×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
jmcrabb
Explorer
Member since: ‎01-02-2014
‎01-28-2026
Community Statistics
Posts 4
Solutions 0
Karma Given 7
Karma Received 4
Member Since ‎01-02-2014
Activity Feed
View All

Re: Splunk Add-on for Cisco IPS: Why am I getting ...

by in All Apps and Add-ons
‎12-15-2014 01:21 PM
1 Karma
‎12-15-2014 01:21 PM
1 Karma
I saw this issue when I had tried copying the app's etc/local directory from a Windows server to a CentOS server. To get it to work, I had to delete the local directory, restart splunk, and use the web interface to add the sensors. This is with Splunk 6.1.4 heavy forwarder and Splunk Add-on for Cisco IPS 2.1.1. On top of that, I had to edit pySDEE.py per the comment by Colin Humphreys here: http://answers.splunk.com/answers/171146/ciscoips-script-not-working-in-splunk-universal-fo.html. ... View more

PREAMBLE_REGEX

by in Splunk Search
‎03-19-2014 09:36 AM
3 Karma
‎03-19-2014 09:36 AM
3 Karma
I've got a log file I'd like to have the Universal Forwarder watch and index, but there are 34 lines at the beginning of the file from when the service/server restarts that I don't want indexed. I'm trying to use PREAMBLE_REGEX in props.conf on the indexer to have it ignore these lines, but it appears to be ignoring the regex, not the lines. I've verified the syntax of the regex using regex101.com, and it checks out. I've seen other posts where people have used this, so I'm confused as to why it's not working for me. I've even added a # to the beginning of a couple lines and just had ^# in the PREAMBLE_REGEX , but those lines still make it into the indexed data. Maybe I've missed a setting somewhere that turns this on? Any help would be appreciated. I have the PREAMBLE_REGEX in props.conf on the indexer under the corresponding sourcetype, and on the UF, I have queue = parsingQueue in inputs/conf. Jim ... View more

Re: Splunk Add-on for Netflow Windows compatibilit...

by in All Apps and Add-ons
‎02-14-2014 08:37 AM
‎02-14-2014 08:37 AM
Thanks for the info! ... View more

Splunk Add-on for Netflow Windows compatibility

by in All Apps and Add-ons
‎02-13-2014 02:49 PM
‎02-13-2014 02:49 PM
Are there plans to make a Windows Server compatible version of this add-on? If so, what's the timeframe? Jim ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-28-2026 06:45 AM
Karma from
Karma given to