splunk-connect-for-syslog
splunk-connect-for-syslog copied to clipboard
splunk
Splunk Connect for Syslog
This allows other service/agent to monitor the sc4s.service without the need to log in with user sc4s while still archiving rootless podman. Also modified the env_file variable to match the...
https://splunk.github.io/splunk-connect-for-syslog/main/configuration/#sc4s-disk-buffer-configuration SC4S_DEST_SPLUNK_HEC_DEFAULT_DISKBUFF_DISKBUFSIZE bytes (53687091200) Size of local disk buffer in bytes (default 50 GB) This creates 10 qf files in the /var/lib/containers/storage/volumes/splunk-sc4s-var/_data folder. I understand that the total of all...
Hi, When trying to use the Helm chart with a Service of type NodePort, it would be beneficial being able to set the `externalTrafficPolicy` setting through the `values.yml` file. Currently...
https://github.com/splunk/splunk-connect-for-syslog/pull/1772 Why did the sourcetype get changed from isc:dhcp to isc:dhcpd?? Docs indicate that it should be isc:dhcp https://splunk.github.io/splunk-connect-for-syslog/1555/sources/vendor/ISC/dhcpd/ Also the Splunk add-on to use with this datasource (as documented)...
Hi all, In the [sc4s documentation](https://github.com/splunk/splunk-connect-for-syslog/blob/a8ecf03ea8e489d7e71db61fbc2fd8e4e2d195a5/docs/sources/vendor/Cisco/cisco_wsa.md?plain=1#L17) cisco:wsa:l4tm is listed as a usable sourcetype. [Splunk Docs](https://docs.splunk.com/Documentation/AddOns/released/CiscoWSA/Upgrade) also describe it: "to collect data for access logs, W3C logs, and L4TM logs for...
Currently it seems with the `splunk_metadata.csv` you must iterate over an exhaustive list of `vendor_product` combinations to switch a default index to something else. It'd be nice to have a...
Is there a way for SC4S to capture the source IP and store it in a field? I saw that in the "compliance_meta_by_source.csv" file you can use syslog-ng macros, and...
While working through an issue with a single source that's bursting to 100k events/second over 3 minutes, Bazsi chimed in with the suggestion that jemalloc should help reduce fragmentation, particularly...
https://splunk.github.io/splunk-connect-for-syslog/main/sources/vendor/Thycotic/secretserver/ The Splunk Add-on is listed as https://splunkbase.splunk.com/app/4060/ This goes to a Tenable Add-on There is no Splunk Secrect server TA, the extractions are all in the app https://splunkbase.splunk.com/app/5327 NOTE:...