All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

absence fichir authorize.conf dans le dossier splunk app windows infrastrcture

hichem_khalfi
Path Finder
‎02-24-2022 05:33 AM

bonjour

j’arrive pas a trouver le fichier authorize.conf

je sais pas j’ai bien suivi le lien

Comment déployer l’application Splunk pour l’infrastructure Windows - Documentation Splunk

 

j'avais aussi ces 2 messages et j'ai lu plusieurs articles sans savoir le corriger:

Received event for unconfigured/disabled/deleted index=perfmon with source="source::PerfmonMk:Network_Interface" host="host::SRV-DC-02" sourcetype="sourcetype::PerfmonMk:Network_Interface". So far received events from 1 missing index(es).


Eventtype 'wineventlog_security' does not exist or is disabled.

 

 

Labels (3)
Tags (2)
0 Karma
Reply

splunkmarroko
Engager
‎02-27-2022 05:20 AM

may be you should give more information about your environment.
why do you need authorize.conf? 

0 Karma
Reply

hichem_khalfi
Path Finder
‎02-25-2022 07:30 AM

@splunkmarroko thank you i fix it

0 Karma
Reply

splunkmarroko
Engager
‎02-25-2022 07:18 AM

you have to run the above command from backend (ssh)

make sure you can ssh, otherwise use UI program files and manually look for authorize.conf
if it's not there you have to create a new configuration file and use the right stanza, check the below link:

https://docs.splunk.com/Documentation/ITSI/4.12.0/Configure/authorize.conf

 

0 Karma
Reply

hichem_khalfi
Path Finder
‎02-25-2022 07:23 AM

le fichier n'existe pas mais honnêtement je sais pas comment le creer 

 

0 Karma
Reply

splunkmarroko
Engager
‎02-25-2022 07:42 AM

before you so , are you admin? if not , you can't create such config files

0 Karma
Reply

hichem_khalfi
Path Finder
‎02-25-2022 07:46 AM

oui j'ai trouvé le fichier il est deja crée 

enfaite mon premier probleme que l'application n'affiche pas des informations malgré quand je fais la recherche manuellement j'aurai des resulats 

ce que j'ai lu il y a un probleme de token ou quoi 

malgré que j'ai modifié sur l'app 

0 Karma
Reply

splunkmarroko
Engager
‎02-25-2022 06:20 AM 
par défaut l'emplacement est : $SPLUNK_HOME/etc/system/default

si vous ne le trouvez pas, vérifiez le dossier local

si ce n'est pas le cas, exécutez ceci : splunk btool authorize list --debug  |grep authorize.conf

 

0 Karma
Reply

hichem_khalfi
Path Finder
‎02-25-2022 07:11 AM

i can't find it 

i use a windows machine so i c'ant use this command 

what i do ??

0 Karma
Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...