splunk

Dr. Splunk-love or: How I learned to start indexing and love the CSV

Submitted by northben on Mon, 10/26/2015 - 12:18

Categories:

I've been having trouble indexing CSV files. In particular, CSV files from Tripwire. I'll show you the format and how I was able to index the files in Splunk

 

Node Name,Node Type,Policy,Parent Test Group,Test Name,Description,Element,Result Time,Result State,Actual Value
"192.168.1.1",Linux Server,"My Policy Name","My Test Group","My Test Name","My Test Description","Some Element",10/25/15 2:02 AM,passed,"ELEMENT=foo"

Here's my Props.conf stanza:

Month-over-Month data in Splunk

Submitted by northben on Wed, 09/02/2015 - 08:53

Categories:

I've been working with Splunk Enterprise a lot lately (and it's very powerful and easy to use!). In many situations, it is useful to show some metric compared to the same metric a month ago (or some other time period).

One way to accomplish this is with the community-supported Splunk app, Timewrap. I couldn't get Timewrap to output the data as I wanted, so instead here's the approach that I used.

Pages

Subscribe to RSS - splunk