trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixing the Splunk nullqueue

Browse Source
This commit is contained in:
Chris Long
2020-03-28 02:30:06 -07:00
parent c7e013558a
commit fd804a083d
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Vagrant/resources/splunk_server/props.conf
View File

@@ -15,8 +15,10 @@ TRUNCATE = 0
[osquery:json] [osquery:json]
TRANSFORMS-osquery_host = osquery_hostidentifier_as_host TRANSFORMS-osquery_host = osquery_hostidentifier_as_host
TRANSFORMS-null = setnull
TIME_PREFIX = \"unixTime\"\: TIME_PREFIX = \"unixTime\"\:
MAX_TIMESTAMP_LOOKAHEAD = 500 MAX_TIMESTAMP_LOOKAHEAD = 500
TIME_FORMAT = %s TIME_FORMAT = %s
TRUNCATE = 0 TRUNCATE = 0
[osquery:status]
TRANSFORMS-null = setnull