cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
mwtimken
New Member
Member since: ‎07-08-2010
‎07-20-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-08-2010
Activity Feed
View All

Sourcetype override for KiwiSyslog source

by in All Apps and Add-ons
‎05-22-2014 04:01 PM
‎05-22-2014 04:01 PM
I'm trying to do an override using an added source to props.conf (in the default directory for the app) but it is not working: [source::\\anchqqsw108m\logs\(\w{6}-asa\d-?(outside|inside|ncic|wifi)?).*] TRANSFORMS-force_sourcetype_for_cisco = force_sourcetype_for_cisco_asa,force_sourcetype_for_cisco_pix,force_sourcetype_for_cisco_fwsm Here are examples of the source: \anchqqsw108m\logs\anchqq-asa1-outside\2014-05-22\daily-syslog.txt \anchqqsw108m\logs\anchqq-asa1-inside\2014-05-22\daily-syslog.txt \anchqqsw108m\logs\anchqq-asa5-wifi\2014-05-22\daily-syslog.txt \anchqqsw108m\logs\anchqq-asa4-ncic\2014-05-22\daily-syslog.txt \anchqqsw108m\logs\betast-asa4\2014-05-22\daily-syslog.txt The source type for the log monitor (\anchqqsw108m\logs) is set to automatic. Do I have to shift the monitor source type to syslog? example event log: 2014-05-22 13:11:49 Local4.Warning anchqq-asa1-outside May 22 2014 13:11:50: %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 3 per second, max configured rate is 10; Current average rate is 13 per second, max configured rate is 5; Cumulative total count is 8224 host = anchqq-asa1-outside source = \anchqqsw108m\logs\anchqq-asa1-outside\2014-05-22\daily-syslog.txt sourcetype = daily-syslog-14 ... View more

Two saved searches throwing errors

by in Splunk Search
‎02-03-2011 02:40 AM
‎02-03-2011 02:40 AM
When I attempt to run the searches "Cisco Firewall - Denies Over Last 24 Hours" or "Cisco Firewall - Accepts Over Last 24 Hours" I get the following error: ValueError: (22, 'Invalid argument') This page was linked to from https://splunk.ps.ak:8000:/en-US/APP/splunkforciscosecurity/rt_firewall I tried running the saved searches by hand and they do work. I noticed that the saved searches for those reports differ from the others specified in savedsearches.conf in they are the only ones that have two "eventtypes" enumerated on the search line. Is this a bug in either the ciscofirewall or splunkforciscosecurity apps? ... View more

Search times out from UI or CLI.

by in Splunk Search
‎07-08-2010 12:42 AM
‎07-08-2010 12:42 AM
My installation of Splunk (ver 3.4.6) is stalling out during any type of search; including just loading a default dashboard. Is this the 2010 date issue catching up with me? I have restarted the server and the splunk service several times. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-20-2021 12:23 PM