Mask a Credit Card from a CSV file using transforms and props files
Hi Everyone, I am new at masking data and I want to mask a field wich corresponds to a TDC from a CSV file. Here are sample of data that is already indexed in Splunk:...
View ArticleLog File Monitoring giving me the future timestamp
Hello folks, Would like to grab your intention, on my current issue with Splunk. Please help me with you r valuable inputs. I am monitoring logs file in splunk. Which has foretasted computation period....
View ArticleLog File Monitoring Reflect Future Time Stamp
Hello folks, Would like to grab your intention, on my current issue with Splunk. Please help me with you r valuable inputs. I am monitoring logs file in splunk. Which has foretasted computation period....
View ArticleBREAK_ONLY_BEFORE and BREAK_ONLY_BEFORE_DATE=false in the same props.conf
We're trying to break up some log entries that look like: 2019-03-27 17:11:59.942 Request was not matched as were no stubs registered: { "url" : "/", "absoluteUrl" : "http://localhost:8080/", "method"...
View ArticleConfiguring props.conf for multiline events
Hi fellow Splunkers! Having issues configuring props.conf for sourcing data to splunk. We have now spent a couple of days trying these forums and testing, but to no avail. Basically we have log files...
View ArticleHow do you configure props.conf for multiline events?
Hi fellow Splunkers! Having issues configuring props.conf for sourcing data to Splunk. We have now spent a couple of days trying these forums and testing, but to no avail. Basically we have log files...
View ArticleHow do you replace _raw values for multiple fields?
I'm trying to mask multiple fields from the raw results. Only one of the fields ends up masked in the raw. It seems I need to either do one statement that gets them all or something else. I've...
View ArticleCan you help props.conf to break the event and mask the data?
I have the below sample event {"timestamp": 1553559218742, "message": "(0133108c-4f5c-11e9-82ca-1b5bad0211a1) Method request path: {serverId=s-2f9b4670b10148058, username=mike}", "ingestionTime":...
View ArticleTIMESTAMP Extract for Log Monitoring Files
I want to monitor a log file, a file in which there is a lot of time constraints, Date and time is defined within the log file. Configuration in props.conf for default is set as DATETIME_CONFIG=...
View ArticleCan you help me with a timestamp extraction for monitoring log files?
I want to monitor a log file, a file in which there are a lot of time constraints. Date and time is defined within the log file. Configuration in props.conf for default is set as `DATETIME_CONFIG=...
View ArticleMSExchange Protocol Logs
Has anyone been able to ingest and parse out protocol logs? I see that there's two perfmon stanzas for them in TA-Exchange-Mailbox but I don't want perfmon, and also nothing is ingested when I enable...
View Articletimeparsing issue for sourcetype
I have data like below:- Log file created at: **2019/03/24 17:56:14** Running on machine: F8976GMac Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg **I0324 17:56:14.700251** 16884...
View ArticleDo Props.conf create any effect, in customize app at Forwrader?
Hey Splunkers! I have a doubt, when we create any customize app in Splunk, for any purpose, lets say for log monitoring. So the default props.conf will be effective or if i update something in my...
View ArticleSEDCMD a field
I'm hoping what I want to do exists. I've reviewed props.conf.spec and https://docs.splunk.com/Documentation/Splunk/7.2.5/Data/Anonymizedata. I can't find where the documentation says that it is...
View ArticleLog merging
Hello, I am trying to merge two lines logs, but no luck with it Splunk Enterprise 7.1.2 here is sample {"log":"Apr 04, 2019 12:01:24 PM hudson.model.AsyncPeriodicWork$1 run\n", "stream":"stderr",...
View ArticleValues repeated in each field
I am getting repeated values in Splunk fields. This can be seen only in Table view. For list view/raw there is no repetition seen. However, my search queries treat all these fields as multi-valued...
View ArticleNeed SEDCMD Help.
I have a csv that is coming in and we want to replace anything in the name section with "XXXX" Sample events "2019-04-16 15:02:42",,22290412_163115_00725.pdf,111111,,,,,--------Please Select Member...
View ArticleHow do you set action in Email CIM?
One of the fields in the Email CIM is action. From the Proofpoint-On-Demand pps_messagelog I want to change final_action to action. I've tried using the below in TA-pps_ondemand/local/props.conf...
View ArticleProofpoint On Demand Email Security Add-on: How do you set action in Email CIM?
One of the fields in the Email CIM is action. From the Proofpoint-On-Demand pps_messagelog I want to change final_action to action. I've tried using the below in TA-pps_ondemand/local/props.conf...
View ArticleFiltering the log using REGEX
I have logs which contains 'LogonType=Owner' and some logs which contains 'InternalLogonType=Owner'. I want to send 'LogonType=Owner' to nullqueue while the latter not, so how can i write regex for it?...
View Article