Splunk Stream utilities KVStore Services, 500 ERROR says that App is not able to communicate with KVStore. you can try to make fresh install it will solve this ERRORs and Problem you are facing.
Hi PickleRick, If I understand correctly, I either do all the parsing on the UF, or I remove everything from the UF and move the parsing to the indexer (IDX)?
In short, download the codebase from Github as a zip, then you can either install it from the GUI or extract the zip to $SPLUNK_HOME/etc/apps and restart Splunk.
@ta1 There are installation instructions in the README.md file in the Github repo: https://github.com/plusserver/collectd/blob/master/README.md#installation
@ITWhisperer , I have reposted the sample 2 sample logs with transactionID, Please consider the Channel as a field, the log pattern will be same but only the Channel and Transaction ID will get d...
See more...
@ITWhisperer , I have reposted the sample 2 sample logs with transactionID, Please consider the Channel as a field, the log pattern will be same but only the Channel and Transaction ID will get different, So If Apply filter at Channel level its getting reflected the Level 1 Event only, Since there is no Channel event in remaining 3 events. I need to calculate whether the transaction is successfully passed at all level or failed in between.
Hi @fabiyogo1 , you can enable syslog from the IPS devices to be sent directly to splunk or to an intermediate syslog box and use splunk agents to forward it to an Indexer/HF based on how the set up ...
See more...
Hi @fabiyogo1 , you can enable syslog from the IPS devices to be sent directly to splunk or to an intermediate syslog box and use splunk agents to forward it to an Indexer/HF based on how the set up is.
The names of the investigators are populated in the KV Store, user_realnames, Here are steps that needs to be taken for removing the old investigators. Navigate to the app "Splunk App for Looku...
See more...
The names of the investigators are populated in the KV Store, user_realnames, Here are steps that needs to be taken for removing the old investigators. Navigate to the app "Splunk App for Lookup File Editing" for editing the KV Store. On the Lookups page, find the “user_realnames_lookup” file and edit it Delete the users who are not part of the organization currently. To Delete, select any cell in the table and right click you will see options to delete the selected rows if needed. Ensure that the profiles no longer appear in the investigators section after the lookup update.
Adding the solution to this so that it can help others. The names of the investigators are populated in the KV Store, user_realnames, Here are steps that needs to be taken for removing the old in...
See more...
Adding the solution to this so that it can help others. The names of the investigators are populated in the KV Store, user_realnames, Here are steps that needs to be taken for removing the old investigators. Navigate to the app "Splunk App for Lookup File Editing" for editing the KV Store. On the Lookups page, find the “user_realnames_lookup” file and edit it Delete the users who are not part of the organization currently. To Delete, select any cell in the table and right click you will see options to delete the selected rows if needed. Ensure that the profiles no longer appear in the investigators section after the lookup update.
So you can connect with another tool but not with nmap? Something's fishy here. EDIT: You wrote "cannot". So if you can connect to 8089 locally and cannot from the soar machine it's something to be ...
See more...
So you can connect with another tool but not with nmap? Something's fishy here. EDIT: You wrote "cannot". So if you can connect to 8089 locally and cannot from the soar machine it's something to be resolved on networking level.
yes, I can not connect to 8089 port from Soar machine to splunk enterprise machine with using CLI(telnet/netcat/curl/openssl). I scanned 8089 port with using nmap and It says refused the connection....
See more...
yes, I can not connect to 8089 port from Soar machine to splunk enterprise machine with using CLI(telnet/netcat/curl/openssl). I scanned 8089 port with using nmap and It says refused the connection. I think it might be an issue with the Azure platform. The Virtual Machine(CentOS) might be refusing to connect to the external network and this might be related to azure. I will contact Azure support team.
I already converted up to this part | tstats count from datamodel=Cisco_Security.Secure_Malware_Analytics_Dataset where nodename=Secure_Malware_Analytics_Dataset index=* status IN ("*") sourcetype=...
See more...
I already converted up to this part | tstats count from datamodel=Cisco_Security.Secure_Malware_Analytics_Dataset where nodename=Secure_Malware_Analytics_Dataset index=* status IN ("*") sourcetype="cisco:sma:submissions" It works as expected but I stuck to complete now