Mitigationn Vs Detection use case with Peakflow Arbor logs
I have some Peakflow - Arbor logs, two types of logs are of interest: **"Host Detection alert"** and **"TMS mitigation"** **Host Detection alert** carries *attacked Ip* information and the *alertid*...
View ArticleUnable to Set up the Splunk Add-on for Tomcat
I tried to Set up the Splunk Add-on for Tomcat by following the instructions on docs.splunk.com/Documentation/AddOns/released/Tomcat/Setup I am getting the following error in step 10. ![alt text][1] In...
View ArticleVisitor flow stats on website
I implemented the sp.js website analytics event collector with splunk. Now I have a lot of events collected, including over 100k pageview events. All events have a user id field (id) with possibility...
View ArticleJMS Modular Input and IBM MQ - What is minimum permission to be granted?
Unless the splunk user is added to mqm group the TA does not seem work. 2035 unauthorised error appears in the log. But we are not allowed to add splunk user to mqm group. What are the minimum...
View ArticleJMS Modular Input and MQ - SSL Error
The Queue Manager is on the same machine as the JMS TA. We have specified transport as Bindings mode in the JMS Topic Connection Factory. It works fine, messages are subscribed. However the mq logs...
View ArticleIs there a means to create a dashboard that is in either the ES app or ties...
My organization (After much thought of spamming people with constantly alerts of various failures and I mean up to 500GB daily indexed volume) we have decided on a dashboard of relevant panels. Our...
View ArticleSearching DNS queries into reports from Splunk Stream
So I know there is a newer app called Stream. It has a massive amount of DNS queries from 100 hosts at least in Stream. If I need to pull data from that to generate the report, how can I narrow the DNS...
View ArticleRemove duplicate keywords (values) returned from field
Hi All, I am splitting a Description field with "space" using Split command and generating list of keywords ( doing sort of text analytics) and doing the stats count by keywords to find top count of...
View ArticleScript is running but doesn't appear to be collecting any data
Hi there, having trouble setting up the add-on. It appears to be running... root 4308 4163 0 18:29 ? 00:00:00 /bin/sh -c python /opt/splunk/etc/apps/NestAddonforSplunk/bin/devices.py root 4309 4308 0...
View Articlesplit multi value fields
my dear friends, I'm running the below search string that give me the following result: index=qualys IP="*" DNS="*" cve="*" | table IP DNS cve | dedup IP DNS cve result: IP DNS cve 10.252.64.84...
View ArticleJSON - options either limits/tuncates events OR extract twice.
Hi Guys Pretty new to all this and struggling to understand all the other answers. I have a cronjob which is extracting CMDB data from service now in json format at 1am each day. its over writes a...
View ArticleAdd a new field at index time and rewrite values from another field
Hi All, I am facing an issue with logs from juniper SRX and ES. I am pretty new to splunk, i am hoping the answer would be an easy one to this. I have a field called protocol-id with numeric values for...
View ArticleNeed help getting basic requests.post to work for HTTP Event Collector with...
OK - This is starting to frustrate me. I first tried the following command: curl -k http://10.10.XX.XX:8088/services/collector/event -H "Authorization: Splunk my_correct_token" -d '{"event": "does this...
View ArticleHaving issues sending PDF in email when alert is triggered
Let's let say that I have am alert rule that if the number of failured Windows logins exceed three in 15 minutes. I believe that the alert is sent to my email but I can't figure out how to send a PDF...
View ArticleI need to find a way to search for users that are logged into more than one...
This search doesn't really give me what an need nor does the ES-TA. I need to figure out how I can determine if a single user is or has logged into more that one host from totally different devices...
View ArticleCount filed value variation pet host per day
Hello, I need to report antivirus daily update on servers, i have an hourly logging of each "Endpoint" with version number. How can i count field value variation for each day and each "Endpoint" ?
View Articleclassic SQL pivot in splunk
Hi I need to do a classic pivoting in splunk but I cannot find a solution. I have the first table in the following image and it have to become like the second table. Of course the families and the name...
View ArticleHow to dynamically split a list into equal parts?
Hi, I have a list of customers (ColA) and depending on the total amount of customers I want to "split" the list into equal groups (let's say steps of 10%) and flag these groups. So having 20 customers...
View Articlehow we can identify peoples region in Splunk ?
Hello Team, We have use case where we need to map/identify people's region in Splunk and create dashboard. Can we do something in Splunk? we want to be able to write some performance dashboards and...
View ArticleTA customization for CEF input instead of vendors
Hi, I'm looking for the best way to make CEF events what Splunk receives from various vendors to adopt to Splunk's TAs For example: I've Websense Web Filter and Symantec Endpoint Protection. Splunk...
View Article