The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by sonicsai
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
limiting splunk forwarder to certain event types
In: SplunkAdministration
(Not tagged)
I have splunk forwarder set up, sending Windows event data to a central splunk server. the problem is ...
|
–
|
32 months ago... | |
|
Changes to active directory
In: SplunkAdministration
(Not tagged)
this is what I have:
"user account created" AND "Account Management"
|
3
|
32 months ago... | |
|
firefox 3.5.1 - Wrap results
In: SplunkSearchAndAlert
(Not tagged)
since I updated to Firefox 3.5.1 from 3.5.0 the "Wrap results" tickbox on the Splunk web interface does ...
|
1
|
35 months ago... | |
|
Getting Windows Event Logs into Splunk (running on Linux)
In: SplunkPreview
(Not tagged)
Snare for windows does a good (and free) job of forwarding events to Splunk in syslog format.
|
6
|
35 months ago... | |
|
extracting a snare field
In: SplunkAdministration
(Not tagged)
searching for **administrator logon failure:**
gives:
Jan 30 11:05:38 sfs.domain.com MSWinEventLog#0111#011Security#01126528#011Fri ...
|
1
|
40 months ago... | |
|
Sourcetype being ignored?
In: SplunkAdministration
(Not tagged)
I have a similar problem. sourcetype gets set to 'too_small'. All my sources are windows snare and I ...
|
3
|
41 months ago... |