Forward Matlab Crash Dump
I'm getting an intermittent issue that I suspect is related to file IO, not Matlab. I want to forward all the crashdumps so that maybe I can identify a pattern. My problem is that splunk is truncating...
View ArticleHow to edit my configurations to filter event logs pulled in via WMI?
Hi, I am running 6.5.2 and using WMI to get Windows Event log data into Splunk. Currently I’m pulling in Application and System logs and trying to filter what I pull in/index. I’d like to not have...
View ArticleWhy is the global sourcetype defined in props.conf and transforms.conf not...
Hi guys I've defined my sourcetype, transforms and lookup in /opt/splunk/etc/system/local/props.conf and /opt/splunk/etc/system/local/transforms.conf (I set the lookup from the web interface)....
View ArticleHow to edit my props.conf to forward Matlab Crash Dump?
I'm getting an intermittent issue that I suspect is related to file IO, not Matlab. I want to forward all the crashdumps so that maybe I can identify a pattern. My problem is that splunk is truncating...
View ArticleWhy is my WS_FTP XML Log not parsing correctly?
I am attempting to import a ws_ftp log, but I am having issues parsing the log data. I can either get it to have no fields extracted or I end up with hundreds of entries for each event as it does not...
View ArticleHow to edit props.conf and transforms.conf on a heavy forwarder to keep...
props.conf [firewall] TRANSFORMS-set = setnull,setparsing transforms.conf [setnull] REGEX = . DEST_KEY = queue FORMAT = nullQueue [setparsing] REGEX = 192\.168\.1\.1 DEST_KEY = queue FORMAT =...
View ArticleHow to fix an incorrectly indexed timestamp?
Splunk is not showing the correct time on the events. The time that Splunk gives the log is 5 hours behind the time that it is supposed to be. The time is correct on the server and the logs but Splunk...
View ArticleSplunk Add-on for Tenable: How to correctly filter events to nullQueue from...
Hello, My environment uses Nessus for vulnerability scanning, and we are importing the results of those scans via the Splunk Add-on for Tenable, here: https://splunkbase.splunk.com/app/1710/#/overview...
View ArticleWhat is the best practice for setting time zone?
We have Splunk instances running in EST, however the application log files are in GMT & EST. When Splunk is indexing the log files in GMT , the time and the timestamp in the event both are showing...
View ArticleInline field extracted vs Transformation?
I am walking through the Cisco app and I noticed that there are a lot different ways fields are being extracted. It looks like there are many inline extractions and others referencing a transform, all...
View ArticleHow do I ensure that the time zone of a database input from DB Connect...
I'm using the DB Connect app to pull data from an MS SQL database that is sitting on a server in the US Eastern time zone. The Splunk server with DB Connect is configured in UTC time. The time stamp...
View ArticleHow do I ensure that the timezone of a database input from Splunk DB Connect...
I'm using Splunk DB Connect to pull data from an MS SQL database that is sitting on a server in the US Eastern time zone. The Splunk server with Splunk DB Connect is configured in UTC time. The time...
View ArticleHow to transform my raw data into a readable format?
Hi, I'm new to Splunk and hope I don't ask a question that's already been asked. I just don't know which terminology to use to search. I configured my firewall to send syslog messages to a syslog...
View ArticleHow to extract field for irrelevant data log to indexed?
Event Flow (THREAD-XXXX) YYYY-MM-DD 15:53:38.486 - Server_Name flow step millis 32 ('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') (THREAD-XXXX) YYYY-MM-DD 15:53:38.508 -...
View ArticleHow to edit my configurations to forward syslog to a third party using a...
Hello guys, today i was able to send some syslogs to another non-Splunk instance, however when i tried to send 1 type of sourcetype i failed hard. These are my outputs.conf, props.conf and...
View ArticleHow to edit my configurations to encode French special characters (é à ê è)?
Hi, I am importing data from Gitlab to Splunk. The data imported are in French and contains special characters like é, à, è, ê. Data imported in Splunk are not well encoded. For example when importing...
View ArticleDefault values for CSV lookups that don't match?
I have a vehicle fleet lookup table like: vehicle_id,vehicle_year,vehicle_type,vehicle_ends,vehicle_agency,vehicle_livery 1,1912,"A",2,"San Francisco Municipal Railway","San Francisco Municipal...
View ArticleMy CSV headers are not extracting properly in splunk , Should be extracted...
I see my csv log files headers showing as events and i would like have them in interesting fields extracted automatically. CSV header ex: MMR,CLLL,city,Date,Time,Message,Status props.conf [XYZ]...
View ArticleRename Index based on Host AND Index name
Hello Splunkers, I have multiple sources sending each data for multiple indexes towards on central Universal Forwarder. I need to rename some indexes based on the host and on the index name. For...
View ArticleIs there a way to use a date in a CSV file name as the timestamp without...
Hi All, I am trying to import a CSV file that has a date in the filename and I am wondering if it's possible to use that date as the timestamp without having to edit the datetime.xml and the props.conf...
View Article