cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
benedetto
Engager
Member since: ‎09-27-2012
‎06-05-2020
Community Statistics
Posts 9
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-27-2012
Activity Feed
View All

Heavy Forwarder, Syslog filter

by in Getting Data In
‎10-03-2012 09:03 AM
‎10-03-2012 09:03 AM
Hi all, How can I create a filter that sends just Syslog login and logout events? I have a Syslog on different machines that send syslog events to each their own forwarders and then come to indexer. How can I create a filter that has as sourcetype syslog? thanks in advance, Best regards. ... View more

Re: Heavy Forwarder filter

by in Getting Data In
‎09-28-2012 12:31 AM
‎09-28-2012 12:31 AM
You are Great!! Thank you very much!! ... View more

Re: Heavy Forwarder filter

by in Getting Data In
‎09-27-2012 09:19 AM
‎09-27-2012 09:19 AM
Yes 🙂 2012/09/27 19:07:48 :MGR ,49660:301(entrust):1 [-07728 Entrust subsystem started.] : Event : Done by > 'Master User Master1' : entash subsystem - Entrust Authority (TM) Security Manager, version 7.1 SP3 Patch 154020(189) @ Jan 5 2010 14:29:19 (PID: 49660) Thank you very much. ... View more

Re: Heavy Forwarder filter

by in Getting Data In
‎09-27-2012 09:01 AM
‎09-27-2012 09:01 AM
[source::/home/splunk/mgraudit/mgraudit.log] NO_BINARY_CHECK = 1 pulldown_type = 1 TRANSFORMS-set = setnull,mgraudit In this way does not send events [source::/home/splunk/mgraudit/mgraudit.log] NO_BINARY_CHECK = 1 pulldown_type = 1 TRANSFORMS-set = mgraudit In this way sends all without filters. transforms.conf file is equal to the previous. You know what it depends? Thank you very much. ... View more

Re: Heavy Forwarder filter

by in Getting Data In
‎09-27-2012 08:43 AM
‎09-27-2012 08:43 AM
I tried with SetNull before mgraudit but this way does not send events. I tried without SetNull but this way sends all without filters. I tried with SetNull after mgraudit but this way does not send events. After modifying the file I restarted splunk. Anyway, now try again. ps: are you Italian? Thank you very much. ... View more

Re: Heavy Forwarder filter

by in Getting Data In
‎09-27-2012 08:03 AM
‎09-27-2012 08:03 AM
props.conf: [prova_mgraudit] NO_BINARY_CHECK = 1 pulldown_type = 1 TRANSFORMS-set = mgraudit,setnull transforms.conf: [setnull] REGEX = . DEST_KEY = queue FORMAT = nullQueue [mgraudit] REGEX = REGEX=\[.*(07728|07895).*\] DEST_KEY = queue FORMAT = indexQueue I have other filters so I used [mgraudit] instead of the file setparsing transforms.conf. prova_mgraudit is the surcetype that I created via the web interface and corresponds to the log file that I want to filter. Thank you very much. ... View more

Re: Heavy Forwarder filter

by in Getting Data In
‎09-27-2012 07:32 AM
‎09-27-2012 07:32 AM
I tried with SetNull before setparsing but this way does not send events. I tried without SetNull but this way sends all without filters. Thank you very much. ... View more

Re: Heavy Forwarder filter

by in Getting Data In
‎09-27-2012 06:39 AM
‎09-27-2012 06:39 AM
Hi, Thank you for your answer, I would like to receive only the logo containing a list of codes for example 07728. The codes are about 80. Just replace SetNull and nullQueue with setparsing and indexQueue? How can I specify a list of values ​​to be sent? Thank you very much. ... View more

Heavy Forwarder filter

by in Getting Data In
‎09-27-2012 02:51 AM
‎09-27-2012 02:51 AM
Hi, I have this example of log: hhhh/mm/dd hh:mm:ss :MGR ,nnnnn:nnn(text):1 [-07728 text.] : Event : Done by > 'text' I would like to filter by code "07728". How can do it? Thanks in advance, Best regards ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All