Videos

  • Add Videos
  • View All

Latest Activity

Profile Icon
Greg Vallenari is now a member of splunkninja Sunday
Welcome Them!
Profile Icon
Mike Hartford commented on Michael Wilde's video
Got it thanks
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 8
Profile Icon
Michael Wilde commented on Michael Wilde's video
Sure...  When you do group mapping, map them to groups that don't have the domain admins in them.  I have a separate OU=Groups that has "Splunk Users, Splunk Admins, Splunk Power Users" as group names, and specific users…
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 8
Profile Icon
Mike Hartford commented on Michael Wilde's video
I want to give LDAP access to my splunk servcie but I don't want the LDAP users to have admin capabilitys in Splunk.  Can I keep the domain admins out of Splunk if I have LDAP authentication???
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 7
Profile Icon
Mike Hartford left a comment for Jonathan Hawes
Helow Jonathan,   Glad to have another Splunker.  I've been useing Splunk for 2 years and am hooked.  I leared how to spell splunk and | transaction too.  you'll learn that one soon.   Go over to Splunk…
Feb 7
Profile Icon
Mike Hartford commented on Mike Hartford's blog post 'tees for the holy day'
  Holy Batskins Ninja, zzzzzwap zgruppp kapow a hidden stash, how great is that!!!!   The team that found them must have special bat senses and highly tooned Splunking skills   I like to wear Extra Lovable…
Feb 7
Profile Icon
Learning, learning, learning . . . Our Splunk "expert" is gone, and the non-programmer gets to learn the task! How do you spell SPLUNK?
Status posted by Jonathan Hawes Feb 7
0 Comments
Profile Icon
Jonathan Hawes is now a member of splunkninja Feb 7
Welcome Them!
Michael Wegener
Michael Wegener
  • Lees Summit, MO
  • United States
Share on Facebook Share on Facebook Share Twitter

Michael Wegener's Discussions

How to Configure timestamps for events with multiple timestamps
2 Replies

I followed the directions for configuring custom timestamps for events with multiple timestamps but I am not getting the result I am looking for. Here is my props.conf in my…Continue

Tags: configure, timestamps

Started this discussion. Last reply by Michael Wilde Jun 21, 2010.

 

Michael Wegener's Page

Gifts Received

Gift

Michael Wegener has not received any gifts yet

Give Michael Wegener a Gift

Latest Activity

Profile Icon
Hagar replied to Michael Wegener's discussion 'How to Configure timestamps for events with multiple timestamps'
Try without the TIME_FORMAT leave only the TIME_PREFIX, my guess is that splunk will identified the format itself.
Jun 18, 2010
Profile Icon

How to Configure timestamps for events with multiple timestamps

I followed the directions for configuring custom timestamps for events with multiple timestamps but I am not getting the result I am looking for. Here is my props.conf in my $Splunk_home$/etc/system/local/ folder: [host::foo.bar.com]TIME_PREFIX = \w+ \d+ \d\d:\d\d:\d\d foo.bar.com\s+TIME_FORMAT = %b %d %H:%M:%S %Y Here are a couple of entries that I am dealing with: Jun 14 08:18:20 foo.bar.com Mon Jun 14 08:16:25 2010: 123.123.123.12 -> 231.231.231.23: 43645 NOERR 'a.b.cdf.net.' AAAA IN…See More
Discussion posted by Michael Wegener Jun 14, 2010
2 Comments
Profile Icon
Michael Wegener is now a member of splunkninja Jun 14, 2010
Welcome Them!

Profile Information

Are you an existing splunk user?
Licensed
What do you do for your day job?
Learning to use Splunk

Comment Wall

  • No comments yet!

You need to be a member of splunkninja to add comments!

Join splunkninja

 
 
 

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service