Last active
January 30, 2019 02:50
-
-
Save habbdt/99b2cd6c8a22a1150750d18a7ff28cca to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| +-------------------+ | |
| | Splunk Operations | | |
| +-------------------+ | |
| # /opt/splunkforwarder/bin/splunk add forward-server <server_name>:<index_port> | |
| # /opt/splunkforwarder/bin/splunk list forward-server | |
| # /opt/splunkforwarder/bin/splunk add monitor /var/log/messages | |
| # /opt/splunkforwarder/bin/splunk start | |
| +------------------------------------+ | |
| | Splunk Processing Language Example | | |
| +------------------------------------+ | |
| # index="wazuh" rule.description="file added to the system." | timechart span=1d count by host | |
| # index="wazuh" rule.description="file added to the system." | stats count by host | |
| # host="dev-wsplunk-d01" source="homeworkdataset.csv" usr=* | eval timenew=strftime(_time, "%H:%M") | table timenew usr |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment