The issue is that in Splunk Enterpries 8.2.12 "ui-pref.conf" is not used anymore!!! ... and for our users this is a big problem!!! This is a thread where the issue is described, and solved, http...
See more...
The issue is that in Splunk Enterpries 8.2.12 "ui-pref.conf" is not used anymore!!! ... and for our users this is a big problem!!! This is a thread where the issue is described, and solved, https://community.splunk.com/t5/Splunk-Enterprise/quot-ui-prefs-conf-quot-no-more-working-from-Version-7-to/m-p/669303#M17896 .
Dear Team, I installed enterprise security on the search head and downloaded Splunk_TA_ForIndexer from ES General settings now i am stuck for UF technology add-on, from where i can find it? no op...
See more...
Dear Team, I installed enterprise security on the search head and downloaded Splunk_TA_ForIndexer from ES General settings now i am stuck for UF technology add-on, from where i can find it? no option from the ES interface and i can't find it on splunkbase portal I tried multiple search keyword on splunkbase with no luck
Perhaps you should tell us a bit more about what you are trying to do - since you posted this in the Splunk Search section, I presume this is part of a search, perhaps for a dashboard or a report? If...
See more...
Perhaps you should tell us a bit more about what you are trying to do - since you posted this in the Splunk Search section, I presume this is part of a search, perhaps for a dashboard or a report? If so, what do you have so far?
Sorry about that. Try this SEDCMD, instead. It does, however, make some assumptions about the order of fields. SEDCMD-rm-geo_protection = s/(.*\|action=Accept\|)(.*?)\|protection_type=geo_protecti...
See more...
Sorry about that. Try this SEDCMD, instead. It does, however, make some assumptions about the order of fields. SEDCMD-rm-geo_protection = s/(.*\|action=Accept\|)(.*?)\|protection_type=geo_protection\|(.*?)(\|service=23.*)/\1\2|---|\3\4/
Hi @jcgever , UFs can send logs ony to a Splunk HF or to an Indexer, it isn't possible to send logs to a DLP to mask them and then to an HF. If you want to mask your data before indexing, you can d...
See more...
Hi @jcgever , UFs can send logs ony to a Splunk HF or to an Indexer, it isn't possible to send logs to a DLP to mask them and then to an HF. If you want to mask your data before indexing, you can do this in the HF, following the instruction at https://docs.splunk.com/Documentation/Splunk/9.1.1/Data/Anonymizedata Ciao. Giuseppe
Hi, I'm uncertain which Process name—CreatorProcessName, ParentProcessName, or NewProcessName—is the appropriate one to apply windows events blacklisting in this context. Thanks..
Hi @NeharikaVats , you can filter your logs before indexing following the instructions at https://docs.splunk.com/Documentation/Splunk/9.1.1/Forwarding/Routeandfilterdatad#Filter_event_data_and_send...
See more...
Hi @NeharikaVats , you can filter your logs before indexing following the instructions at https://docs.splunk.com/Documentation/Splunk/9.1.1/Forwarding/Routeandfilterdatad#Filter_event_data_and_send_to_queues You have to apply these configurations in the first Heavy Forwarder you have in your infrastructure. Ciao. Giuseppe
Hi @gwen , as you like, but masking the information I don't think that you reveal your confidential information. Anyway, good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karm...
See more...
Hi @gwen , as you like, but masking the information I don't think that you reveal your confidential information. Anyway, good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
Hello @ITWhisperer, Thank you for your response. Can you please help with example of how to write the code? |inputlookup myTable.csv
|where _time=relative_time(now(),"-1d@d") Now I need to apply...
See more...
Hello @ITWhisperer, Thank you for your response. Can you please help with example of how to write the code? |inputlookup myTable.csv
|where _time=relative_time(now(),"-1d@d") Now I need to apply the regular expression on fieldA and store the extracted data from each row in field: res. It would be very helpful if you could help. Thank you
Hi, I script something by myself and I want to share it with you. https://github.com/Gotarr/Splunkbase-Download-script (python-script) My Inspiration is from @tfrederick74656 but his script...
See more...
Hi, I script something by myself and I want to share it with you. https://github.com/Gotarr/Splunkbase-Download-script (python-script) My Inspiration is from @tfrederick74656 but his script dosnt work for me very well. Happy splunking and let me know if something dosnt work.
@yuanliu Your suggestion worked for me, but is there a way to put comments with Carriage Return in multiple lines? See below.. Thanks {
"visualizations": {
"viz_OQMhku6K": {
"type": "splu...
See more...
@yuanliu Your suggestion worked for me, but is there a way to put comments with Carriage Return in multiple lines? See below.. Thanks {
"visualizations": {
"viz_OQMhku6K": {
"type": "splunk.ellipse",
"_comment": "
==================================
This is created by Person1 on 1/1/2023 @companyb
On 2/1/2023 - added base search
On 2/5/203 - added dropdown box
"
}
},