Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About ned692000
ned692000
Engager
Member since:
08-05-2021
08-03-2023
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 08-05-2021 |
Activity Feed
- Posted How to monitor logs 7 directories deep? on Getting Data In. 08-03-2023 06:51 AM
- Posted Re: Blacklisting Splunk Forwarder new process starts on Splunk Search. 02-04-2022 03:25 AM
- Posted Re: Blacklisting Splunk Forwarder new process starts on Splunk Search. 02-04-2022 02:29 AM
- Posted Blacklisting Splunk Forwarder new process starts on Splunk Search. 02-04-2022 01:03 AM
- Posted Re: Hosts event search by lookup table on Splunk Search. 08-05-2021 05:50 AM
- Posted Re: Hosts event search by lookup table on Splunk Search. 08-05-2021 04:58 AM
- Karma Re: Hosts event search by lookup table for manjunathmeti. 08-05-2021 04:58 AM
- Posted Hosts event search by lookup table on Splunk Search. 08-05-2021 01:09 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
08-03-2023
06:51 AM
Hi, I’m trying to monitor changing log files within directories that change regularly. These log files are 7 layers deep on a Netapp share. I’m setting up the monitor stanza in inputs.conf on a Linux box. I have tried everything but only certain directories at the 3rd layer are being monitored, but not others at that same layer, including the one I need. I’ve added recursive = true and tried all variations of syntax with no luck. All permissions are the same as directories that can be monitored. What am I doing wrong?
Thanks in advance.
... View more
- Tags:
- log monitoring
Labels
- Labels:
-
inputs.conf
-
universal forwarder
02-04-2022
03:25 AM
Apologies, that excerpt wasn't actually what I've been using, I just put that as an example of the layout I was going for.
... View more
02-04-2022
02:29 AM
Thanks for the reply. I've applied a blacklist option, restarted SPLUNK then ran a search for index=wineventlog EventCode=4688 and it still shows splunk process starts, I've even changed the blacklist to just eventcode =4688 and it still shows these events in the results. Am I missing something? The only inputs file I can find under APPs, Local is under launcher. Not sure if this is right. Apologies I'm new to SPLUNK. Thanks.
... View more
02-04-2022
01:03 AM
Good Morning, I've followed guides/forums and steps on this site but still cant get my blacklists to work at all. The situation is that I've set up Splunk Alert Monitor dashboard and one of the alerts is new process starts, the splunk forwarder is causing hundreds of alerts on this so I want to blacklist it. Firstly could someone please confirm which inputs.conf to edit as there are multiple, secondly is this order correct? [WinEventLog://Security] disabled=0 current_only=1 blacklist = 4689,5158 i.e. is the blacklist option in the right place? There are a few other lines on the inputs.conf I've found, like oldest first. Finally what string will actually work and stop me seeing all processes started by Splunk? Thank you in advance.
... View more
Labels
- Labels:
-
other
08-05-2021
05:50 AM
Hi, Thanks for the reply, it's taking everything from var/messages via a forwarder. Is there anything I can use as a filter to reduce UN-useful messages. i.e. things I need to keep an eye on, rather than just normal system events
... View more
08-05-2021
04:58 AM
Thanks for your reply, that worked and its very useful. I have a further question. Are there any keywords/ event ID's that I can use to filter out events for Linux machines? I have used event ID's for windows but not sure what to use for Linux. Thanks again
... View more
08-05-2021
01:09 AM
Hi all, I have created a lookup table and imported it into SPLUNK. It has 2 columns, one called hosts the other called IPs. The columns are populated with the hosts I want to query. I'm very new to SPLUNK and would like to create a search that returns errors/events worth investigating from the hosts specified in the lookup file. I'll display the results on a dashboard and will be checking this daily for preventative maintenance on my system. I'm just after events worth looking in to and need to filter out irrelevant events to save time. Can anyone help? Thanks in advance.
... View more
Labels
- Labels:
-
lookup
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-03-2023
10:32 AM
|
