Hi Splunker;
Splunk monitoring logs from URL by reset API, but we noticed that there duplicate logs, I mean Splunk read more than one for one event, you can see the below inputs.conf which I used?
[rest://port scanner from cloud ps.log]
auth_type = none
endpoint = http://95.177.216.188/ps.log
host = 95.177.216.188
http_method = GET
http_proxy =
index = ps
index_error_response_codes = 0
response_handler = DefaultResponseHandler
response_type = json
sequential_mode = 0
sourcetype = ps:ports
streaming_request = 0
polling_interval = 420
Please help me in that...
BR;
↧