Looks like Splunk could be very useful in performing an inventory of systems. I have a report that runs with these parameters:
Src_IP="10.3.30.*" | stats dc(Src_IP) as Src_IP by Security_ID S...
index=system* sourcetype=inventory order=829
I am trying to extract the 3 digit field number in this search with rex to search all entries with only the three digit code. I tried:
index=system...
Hi there, Looking into /opt/splunk/etc/system/local/authorize.conf I saw alot of configurations as below. Would like to understand how this came about, and is it of any concern? t...
...indows servers).
Also a handful of Unix boxes with the Splunk_TA_Unix, maybe 2 that have Universal forwarders, but the rest of the unix systems report to a central syslog server.
Only seem to be g...
Hi,
Just wanna ask if splunk has the ability to backup audit trailes to a centralized log server or media as indicated in pci dss 10.5.3?? Please someone reponse to my query. Thanks!
I have an index that snapshots an inventorysystem every day. The inventory is a list of all active circuits. There is a timestamp and date of when the snapshot was taken, plus other d...
We are making some changes to our system which requires a field name in the raw event to be changed. We'd like to know the impact to all our users' searches and dashboards that make reference to t...
I successfully installed splunk using the ansible-role-for-splunk one a single machine. It worked as expected. I am trying now to deploy a distributed splunk system (7 VMs in total). I p...
...ndex=preos host=*
| stats values(Boot_Time) as Last_Boot_Time values(SN) as SN VALUES(PN) AS PN VALUES(VBIS) AS NV_VBIS VALUES(NV) AS NV values(PCI) as PCI BY id host
| fillnull value=clear
| search S...
...pecific event folders, such as Microsoft-Windows-ApplicationExperience/Program-Inventory . Is there an easy way to access these? I am already getting the Security, System, and Application ones through i...