Using splunk 6.0.1 - trying to do some testing with Windows DNS logs to see if can get the data formatted and dropping events we dont want to keep. I found some answers on the splunk site, but either I have something misconfigured, I am missing something or some other issue is cropping up, I an unable to get the SDECMD and the TRANSFORM to both work. We have a TRANSFORM that will drop certain events - this is working. We also want to add in the SEDCMD which will change the output from (3)www(3)ibm(3)com type output to be .www.ibm.com output. The SEDCMD part is not working. Is this because of a misconfiguration on my part, is it due to already having data that is indexed or something else? This is my first foray into using splunk. Was able to set up Windows DHCP logs pretty quickly. I created a basic app for the windows dns logs to do some testing. I have tried different options with getting the SEDCMD working. Can anyone help?
... View more