Refine your search:

hello all,

i installed the netscreen juniper application for exlploring the syslog coming from my juniper

but i doesn't work properly , i have the same dashebord of splunk with the same fields

does anything that i can change to fix this

asked 15 Apr '12, 01:52

sarah89's gravatar image

sarah89
61115
accept rate: 0%


One Answer:

I've not used the Netscreen App myself...

However, having seen other Apps, a common problem could be the use of custom sources; sourcetypes; indexes; etc. You should make a note of how you see the raw data in events (i.e. your populating search), and then you should look at the searches which drive the App's dashboard (you can do this via the manager, as I'm sure there will be use of custom views; saved searches; and even eventtypes).

link

answered 15 Apr '12, 01:58

MHibbin's gravatar image

MHibbin
4.4k3521
accept rate: 31%

sourcetype must be a netscreen ? my sourcetype is a syslog

(15 Apr '12, 02:32) sarah89

OK, you could either change the configurations with the Netscreen App (in Splunk) to match your sourcetype ... which would be a lot of work.

Or the easiest method would probably be to rename the sourcetype via the function in Splunk manager (Manager>>Fields>>Sourcetype Renaming). But this could have implications if you add different sources via syslog.

If you are willing to change your set-up, you could look at the answer in this question...

http://splunk-base.splunk.com/answers/34251/udp514-and-source-types

(15 Apr '12, 03:04) MHibbin

If it was me.. I would change the netscreen app, as this does not involve modifying the actual Splunk installation.

(15 Apr '12, 03:05) MHibbin

i've renamed the sourcetypy, i get the same thing i just want to know if the netscreen app have a personalized dasheboard or searches already saved

(15 Apr '12, 03:45) sarah89

Just saw this, sorry I didn't sooner. As you've I'm sure discovered by now... no, the Juniper Netscreen Extractions "AddOn" is just that. AddOns are classified as packages that do smaller things, such as provide just the extractions for a particular sourcetype (in this case Juniper Netscreen syslog output format). There are no special charts or saved searches included in the AddOn.

(28 Sep '12, 14:09) tmeader
Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×5

Asked: 15 Apr '12, 01:52

Seen: 831 times

Last updated: 28 Sep '12, 14:09

Copyright © 2005-2014 Splunk Inc. All rights reserved.