Share a Global Dashboard List across Applications
Looking for suggestions on how add a global "Red Team" navigation dropdown across all applications... E.g. I added this to navigation schema one app and would like to punch it through to other apps......
View Articlesecurity-violation error
Hello, is there anyway i can genrate alert and send mail from splunk . for eg:- if there is an security-violation error on a particular switch like err-disable state if someone tried to connect a...
View ArticleCorrelation in Splunk Enterprise
Hi Guys, I am new to Splunk Enterprise. I am currently setting up a testlab to do correlation event for a simulation attack (from Kali Linux) on an Apache Web Server (with ModSecurity installed). As I...
View ArticleIs the Splunk SDK for python required to create custom commands?
Looking to create some custom commands - is the Splunk SDK required in order to do this?
View ArticleIs Dell Sonicwall Analytics CIM compliant?
We are evaluating new firewalls for procurement and would like to know if the latest version of Sonicwall Analytics is CIM compliant.
View ArticleDoes Eventgen need to be setup in a special way for a distributed environment?
All, I can't find anything on setting up eventgen for a distributed environment. By the looks of the demo, it would appear that this developer had an all in one instance set up. How would I add in...
View Articlehow to get the first(_raw) when i have split my pattern which were separated...
**unique_exception= pattern1|pattern2|pattern3** all these three patterns(1,2,3) are tagged to unique number 111. **eval temp=split(unique_exception, "|")|stats values(temp) by temp** i am getting...
View Articleerror during csv index extraction
I have setup a process where a heavy forwarder is ingesting a large number of csv files and the process seems to be working, but I am seeing the following error message for every single csv file...
View ArticleSplunk and Office365 on Microsoft Cloud - data are not flowing
Hi, We use Office 365 on Microsoft cloud. We installed Splunk Add-on for Microsoft Cloud Services to get audit/logs from our Office365 cloud. Authentication process was successful, but data are not...
View Articlehow can we configure search head cluster members as license slaves??
hello i have search head cluster with 3 nodes which are up and running. i want to configure them as license slaves. as the navigation in web is disabled. can some one please navigate me how to do it?...
View ArticleI need some searching help for windows event logs. Can anyone tell me the...
Hey I'm new to splunk and I'm having problems finding specific events for a local server, I need help to search for the following: i. Successful and unsuccessful access to log files ii. Successful and...
View ArticleReport Acceleration & Lookup Table
Hi, I wonder whether someone may be able to help me please. Could someone possibly tell me whether it's possible to build a lookup table from the results of an "Accelerated Report"? Many thanks and...
View ArticleWeb Page Input Splunk for Json feeds from Hybrid-Analysis.com
Hi, I added the following web-page config on Search Head. URL - https://www.hybrid-analysis.com/feed?json Selector-Td Index=main sourcetype=hybrid-feeds I am getting the feeds but the format is not...
View ArticleTroubleshooting EMC Isilon App for Splunk Entreprise
Hi, I'm currently running Splunk Enterprise 6.4.3 on Windows 2012r2, almost everything running smoothly except EMC Isilon App & Add-On. I'm currently trying to solve why I'm unable to get these...
View Articleregex statement
I am trying to extract the response time from this statement (Just the number, not the words response time or the ms behind it) Here is a regex statement I wrote ((response time: )(\w+)) this is...
View ArticleHow to process a file only once?
Hi, I want to read a file only once, after initial splunk install, and then, never again (but the file will continue to get updated). Is there any way to do this?
View ArticleHow to include a distinct count in an eval statement?
I am currenlty trying to make a search a little more dynamic based off scanned devices rather than a static number index=network sourcetype=nessus severity!=informational signature!=*Windows*...
View ArticleBest way to use multipe searchs to get shared result that can be used for...
Trying to use multiple searches to get a percentage of total servers to be restored and total currently restored but can not get all values to be shared. I know it is the construct or the searches but...
View ArticleUsing Self Signed SSL Certs on Index Servers
I am trying to setup SSL security from the fwd clients to the index servers. I am looking at the atricle...
View ArticleDBConnect toolbar appears empty, shows no buttons.
As strange as this may seem, I opened the web GUI in Firefox, Chrome, and IE, but the grey DBConnect toolbar remains empty. I just installed version 2.3.0 and ran all the migrating scripts. All my DB...
View Article