...ver 300 suppressions. I can view suppressions under Settings --> Eventtypesin the Web UI, see them in SA-ThreatIntelligence/local/eventtypes.conf, and can see that they're being applied where a...
We have a lot of indicators in our Splunk Incident Review queue, and I am having a challenging time with Splunk Enterprise Security Suppression, and it's driving me nuts. It's been about a year and I...
...I believe I have found a bug in Splunk ineventtypes you can create via the GUI
Steps to reproduce:
- Go to Settings > Eventtypes
- Create a New eventtype
- Give it a name with a s...
I wanted to use the metadata command to monitor the last time an IDS sensor fed in our index. Because we are using firesight and therefor estreamer everything feeds in a single host and the source i...
I'm seeing the error below under messages in my Splunk enterprise console:
Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...
...o save source B search with -30d@d in the lookup to make the subsearch quicker. But this search is still about 250-300MB which exceeds the limit which is 200MB. It takes Splunk running forever.
T...
Hi everyone!
From the beginning of daylight savings, every eventindexed by 1 hour, got a wrong timestamp, something like "0:00:00 1-1-1970".
It's the second time that I got this problem but I...
...e=vmstat memory report resource success vmstat Options| eventtype=who
The only changes I've made to the server from out of box was configuring distributed search and enabling the unix &a...