try the following:
edit your /etc/systemd/system/Splunkd.service
in the [Service] section add the following two lines:
Environment=REQUESTS_CA_BUNDLE=/etc/ssl/ca-bundle.pem
Environment=SSL_...
See more...
try the following:
edit your /etc/systemd/system/Splunkd.service
in the [Service] section add the following two lines:
Environment=REQUESTS_CA_BUNDLE=/etc/ssl/ca-bundle.pem
Environment=SSL_CERT_FILE=/etc/ssl/ca-bundle.pem
Replace /etc/ssl/ca-bundle.pem with the path to your CA bundle with your own certificate (or keep the path and add your ca certificates to the linux os truststore)
Python standard libs (httplib,urlib3) will use the CA trust bundle specified in SSL_CERT_FILE and the requests library will use REQUESTS_CA_BUNDLE.
You didn't read the docs I pointed you to. Stitching your searches using random commands won't work. Results from a subsearch are rendered as a set of conditions to the outer search - you don't pass...
See more...
You didn't read the docs I pointed you to. Stitching your searches using random commands won't work. Results from a subsearch are rendered as a set of conditions to the outer search - you don't pass argumenta/tokens/whatever to the subsearch from the outer search. (We'll leave the map command for now).
I clicked add data at the home screen, clicked upload at the bottom, dragged in my csv, filled in the name and description and other stuff, didnt change anything on the input settings and submit
Hi everyone, i'm using splunk for a school project and I need to upload a csv to splunk to make data visualisations. When I upload the file and get to the preview, it seems to recognise the table hea...
See more...
Hi everyone, i'm using splunk for a school project and I need to upload a csv to splunk to make data visualisations. When I upload the file and get to the preview, it seems to recognise the table headers but when I actually upload the file, the fields don't recognise the file headers as a field. I tried manually selecting the fields but it didn't seem to work well when I tried to visualise it. The csv data and what happens after I import it are below. Appreciate any help I can get!
Based on screen shot the web server is disabled, so there shouldn’t be anything listening on port 8000. Unless it’s not disabled then you should found reason why it’s not try to start it from splunkd...
See more...
Based on screen shot the web server is disabled, so there shouldn’t be anything listening on port 8000. Unless it’s not disabled then you should found reason why it’s not try to start it from splunkd.log.
If you are sending exactly same email to all recipients then you probably could use e.g. *stats command to combine all recipients to mv-field and then transfer that to for a,b,….
Proper Solution:
edit your /etc/systemd/system/Splunkd.service
in the [Service] section add the following two lines:
Environment=REQUESTS_CA_BUNDLE=/etc/ssl/ca-bundle.pem
Environment=SSL_CERT_F...
See more...
Proper Solution:
edit your /etc/systemd/system/Splunkd.service
in the [Service] section add the following two lines:
Environment=REQUESTS_CA_BUNDLE=/etc/ssl/ca-bundle.pem
Environment=SSL_CERT_FILE=/etc/ssl/ca-bundle.pem
Replace /etc/ssl/ca-bundle.pem with the path to your CA bundle with your own certificate (or keep the path and add your ca certificates to the linux os truststore)
Python standard libs (httplib,urlib3) will use the CA trust bundle specified in SSL_CERT_FILE and the requests library will use REQUESTS_CA_BUNDLE.
One problem left: Splunk will often connect by IP adress instead of using proper hostnames. For Security Essentials you might have two options (I verified the first): -include IP 127.0.0.1 in the certificate of the Search Head or -in web.conf set mgmtHostPort =<SPLUNK-SEARCH-HEAD-FQDN>:8089 (Security Essentials will read this property in bin/sse_id_enrichment.py and will use it for the connection)
Hi @vehuiah, what's the scope of your request? if you pre-process and index logs using Splunk, you pay the license, so why should you pay the license and don't use Splunk (the best log search engin...
See more...
Hi @vehuiah, what's the scope of your request? if you pre-process and index logs using Splunk, you pay the license, so why should you pay the license and don't use Splunk (the best log search engine) for searching? If you need Splunk logs in other systems, you can export subsets of data for your purposes, but you have Splunk to store,manage, normalize and aggregate data. Ciao. Giuseppe
Hi @fromero , if you run "your_ip_address:8000" can you access the web GUI of your Splunk server? If not there could be two issues: as @isoutamo said, the web interfaces could be disabled, if thi...
See more...
Hi @fromero , if you run "your_ip_address:8000" can you access the web GUI of your Splunk server? If not there could be two issues: as @isoutamo said, the web interfaces could be disabled, if this is your firt installation it's very rare, you didn't disable the local firewall (iptables). In the second case disable iptables and try again. Ciao. Giuseppe
Hi @vihshah , are you able to create the secondary search, please share it and I'll show you how to use it to filter results of the main search. Ciao. Giuseppe
Hi @raj98, in the Splunk documentation, in the Splunk YouTube Channel and in Community, you can find much material: https://www.youtube.com/watch?v=OT9UT5Cidxw https://www.youtube.com/watch?v=xGiL...
See more...
Hi @raj98, in the Splunk documentation, in the Splunk YouTube Channel and in Community, you can find much material: https://www.youtube.com/watch?v=OT9UT5Cidxw https://www.youtube.com/watch?v=xGiLTayok6c https://docs.splunk.com/Documentation/SOARonprem/6.2.0/Install/Overview https://developer.carbonblack.com/reference/carbon-black-cloud/integrations/splunk-soar/user-guide/ Ciao. Giuseppe
@isoutamo Yes sir. If my requirement cannot be met through sendemail.py script then I have to look for other way , like through some other tools I can handle this. This is my actual requirement. ...
See more...
@isoutamo Yes sir. If my requirement cannot be met through sendemail.py script then I have to look for other way , like through some other tools I can handle this. This is my actual requirement. It should be as below :
action.email.to=$result.owner$ - all users from result here
action.email.cc=$admin@foo.bar$
I think then I cannot make this happen through alert capability in splunk then. Note : gmail.com is just for example purpose here. This will be different in actual case, aligns with my org. Regards, PNV
