Previous Topic: display event ID's? | Next Topic: Splunk for Windows not indexing Security log
Hi
Syslog and ipfilter are aggregating repeating entries
Like "Last message was repeated x times" or "2x".
I haven't found any tunable in syslog or ipfilter to change this behaviour.
The problem is, that I want to do reporting with values that are ommited.
Can Splunk be somehow configured to account for these aggregated entries?
Thanks
Mika
We cannot easily account for the "last message repeated" from syslog. The only way I can think of to account for it would be to write a search processor that would replace the "last message repeated NN times" with NN of the previous message. Check out some of the example search processors in splunk/etc/searchscripts.
You must be logged in to post a reply.
Flash required to play this video.
Click here to download the free Flash Player.