props and transforms to correctly get the date and values extracted
Hi, My data is something like below. Although i have added the props.conf and transforms.conf and defined, It works well for only when say 20 lines are coming but not when 10 lines are coming. Its...
View ArticleLine breaking doesn'twork and my event is divided in 2 events
the log is parsed in bad way. that's the props.conf: SHOULD_LINEMERGE = false LINE_BREAKER = ([\r\n]+)Data\:\s\d{14} MAX_EVENTS = 256 TRUNCATE = 10000 TIME_PREFIX = ^Data\:\s TIME_FORMAT = %d%m%Y%H%M%S...
View Articleprops.conf is not working in MyApp01 folder but it's working in search folder
Hi All My props.conf is not working if placed under "C:\Program Files\Splunk\etc\apps\**MyApp01**\local\" bu if I copy the file to "C:\Program Files\Splunk\etc\apps\**search**\local". Why is that?
View ArticleSetting up Splunk App for Windows Infrastructure with Splunk Add-on for...
Hello Folks, I am trying to set up Splunk App for Windows Infrastructure for easier dashboarding and management, however, despite days of research, I am still unable to fix/solve the problem regarding...
View ArticleHow to index events (CSV file from universal forwarder) based on the time field?
I am trying to index a CSV file from UF, which contains some historical data. Below is the sample of the events. Somehow the events are not getting indexed based on the timestamp from the CSV file....
View Article