I'm using Splunk Enterprise 9.x with Universal Forwarders 9.x on Windows 2019. All my forwarders are connected to a deployment server. I notice the following for example: I update a d...
Hello community, I have come across the issue when I got identical token generated for SOAR user "REST" that I am using for SIEM-SOAR integration and the same was in theSplunkappfor SOAR. When I...
...ccess_log] sourcetype=access_combined index = apache [monitor:///var/log/httpd/error_log] sourcetype=apache:error index = apache When I search for this Linux server on Splunk. there are way many s...
Currently I'm building Splunkapps that I'm using specifically as configuration bundles to push out via the deployment server based on the role of the server (indexer, search head, universal for...
...heckforupgrade: Connection closed by peer
If I ran a curl from the server I got connection established:
So it's not a firewall issue.
Do I have to configure something at thesplunk side?
Splunk E...
For example, does Splunk ignore server.conf, distsearch.conf, or any other conf files if they're located in an apps directory?
Also, are there any other cases where a particular conf file's l...
...nto Splunk Enterprise Security App structure, should we configure fastlog or json for better(default) recognition?
How does it fits, is there specific Correlations and Visualizations for this type?
...niversal Forwarder, the new hosts and source types are not showing up in my Splunk Search.
I have created a new index and configured that index as well on Splunkapp.
I can see the new indexer is g...
I installed theSplunkAppfor SOAR Export app on Splunk, and I can see two alert options in manage alerts, namely 'Run Playbook in SOAR' and 'Send to SOAR'. However, when I go to add an alert a...
...y Web portal. There are no forwarding or receiving configured. There's a second server that all logs are being sent to. The second server I'm told is just a syslog server and storage (data in raw for...