thank you so much for your help and for sharing the resources, I will go through them. I ran the search but I am getting the following error message: "Right hand side of IN must be a collecti...
See more...
thank you so much for your help and for sharing the resources, I will go through them. I ran the search but I am getting the following error message: "Right hand side of IN must be a collection of literals. '(range = "10.0.0.0/8")' is not a literal The search job has failed due to an error..." I got this error before, I assumed that when using lookups the WHERE IN clause needs to be changed for something else maybe? not sure =/ thanks in advanced!
Colour can be defined a number of ways - here is a list of the standard named colour <named-color> - CSS: Cascading Style Sheets | MDN (mozilla.org) I am not sure if there is a limit but I have over...
See more...
Colour can be defined a number of ways - here is a list of the standard named colour <named-color> - CSS: Cascading Style Sheets | MDN (mozilla.org) I am not sure if there is a limit but I have over 120 single values in one trellis.
This is very neat @ITWhisperer - but I have 2 more questions with regards to your answer. Where are the colours defined (i.e. are there more, like pink and purple)? Is Trellis limited to the numb...
See more...
This is very neat @ITWhisperer - but I have 2 more questions with regards to your answer. Where are the colours defined (i.e. are there more, like pink and purple)? Is Trellis limited to the number of graphs it can create (I can't get more than 12 for some reason).
Hello everyone, I'm working on Splunk Entreprise and on the Search & Reporting app. I made many drop-down menu to filter my data. I've a special field who can be "void" and with value. How ...
See more...
Hello everyone, I'm working on Splunk Entreprise and on the Search & Reporting app. I made many drop-down menu to filter my data. I've a special field who can be "void" and with value. How can I make include the void value on the drop-down menu's ? Because when I select "*" on the drop-down menu Splunk return all the value of the field but I want to select the "void" value too. Thanks in advance!
I believe the command you are looking for is scrub. I attended .Conf last year where an instructor used this command to replace "real data" with dummy information, while keeping the format of the da...
See more...
I believe the command you are looking for is scrub. I attended .Conf last year where an instructor used this command to replace "real data" with dummy information, while keeping the format of the data. This command comes in useful when wanting to anonymize the data, when passing it on to a 3rd party etc. I use it when pasting data into 3rd party websites, to work on Regex extractions. |scrub
Hi @toporagno , this means that you have to manually or by Deployment Server update your inputs.conf stanza in the Universal Forwarder, adding the lines for index and sourcetype. Ciao. Giuseppe
https://docs.splunk.com/Documentation/Splunk/latest/Viz/EventHandlerReference#chart_.28event_tokens.29:~:text=Data%20Property,segment%2C%20or%20if%20not%20applicable%2C%20the%20time%20range%20of%20th...
See more...
https://docs.splunk.com/Documentation/Splunk/latest/Viz/EventHandlerReference#chart_.28event_tokens.29:~:text=Data%20Property,segment%2C%20or%20if%20not%20applicable%2C%20the%20time%20range%20of%20the%20search. Depending on if you want the X or Y axis value, you'll want to use tokens from above reference.
Hi @danroberts , Hi the counter of the memory is one, if you have other counters, you should have also this. Anyway, it should be [perfmon://Memory] Ciao. Giuseppe
Hi team, In this output, it appears that TLS is enabled based on the following information: XXX.XXX@XXX-XXX-XXX ~ % openssl s_client -connect 1.1.1.1:8088 CONNECTED(00000003) 140704518969088:erro...
See more...
Hi team, In this output, it appears that TLS is enabled based on the following information: XXX.XXX@XXX-XXX-XXX ~ % openssl s_client -connect 1.1.1.1:8088 CONNECTED(00000003) 140704518969088:error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version:/AppleInternal/Library/BuildRoots/d9889869-120b-11ee-b796-7a03568b17ac/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/ssl/tls13_lib.c:151: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 294 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1705416962 Timeout : 7200 (sec) Verify return code: 0 (ok) --- I dont understand but the "Protocol" field indicates TLS version 1.3, and the "Cipher" field would typically show the cipher suite being used. The "Verify return code" of 0 indicates that the certificate verification was successful. However, there is an error related to the TLS protocol version alert, which might be due to a compatibility issue between the OpenSSL version used and the TLS version supported by the server. If this is not causing any problems with the connection, it might be negligible.
Hi @toporagno, At first how are you taking these logs: from a Universal Forwarder or from an Heavy Forwarder or another Splunk server? if you are using a UF, I suppose that you are using a Deployme...
See more...
Hi @toporagno, At first how are you taking these logs: from a Universal Forwarder or from an Heavy Forwarder or another Splunk server? if you are using a UF, I suppose that you are using a Deployment Server to manage it, so in the inputs.conf, you could add the sourcetype and the index. IOf instead you are receiving a syslog in an HF, you have to apply the same update to the related inputs.conf. You could alse override the index and sourcetype on the Indexer, or (if present) on the HF, but it's easier modifying the inputs.conf. Ciao. Giuseppe
I was looking for quite a long time but I'm still wondering whether or not the SAAS portfolio is covered by the Spanish ENS . I found that the cloud is ISO 27001 because does the hyperscalers support...
See more...
I was looking for quite a long time but I'm still wondering whether or not the SAAS portfolio is covered by the Spanish ENS . I found that the cloud is ISO 27001 because does the hyperscalers supporting it (GCP/AWS) but the Signalfx doesn't seem to be within compliant regarding the use of customers certificates and the lack of native 2FA.
OK. Wait a second. Do you even have TLS enabled on this port? Check output of openssl s_client -connect your_splunk_ip:8088 for errors as well as check your _internal index for errors regarding yo...
See more...
OK. Wait a second. Do you even have TLS enabled on this port? Check output of openssl s_client -connect your_splunk_ip:8088 for errors as well as check your _internal index for errors regarding your client's IP.