Hope you are doing great.
Again facing a challenging and seeking some help.
Prob statement
We have 200 windowsserver out of which 3 devices and not reporting suddenly.
I tried t...
...howing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. T...
I initially tested the Splunk Server on a Windows 7 machine and installed the Universal Forwarder on another WIndows 7 machine.
This worked with no issues other than having to run sfc /scannow to get...
...sl_subject!="CN=sa*" | dedup ssl_subject | convert timeformat="%Y/%m/%d" ctime(ssl_end_time) | sort +ssl_end_time | table ssl_start_time ssl_end_time ssl_subject The log I am getting the data from: {t...
Hello all, I need your help in analyzing my collected log data. I have all of our Windowsservers connected in Splunk using the Universal Forwarder. This includes the domain controllers as well. O...
HI,
I think this is a rather silly question, but I haven't been working with Splunk for too long and just can't figure it out.
We just cloned a Windows box (server1) that has a Splunk f...
I am looking for a Splunk query that will pull the enabled and disabled ciphers from windowsservers in my environment. Ranging from OS 2012R2 - 2019. As a bonus if someone has one for O...
I am trying to use a Universal Forwarder to get a load of windows event logs that I need to analyse into Splunk. The event logs are from about 7 different systems and are all located on my local l...
My company does not have a WindowsServer with Splunk Enterprise so I cannot use the Splunk Add-on for SCOM to ingest the data. I would like to use the database instead but I dont know w...