cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
hmarkus
Explorer
Member since: ‎01-12-2018
‎06-05-2020
Community Statistics
Posts 5
Solutions 1
Karma Given 3
Karma Received 2
Member Since ‎01-12-2018
Activity Feed
Topics I've Started
No posts to display.
View All

Re: How to disable a index temporarily

by in Installation
‎06-13-2019 07:39 AM
‎06-13-2019 07:39 AM
@hmarkus .Thank you for your reply .Once I enable back do i get the old events that were already indexed and do I get the data during the index disabled time . If I want to ignore the data which is queued ,how can I do that and I do get the data whihc was indexed before the index is disabled right? Thanks in Advance ... View more

Re: Cisco ASA: How to limit ASA logs being logged ...

by in All Apps and Add-ons
‎06-12-2019 12:11 AM
‎06-12-2019 12:11 AM
You could use Heavy Forwarder or build a App for Splunk Cloud to filter your Logs. If you know, how your unnecessary Logs look like, you can filter it: add in props.conf TRANSFORMS-asa_filter_cloud = filterAsaLogs add in transforms.conf [filterAsaLogs] SOURCE_KEY = _raw DEST_KEY = queue FORMAT = nullQueue REGEX = (your regex to detect them) ... View more

Re: How to index same source to multiple indexes

by in Getting Data In
‎06-12-2019 08:54 AM
‎06-12-2019 08:54 AM
This, obviously, works, TA_LOG/default/inputs.conf [monitor:///tmp/*.TXT] index=main sourcetype=TMP:TXT crcSalt = <SOURCE> followSymlink = true TA_LOG2/default/inputs.conf [monitor:///tmp_ln/*.TXT] index=test sourcetype=TMP:TXT_BIS crcSalt = <SOURCE> followSymlink = true IMHO, crcSalt should work in same stanza, multiple inputs.conf and so... IMHO it does not work!!!!! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All
Karma given to
View All