Videos

  • Add Videos
  • View All

Top Content 

1 Count failures and success via transaction

Count failures and success via transaction

Latest Activity

Profile IconWilliam S and Please... Dee Esssss :-) joined splunkninja
1 hour ago
Amine Recoba is now a member of splunkninja
yesterday
Welcome Them!
Michael Wilde replied to Nikita's discussion Count failures and success via transaction
"How are these transactions linked together... by a field called "ID"?  If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it.   Paste some samples and…"
Friday
Linus Myrefelt updated their profile
May 22
Marie updated their profile
May 21
Marie is now a member of splunkninja
May 21
Welcome Them!
Profile IconJitter and matthew arguin joined splunkninja
May 18
Profile IconMatthew Carter and Nikita joined splunkninja
May 17
Stefan Baryakov
  • praha
  • Czech Republic
Share on Facebook Share on Facebook Share Twitter

Stefan Baryakov's Friends

  • Alexander Szoenyi

Stefan Baryakov's Discussions

fschange - change detection criteria
2 Replies

Hi All,How to only send the full event in case of user/group or hash change but not time change of file in the scope of fschange?As…Continue

Started this discussion. Last reply by Stefan Baryakov Jan 12, 2010.

 

Stefan Baryakov's Page

Gifts Received

Gift

Stefan Baryakov has not received any gifts yet

Give Stefan Baryakov a Gift

Latest Activity

Stefan Baryakov and Alexander Szoenyi are now friends
Mar 11, 2010
Stefan Baryakov replied to Stefan Baryakov's discussion fschange - change detection criteria
"Hi Michael, Thanks for the response. The file is just being touched, as open and saved without being changed. The hash in splunk desn't change however the complete file is indexed. When the files are really changed the hash changes and the…"
Jan 12, 2010
Michael Wilde replied to Stefan Baryakov's discussion fschange - change detection criteria
"Stefan.. What is happening to the file? Is someone opening the file and saving it, so the modtime's getting updated? Or is someone just reading the file? Also.. which OS is it on?"
Jan 11, 2010
Stefan Baryakov posted a discussion

fschange - change detection criteria

Hi All,How to only send the full event in case of user/group or hash change but not time change of file in the scope of fschange?As example:[fschange:/etc/config.cfg]fullEvent=truesendEventMaxSize=-1Now every time the file is touched, even without change, the complete content of the file is indexed.In other words how to configure the [fschange] not to send ‘fullEvent’ in case of modtime change alone.Thank you.BR,StefanSee More
Jan 11, 2010
2 Comments
Michael Wilde left a comment for Stefan Baryakov
"Stefan.. Thanks for signing up. I set up this site so we can freely share, discuss, ask questions, post videos.. whatever. Ask hard questions, and we'll try to get them answered. Michael Wilde Splunk Ninja"
Jan 7, 2010
Stefan Baryakov is now a member of splunkninja
Jan 2, 2010
Welcome Them!

Profile Information

Are you an existing splunk user?
Licensed
What do you do for your day job?
n/a

Comment Wall (1 comment)

At 8:16pm on January 7, 2010, Michael Wilde said…
Stefan..

Thanks for signing up. I set up this site so we can freely share, discuss, ask questions, post videos.. whatever. Ask hard questions, and we'll try to get them answered.

Michael Wilde
Splunk Ninja

You need to be a member of splunkninja to add comments!

Join splunkninja

 
 
 

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service