I have a splunk search that returns two columns, SESSION and URI. How can I show the sequence of URIs visited by each SESSION as columns, with a separate row for each SESSION? Thanks!
Appreciate your response @marnall . My questions comes from our recent scenario, where we did a splunk upgrade using Infrastructure as code and we are using smartstore for indexing. We were in the ...
See more...
Appreciate your response @marnall . My questions comes from our recent scenario, where we did a splunk upgrade using Infrastructure as code and we are using smartstore for indexing. We were in the opinion that the data get moved to external storage once it hits the warm bucket but unfortunately, we lost some of the data during the migration. The only reason we could think of is the hot buckets which are stored locally did not get rolled over to warm bucket which could have been available in the external storage and are available for later searches. We have another migration scheduled for this weekend, so I want to be cent percent sure we don't have any data loss.
This is my error string " successful, returned exit code '0'" but apart from this error , other events are also getting returned. Please help in creating the regex for this as i am new to Regex and a...
See more...
This is my error string " successful, returned exit code '0'" but apart from this error , other events are also getting returned. Please help in creating the regex for this as i am new to Regex and also how can we create or take help from where to create regex?
Hi @gcusello i noticed that Splunk does not support the Add-on for WorkspaceOne.and has no documentation. is there any supported app to parse the Vmware workspace one-MDM
Thanks @marnall , I will talk to CB team for the clarity. Thanks for informing about different product types of Carbon Black. I was requiring a live query action on CB cloud app but did not find it. ...
See more...
Thanks @marnall , I will talk to CB team for the clarity. Thanks for informing about different product types of Carbon Black. I was requiring a live query action on CB cloud app but did not find it. So was thinking if I may use any other CB app. I found the action in splunk-soar-connectors/carbonblackresponse but did not test yet whether it will work for CB cloud. Else I need to directly call the CB cloud APIs to to execute the query. I have submitted an issue for the CB cloud app to include this as an action Carbon Black live query to search devices is absent within Carbon Black cloud SOAR app · Issue #16 · splunk-soar-connectors/carbonblackcloud.
Hi @shoaibalimir , storage dimensioning is a job for an architect! Aniway, it depends on if you have a cluster or not, if not you can calculate the storega in this way: storage = (average_license_...
See more...
Hi @shoaibalimir , storage dimensioning is a job for an architect! Aniway, it depends on if you have a cluster or not, if not you can calculate the storega in this way: storage = (average_license_consuption_by_day / 2 )* retention if you have a cluster you must add the Replication Factor anf the Search Factor. Ciao. Giuseppe
Hi @santhipriya , the message is saying the there's a missed loookup (probaly automatic) in your search head cluster. you have to understand in which app it's located and then create or disable it....
See more...
Hi @santhipriya , the message is saying the there's a missed loookup (probaly automatic) in your search head cluster. you have to understand in which app it's located and then create or disable it. Ciao. Giuseppe
Hi, I have an use case in which I need to assess the storage difference of the index. Like for example, I have an index which has around 100.15 GB of data in it with Searchable Retention Days as 10...
See more...
Hi, I have an use case in which I need to assess the storage difference of the index. Like for example, I have an index which has around 100.15 GB of data in it with Searchable Retention Days as 1095 Days. Now, if I reduce the Searchable Retention Days to let's say 365 Days, then what would be the approximate storage utilization on the Index. I need to output these results onto a tabular form on a dashboard for the same. Please assist me on this. Thank you in advance.
Hello, I am reaching out to inquire whether Splunk SOAR currently supports Red Hat Enterprise Linux 9 (RHEL9). We are considering an upgrade to our infrastructure and want to ensure compatibility wi...
See more...
Hello, I am reaching out to inquire whether Splunk SOAR currently supports Red Hat Enterprise Linux 9 (RHEL9). We are considering an upgrade to our infrastructure and want to ensure compatibility with Splunk SOAR. Thank you!