Jaxjohnny
Jaxjohnny
sourcetype comes in as cef and the index main raw logs from the syslog-ng ingest Jul 25 12:53:03 10.254.201.9 CEF:0|Aruba|A72xx|79813|log|SystemEvent|3|deviceProcessName=dot1x-proc:2 dvcpid=4387 dvchost=7205-SC msg=2[4387]: \|dot1x-proc:2\| User Authentication failed. username\=nicole userip\=0.0.0.0 usermac\=gg:gg:f9:03:dd:c5...
https://splunk.github.io/splunk-connect-for-syslog/main/configuration/#sc4s-disk-buffer-configuration SC4S_DEST_SPLUNK_HEC_DEFAULT_DISKBUFF_DISKBUFSIZE bytes (53687091200) Size of local disk buffer in bytes (default 50 GB) This creates 10 qf files in the /var/lib/containers/storage/volumes/splunk-sc4s-var/_data folder. I understand that the total of all...
https://splunk.github.io/splunk-connect-for-syslog/main/sources/vendor/Thycotic/secretserver/ The Splunk Add-on is listed as https://splunkbase.splunk.com/app/4060/ This goes to a Tenable Add-on There is no Splunk Secrect server TA, the extractions are all in the app https://splunkbase.splunk.com/app/5327 NOTE:...