The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by csoh

Topics 1–15 of 15

Topic	Author	Replies	Latest Post
Windows App use another indexer In: SplunkApplications (Not tagged) Hi, How can I configure the Windows Apps to use another indexer instead of the default index? ...	csoh Posts	–	20 months ago...
Lightforwarder to another Indexer In: SplunkGeneral (Not tagged) Hi, I have set the LightForwarder on one of my Windows servers. How can I set the Splunk server ...	csoh Posts	1	20 months ago...
Schedule report every month In: SplunkReporting (Not tagged) hi, Would like to find out how do I schedule a report for a Top 10 attacks for the previous month ...	csoh Posts	–	23 months ago...
How to create saved Search which prompt user for search keys In: SplunkGeneral (Not tagged) In version 3, I am able to create such saved searche : "search = dest_host=$Dest_host: $". How do I ...	csoh Posts	–	28 months ago...
Splunk For Bluecoat In: SplunkApplications (Not tagged) I have followed the guide, the the logs doesn't seemed to parse it well. And I have this error from ...	danbuckwalter Posts	20	28 months ago...
How to use ftp as data input In: SplunkGeneral (Not tagged) Hi, If I have logs on a ftp server, how do I use Splunk to read it? Using ftp? Where do I specify ...	csoh Posts	2	28 months ago...
Bluecoat apps not sending logs to splunk? In: SplunkApplications (Not tagged) Hi, When forward the logs from Bluecoat to Splunk using the Bluecoat apps and the guide, I got this ...	csoh Posts	–	28 months ago...
Use custom index in Apps In: SplunkApplications (Not tagged) I have already set up a custom index and all the bluecoat data is sent to that custom index. But how ... Hi, I understand that the apps created by the community or partners or splunk, will be using the ...	csoh Posts	4	28 months ago...
how do you extract from a field other than _raw? In: SplunkGeneral (Not tagged) It does not work for me: [s_port] SOURCE_KEY = s_port REGEX = (.*) FORMAT = src_port::$1 When ...	nclarkau Posts	6	28 months ago...
modify props.conf in default or local folder? In: SplunkApplications (Not tagged) but very strange, I modify things in the local folder, nothing get updated for the lea-loggrabber apps. Is ... Hi, Should I modify the props.conf and transform.conf in the default or local folder for the apps? Such ...	csoh Posts	2	28 months ago...
Add more index to search dsahboard In: SplunkGeneral (Not tagged) I have set different indexes for different user roles. But as an admin, how I can set my search dashboard ... Hi. I understand that the search dashboard or apps, by default use the main index. How do I add ...	csoh Posts	4	28 months ago...
Transforms.conf SOURCE_KEY In: SplunkApplications (Not tagged) It doesn't work. This is what I have done: So I modified the following: props.conf ----------------- [opsec] TIME_PREFIX ...	kangwnl Posts	2	28 months ago...
how to change default field names in the lea-loggrabber apps? In: SplunkGeneral (Not tagged) Hi, I wanted to get the Checkpoints logs into Splunk using LEA. So I used lea-loggrabber provided ...	csoh Posts	2	28 months ago...
How to change the field name in lea-loggrabber apps? In: SplunkApplications (Not tagged) Hi, I wanted to get the Checkpoints logs into Splunk using LEA. So I used lea-loggrabber provided ...	csoh Posts	1	28 months ago...
Install Splunk on custom directory In: SplunkGeneral (Not tagged) Hi, Can I install Splunk on another directory? For example: rpm -i --prefix=/Splunk splunk_package_name.rpm The ...	csoh Posts	1	28 months ago...

Forums: Posted by csoh

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Videos

Download