First important question - why do you even want to use TLS on this communication channel? If you have some externally enforced compliance rules you have to adhere to, that's another story but be awar...
See more...
First important question - why do you even want to use TLS on this communication channel? If you have some externally enforced compliance rules you have to adhere to, that's another story but be aware that sending data from Checkpoint (I assume we're talking about LogExporter) over plain TCP can lead to performance problems. Not even using TLS over that connection. Are you sure you can handle that?
As I said before - these are your searches, your data and your environment. You have to check what searches you have, which ones of them are executed with what frequency and how long they take to run...
See more...
As I said before - these are your searches, your data and your environment. You have to check what searches you have, which ones of them are executed with what frequency and how long they take to run. It's not something that can be automated. It's a tedious manual work to dig into those searches and decide whether they are needed, whether they need to run that often or on such long time range. It can easily happen if you don't manage your environment strictly enough, don't have a well-defined process for configuring your searches and if your users have too "loose" permissions and can create schedules searches on a whim (especially if they can't write them effectively).
Hi @uagraw01 , good for you, remember to unflag the Case sensitive match. let me know if I can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunk...
See more...
Hi @uagraw01 , good for you, remember to unflag the Case sensitive match. let me know if I can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
Hello, could you tell me how to properly have dedicated server certificate for specific tcp-ssl in inputs.conf (Checkpoint) and have another dedicated server certificate for the hf in server.conf, b...
See more...
Hello, could you tell me how to properly have dedicated server certificate for specific tcp-ssl in inputs.conf (Checkpoint) and have another dedicated server certificate for the hf in server.conf, both using different sslpassword setting? Both are from same secondary rootCA. Or should we keep single dedicated server certificate on heavyforwarder and only put dedicated Checkpoint certificate on appliance? Thanks.
@ecnausysadm , it looks like you're trying to process EDIs. We now have solutions accelerator for EDIs. Would like to share what we have if you are interested.
@timothywatson @hogan24 , it looks like you both are trying to implement a solution with EDIs. We now have a solutions accelerator for EDI documents. Let me know if any of you is interested in shar...
See more...
@timothywatson @hogan24 , it looks like you both are trying to implement a solution with EDIs. We now have a solutions accelerator for EDI documents. Let me know if any of you is interested in sharing some information, I can set up a call to introduce.
@gajananh999 , it looks like your processing EDI data. We do have a new solution accelerator for EDI transactions. Love to share some content we have. Let me know if you're interested.
@tlunruh , it looks like your processing EDI data. We now have solution accelerator for EDI transactions, I would love to share what we have. Let me know if you're interested.
@dmrhodes101 , it looks like you are trying to process EDI, we do have a solution accelerator for processing EDIs, love to share some of the content we have. Let me know if you're interested.
@_gkollias It looks like you are trying to process EDI data. We do have a solutions accelerator for EDI, we can share. Are you interesting in learning about it? Love to set-up some time to share w...
See more...
@_gkollias It looks like you are trying to process EDI data. We do have a solutions accelerator for EDI, we can share. Are you interesting in learning about it? Love to set-up some time to share what we have.
@gcusello As per the below screenshot, I need to specify in the match_type for both the fields ? FYI @gcusello I have added below entries and it starts working as expected. WILDCARD(so...
See more...
@gcusello As per the below screenshot, I need to specify in the match_type for both the fields ? FYI @gcusello I have added below entries and it starts working as expected. WILDCARD(source), WILDCARD(position), WILDCARD(destination)
Hello Splunkers!! We have events that contains source and destination fields with complete values, and we want to match these fields against event data where the corresponding fields (source and des...
See more...
Hello Splunkers!! We have events that contains source and destination fields with complete values, and we want to match these fields against event data where the corresponding fields (source and destination) may include wildcard values in the lookup. The goal is to accurately match the event data with the appropriate lookup values, ensuring that wildcard patterns in the lookup are properly evaluated during the matching process. Values to be match with below lookup. What I have tried so far to match events field values with the lookup field values. But no luck found. Please give me some suggestion to execute this correctly. | lookup movement_type_ah mark_code as mark_code destination as destination source as source OUTPUTNEW movement_type
Did your lookup grow in size during this time? I had this problem with a large lookup a while ago. Check out Why does lookup return null when there are multiple matches.
I have set up email authentication and SMTP using Amazon SES. The test email was successful. I configured the mail server by entering the SMTP ID and password. I created a simple alert, configured ...
See more...
I have set up email authentication and SMTP using Amazon SES. The test email was successful. I configured the mail server by entering the SMTP ID and password. I created a simple alert, configured it to trigger in real-time, and set it to send an email. However, the alert is not being generated, and the alert email is not being sent. Is there a way to configure Amazon SES SMTP with Splunk Enterprise's mail server and alert settings to ensure the emails are sent? Thank you!