- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- juniper netscreen extraction issues
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
juniper netscreen extraction issues
hello all,
i installed the netscreen juniper application for exlploring the syslog coming from my juniper
but i doesn't work properly , i have the same dashebord of splunk with the same fields
does anything that i can change to fix this
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've not used the Netscreen App myself...
However, having seen other Apps, a common problem could be the use of custom sources; sourcetypes; indexes; etc. You should make a note of how you see the raw data in events (i.e. your populating search), and then you should look at the searches which drive the App's dashboard (you can do this via the manager, as I'm sure there will be use of custom views; saved searches; and even eventtypes).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just saw this, sorry I didn't sooner. As you've I'm sure discovered by now... no, the Juniper Netscreen Extractions "AddOn" is just that. AddOns are classified as packages that do smaller things, such as provide just the extractions for a particular sourcetype (in this case Juniper Netscreen syslog output format). There are no special charts or saved searches included in the AddOn.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i've renamed the sourcetypy, i get the same thing
i just want to know if the netscreen app have a personalized dasheboard or searches already saved
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If it was me.. I would change the netscreen app, as this does not involve modifying the actual Splunk installation.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, you could either change the configurations with the Netscreen App (in Splunk) to match your sourcetype ... which would be a lot of work.
Or the easiest method would probably be to rename the sourcetype via the function in Splunk manager (Manager>>Fields>>Sourcetype Renaming). But this could have implications if you add different sources via syslog.
If you are willing to change your set-up, you could look at the answer in this question...
http://splunk-base.splunk.com/answers/34251/udp514-and-source-types
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sourcetype must be a netscreen ? my sourcetype is a syslog
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
