03-19-2014 09:36 AM
- Posted Re: Splunk Add-on for Netflow Windows compatibility on All Apps and Add-ons. 02-14-2014 08:37 AM
- Posted Splunk Add-on for Netflow Windows compatibility on All Apps and Add-ons. 02-13-2014 02:49 PM
- Tagged Splunk Add-on for Netflow Windows compatibility on All Apps and Add-ons. 02-13-2014 02:49 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 3 | |||
| 0 |
12-15-2014
01:21 PM
1 Karma
I saw this issue when I had tried copying the app's etc/local directory from a Windows server to a CentOS server. To get it to work, I had to delete the local directory, restart splunk, and use the web interface to add the sensors. This is with Splunk 6.1.4 heavy forwarder and Splunk Add-on for Cisco IPS 2.1.1. On top of that, I had to edit pySDEE.py per the comment by Colin Humphreys here: http://answers.splunk.com/answers/171146/ciscoips-script-not-working-in-splunk-universal-fo.html.
... View more
03-19-2014
09:36 AM
3 Karma
I've got a log file I'd like to have the Universal Forwarder watch and index, but there are 34 lines at the beginning of the file from when the service/server restarts that I don't want indexed. I'm trying to use PREAMBLE_REGEX in props.conf on the indexer to have it ignore these lines, but it appears to be ignoring the regex, not the lines. I've verified the syntax of the regex using regex101.com, and it checks out. I've seen other posts where people have used this, so I'm confused as to why it's not working for me. I've even added a # to the beginning of a couple lines and just had ^# in the PREAMBLE_REGEX , but those lines still make it into the indexed data. Maybe I've missed a setting somewhere that turns this on? Any help would be appreciated.
I have the PREAMBLE_REGEX in props.conf on the indexer under the corresponding sourcetype, and on the UF, I have queue = parsingQueue in inputs/conf.
Jim
... View more
02-14-2014
08:37 AM
Thanks for the info!
... View more
02-13-2014
02:49 PM
Are there plans to make a Windows Server compatible version of this add-on? If so, what's the timeframe?
Jim
... View more
