cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
citosysadmin
New Member
Member since: ‎02-08-2017
‎12-06-2023
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-08-2017
Activity Feed
View All

Re: How to filter or blacklist all event type/leve...

by in Getting Data In
‎04-19-2017 10:57 PM
‎04-19-2017 10:57 PM
this works excellent for indexing errors and discarding everything else Props [WMI:WinEventLog:Application] TRANSFORMS-evtlog = nullQueue, errorOnly Transforms [nullQueue] REGEX=. DEST_KEY=queue FORMAT=nullQueue [errorOnly] REGEX=Error DEST_KEY=queue FORMAT=indexQueue else but now I would like to index errors and warning. I have tried the below but its not working as how I want. [props] [WMI:WinEventLog:Application] TRANSFORMS-evtlog = nullQueue, errorOnly, warningOnly [transforms] [nullQueue] REGEX= . DEST_KEY=queue FORMAT=nullQueue [errorOnly] REGEX=Error DEST_KEY=queue FORMAT=indexQueue [warningOnly] REGEX=Warning DEST_KEY=queue FORMAT=indexQueue Perhaps I am doing something wrong. Your help will be greatly appreciated. ... View more

Re: How to filter or blacklist all event type/leve...

by in Getting Data In
‎04-19-2017 10:49 PM
‎04-19-2017 10:49 PM
hello.. basically I would like to index all errors and warning and discard the rest. At the moment I am ONLY able to index errors and everything else is discarded, I would now want to index errors and warning. what I have that is working for errors only Props [WMI:WinEventLog:Application] TRANSFORMS-evtlog = nullQueue, errorOnly Transforms.conf [nullQueue] REGEX=. DEST_KEY=queue FORMAT=nullQueue [errorOnly] REGEX=Error DEST_KEY=queue FORMAT=indexQueue what I have tried for windows errors and warnings but does not works [props] [WMI:WinEventLog:Application] TRANSFORMS-evtlog = nullQueue, errorOnly, warningOnly [transforms] REGEX=. DEST_KEY=queue FORMAT=nullQueue [errorOnly] REGEX=Error DEST_KEY=queue FORMAT=indexQueue [warningOnly] REGEX=Warning DEST_KEY=queue FORMAT=indexQueue your help will be greatly appreciated... ... View more

How to filter or blacklist all event type/level "i...

by in Getting Data In
‎02-08-2017 03:03 PM
‎02-08-2017 03:03 PM
I would like to filter/blacklist all event type/level "information" on Splunk 6.5.0, i am using wmi to collect logs from my servers. I am not sure if we blacklist them on \etc\system\default\inputs.conf or \etc\system\local\inputs.conf I am not sure about the syntax I need to use since i am new to Splunk. i am not using forwarder to collect events. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎12-06-2023 10:53 AM