Hi @Rim-unix , good for you, see next time! let us know if we can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Po...
See more...
Hi @Rim-unix , good for you, see next time! let us know if we can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by all the contributors
Apologies i am pretty New to Splunk and i still learning and going through tutorials just got till the below but no results yet Index="Nex" Application="Pe***g.Ne**s.Platform.Host"| Search
Below was the question for me "I need a running report to be exported, with the number of errors on each of the services in the last 7 days then it has to show a graph for each week" i would need...
See more...
Below was the question for me "I need a running report to be exported, with the number of errors on each of the services in the last 7 days then it has to show a graph for each week" i would need a query to search for this Serivce "Per****ng.N**s.Platform.Host" Index="Nex" where i would need data for Information, Error, Debug, Warnings. Please help me with this
Thanks Giuseppe , your suggestions, we are planning the different way to build setup, if we have any query, we will get back to you. once again thanks Giuseppe
Hi @Rim-unix , if you have an Indexer Cluster, you can create a multisite Cluster and DR is automatic. If you don't have an Indexer Cluster, you have to find a different way for DR, using external ...
See more...
Hi @Rim-unix , if you have an Indexer Cluster, you can create a multisite Cluster and DR is automatic. If you don't have an Indexer Cluster, you have to find a different way for DR, using external tools as Veeam or other products. Ciao. Giuseppe
I suppose that you have an Indexer Cluster, is it correct? No ,you should design a multisite Indexer Cluster where the secondary site is on AWS. yes we are planning multisite Indexer Cluster. th...
See more...
I suppose that you have an Indexer Cluster, is it correct? No ,you should design a multisite Indexer Cluster where the secondary site is on AWS. yes we are planning multisite Indexer Cluster. the DR site is US-WEST-2 (Oregon) .
Hi @zksvc , you could extract from splunk the list of hostnames with a simple search index=* | stats count BY host. Then you could elaborate these results e.g. using nslookup to have the hostnames ...
See more...
Hi @zksvc , you could extract from splunk the list of hostnames with a simple search index=* | stats count BY host. Then you could elaborate these results e.g. using nslookup to have the hostnames when you have the IPs and viceversa, at the same time, when you have an FQDN, you could extract the hostname using a regex, but it depends on your data. In this way, you couls have a list of hosts whose logs are monitored by Splunk and you can match them with the Sophos list using e.g. Excel. Otherwise, if you planned to ingest Sophos logs in Splunk, you can do this match in Splunk. Ciao. Giuseppe
I have not set up the ingest from Sophos to Splunk yet. I am currently looking to create a custom correlation search. However, if you know how to verify the data, please let me know. The query I've ...
See more...
I have not set up the ingest from Sophos to Splunk yet. I am currently looking to create a custom correlation search. However, if you know how to verify the data, please let me know. The query I've crafted clearly identifies all the necessary details such as hostname, IP, and username. The issue of uppercase/lowercase is not a problem, as it only requires output without the need to compare data. I've been quite troubled trying to sort this out, which has led me to this point.
Hi @Rim-unix , what do you mean with DR Indexers? at first, I suppose that you have an Indexer Cluster, is it correct? Anyway, you should design a multisite Indexer Cluster where the secondary sit...
See more...
Hi @Rim-unix , what do you mean with DR Indexers? at first, I suppose that you have an Indexer Cluster, is it correct? Anyway, you should design a multisite Indexer Cluster where the secondary site is on AWS. To do this I hint to engage a Splunk PS or a certified Splunk Architect. Ciao. Giuseppe
Dear Cisco, today, I'm not able to see the list of the snapshots in many SaaS Controllers (at least 10 Controllers to which I have access). It seems that the snapshots were saved until yesterday 11:...
See more...
Dear Cisco, today, I'm not able to see the list of the snapshots in many SaaS Controllers (at least 10 Controllers to which I have access). It seems that the snapshots were saved until yesterday 11:00 PM CET. I opened a ticket with severity S2 3 hours ago, but I didn't receive any information. The status page doesn't report any issues. Could you post some updates about this? Thanks Alberto
Hi Team, we are planning to build DR Splunk indexer on AWS Cloud. could you give the detailed instructions for creating the DR Splunk indexer. Thanks & Regards Ramamohan
Hi @zksvc , you're asking of data quality: how data are ingested in Splunk? is this input the same of Sophos? then, you shuld analyze if there's some difference caused by the hostname extraction: ...
See more...
Hi @zksvc , you're asking of data quality: how data are ingested in Splunk? is this input the same of Sophos? then, you shuld analyze if there's some difference caused by the hostname extraction: Ip instead hostname, FQDN or hostname, uppercase or lowercase? You should perform an analysis on the hostnames and Splunk gives you all the tools to search and analyze them. Ciao. Giuseppe
Dear Everyone, I would like to create a custom correlation search to identify hostnames that have not been updated in one month or 30 days or longer. However, upon finalizing my query, I encountered...
See more...
Dear Everyone, I would like to create a custom correlation search to identify hostnames that have not been updated in one month or 30 days or longer. However, upon finalizing my query, I encountered a discrepancy in the data. For instance, I found that the hostname "ABC" has not been updated for 41 days; however, when I checked in Sophos Central via the website, it indicated "No Devices Found." I am inquiring about how Splunk is able to read this data while Sophos Central reports that the device is not found. Thank you for your assistance.
Splunk status all is good but in splunk logs is like this one idk why mongodb services do not running, i check. Also, when i want check telnet in port 8191 its refused
i just tried doing it in a dashboad and insert the different searches in a dropdown values and used the token after a search and it worked. thank you very much.