Please provide more information. Which parts of HIPAA concern you when it comes to integrating Splunk and AWS? Which AWS services are you integrating with Splunk? How are you integrating them?
Hello Splunkers I use the deployer to deploy config apps or add_ons on a search head cluster. This works when I want to deploy a new app or delete an app. I see that the search head cluster initi...
See more...
Hello Splunkers I use the deployer to deploy config apps or add_ons on a search head cluster. This works when I want to deploy a new app or delete an app. I see that the search head cluster initiates a rolling restart after each apply-bundle command on the deployer. But when I modify a file in an app (etc/shcluster/app) and run the apply-bundle command, the modification is not propagated to the cluster. What's wrong?
Thanks yes the search looks strange, but it's the only way out of my problems. If dest_interface=outside the cable to outside interface is connected. Not sure why, but it's perfect. I have also ...
See more...
Thanks yes the search looks strange, but it's the only way out of my problems. If dest_interface=outside the cable to outside interface is connected. Not sure why, but it's perfect. I have also tried to use appendcols to combine both graphs without success. I think I must do more investigation to find out why. Geir
Hi @gcusello, I have not tried delete command 1) Could you please explain what you meant by this command you said previously and provide an example? "ta the rend disable the can_delete role"...
See more...
Hi @gcusello, I have not tried delete command 1) Could you please explain what you meant by this command you said previously and provide an example? "ta the rend disable the can_delete role" 2) How do create a search to identify the event? I tried to filter the event generated on a specific hour based on "_time" field, but it didn't give me result. 3) How do I know if I have can_delete role? How do I enable it? Thank you so much for your help
Hello. Not sure if you figured out this issue yet. What I found was that a recent Splunk update moved some js libraries into the quarantined folder due to incompatibility with jQuery 3.5. So far I...
See more...
Hello. Not sure if you figured out this issue yet. What I found was that a recent Splunk update moved some js libraries into the quarantined folder due to incompatibility with jQuery 3.5. So far I haven't seen any other solutions. We actually moved the js and css files into our APPLICATIONS with modifications to the js to adhere to jQuery 3.5.
As I said, the proper way to get rid of old files would be to reduce the limits for the indexes you want to trim and let Splunk roll the buckets to frozen on its own.
You can try appending the second search to the first search Having said that using dc by the same field is only every going to give counts of 1 so your searches seem a little strange.
Anyone can help me to onboard data and metrics from openshift to Splunk Cloud. Forwarding Logs to Splunk Using the OpenShift was not enough to get all the data we need i.e cpu and memory utilization.
@PickleRick this is our license master and i understand that it supposed to be not indexer any data. So we have some files of 2022 and 2023 so . can we remove these files of 2022?
Hi, I need an spl to find the threshold for the respective domains. index=ss group="Threat Intelligence" | stats values(attacker_score) as attacker_score by domain eg. admin.com 110 120 ...
See more...
Hi, I need an spl to find the threshold for the respective domains. index=ss group="Threat Intelligence" | stats values(attacker_score) as attacker_score by domain eg. admin.com 110 120 135 145 160 170 185 195 210 220 235 245 270 345 360 370 395 410 420 435 445 45 470 495 520 570 60 645 70 85 920 95 Thanks..
Hi Deepak, You can reach me whenever you need, I don't know if I can share my mail here or not. But you can easily reach me over LinkedIn message further communication. Thanks Cansel
Hi, I have create two different timechart like: Timechart1(cable connection on/off): index=cisco_asa dest_interface=outside | timechart span=10m dc(count) by count Timechart2(login user listed...
See more...
Hi, I have create two different timechart like: Timechart1(cable connection on/off): index=cisco_asa dest_interface=outside | timechart span=10m dc(count) by count Timechart2(login user listed): host=10.1.1.1 src_sg_info=* | timechart span=10m dc(src_sg_info) by src_sg_info Individually the display is perfect, but it would be even better if we could combined into one graph with common timestamps. I search through splunk documents, also tried different setup without success. Hope someone could help me with it
Hi Ryan, Cansel, Can I please a setup a call to discuss this further? I can't explain without images and sharing screen and its better if we talk in Teams call? Thanks & Regards, Deepak Paste
Hello, I have one more begginers question regarding reports and dashboards I am trying to do overview of most used services, I am using this query: index=notable| top limit=15 app When I...
See more...
Hello, I have one more begginers question regarding reports and dashboards I am trying to do overview of most used services, I am using this query: index=notable| top limit=15 app When I put this report into dashboard studio, there are appearing count as well as percentage: I would like to remove percentages completely from the chart. Can you tell me how to do it, please? And one more option just coming to my mind - if I would like to use both - count and percentages, is it possible to adapt x axis in the way that it would use separate scale like 0-100 percent for percentages?
Good afternoon, I have a Salesforce org in which I have a need to do audit trail to monitor changes in standard and custom object fields, a setup audit trail to also monitor changes to the setup of ...
See more...
Good afternoon, I have a Salesforce org in which I have a need to do audit trail to monitor changes in standard and custom object fields, a setup audit trail to also monitor changes to the setup of the org and event monitoring for me to be able to monitor who see and does what. I have this need, to respect compliance and auditing rules, and I need this information to be able to be accessible 24/7 on a database, and need the data to be able to be seen/retrieve for, at least, 10 years. I would also like to have an export capability in which it would allow me to setup an export to an external database. Does splunk have such capabilities in its add-ons? and if so, which one. Thank you all, Paulo