Dear community,
After i forwarded the syslog from Cisco ASA into SPLUNK i noticed that the logs are duplicated and this is consuming our license. Any help please ? Thank You
I'm using Splunk Enterprise 9.x with Universal Forwarders 9.x on Windows 2019. All my forwarders are connected to a deployment server. I notice the following for example: I update a d...
...eason i did index=* was to show that ALL indexes are like this and no matter what I search this happens. What I'm the most confused about is why is the bottom portion (where the search results are) g...
I was trying to build an add-on using splunk add-on builder. We need to use api key to authenticate into a third party service. The question is how does splunk add-on builder store password? I c...
...servers or not. Could you please help me with the below: 1) How to check if ssl communication is enabled between splunk servers 2) how to check if the existing certificates are default o...
Hello,
When I enable sslVerifyServerCert in server.conf under [sslConfig], I am seeing the following errors. From where does it understands that there is an IP address mismatch...
Hello, Splunk community! I have created a correlation search with the following search string:
index="kali2_over_syslog" ((PWD=/etc AND cmd=*shadow) OR (PWD=* cmd=*/etc/s...
Hello community, I have come across the issue when I got identical token generated for SOAR user "REST" that I am using for SIEM-SOAR integration and the same was in the Splunk app for SOAR. When I...
So I have an application that runs as a docker container in AWS ECS Fargate, and in log configurations for the container , I have used splunk log driver , here I have used --log-opt env to let say s...