SSO Login is being implemented on this site. Existing users: Your existing password must be reset the first time you login using SSO. Click here to reset your password first before login. Your new username will be your email.

Reporting

Reply

Missing fields in search for ib:DDNS, but available in the GRID syslog ?

Techie
Posts: 3
181     0

Its seems that the data coming in to my Splunk Reporting server, is missing fields ...  you can see in the syslog example I have the ip and hostname info .. but in the splunk ib:ddns index datasource ... there are "" missing data .. I suspect the "field extractions" is not working correctly ... not sure where to fix this ??? Thanks in advance for any help.

 

2022-02-03 17:36:19 EST daemon INFO named[21748] update: client @0x7f79ebb2a200 10.12.129.23#62527/key windowspc1\$.corp.com: updating zone 'corp.com/IN': deleting rrset at 'windowspc1.corp.com' A
2022-02-03 17:36:19 EST daemon INFO named[21748] update: client @0x7f79ebb2a200 10.12.129.23#62527/key windowspc1\$.corp.com: updating zone 'corp.com/IN': deleting rrset at 'windowspc1.corp.com' AAAA
2022-02-03 17:36:19 EST daemon INFO named[21748] update-security: client @0x7f79ebb2a200 10.12.129.23#62527/key windowspc1\$.corp.com: signer "windowspc1\$.corp.com" approved
2022-02-03 17:36:19 EST daemon INFO named[21748] queries: client @0x7f7a14001190 10.12.129.23#58643 (windowspc1.corp.com): query: windowspc1.corp.com IN SOA + (10.220.158.21)
2022-02-03 17:35:56 EST daemon INFO named[21748] update: client @0x7f7a441cc080 10.12.129.23#61108/key windowspc1\$.corp.com: updating zone '10.in-addr.arpa/IN': adding an RR at '23.129.12.10.in-addr.arpa' PTR windowspc1.corp.com.

Screenshot 2022-02-04 103005.png

Showing results for 
Search instead for 
Did you mean: 

Recommended for You