So I have followed the most basic steps to setup the Stream TA within our test environment which is a single deployment instance. Setup the TA and ran the permissions file which seemed to work fine w...
The run a script alert action is officially deprecated. Create a custom alert action to package a custom script instead. Learn more
https://docs.splunk.com/Documentation/Splunk/8.0.2/AdvancedDev/C...
Hi,
I am trying to use the Sophos Central API. It uses a Python script to download the data into a file. I have successfully run this on my Mac, but I am not sure where to start in Splunk. I thoug...
I've used Splunk Stream app to get DNS logs from a Windows DNS server. I got the logs to a Search Head instance that has the Enterprise Security app. However, I can't seem to the data, which is i...
Hi My servers (clients) are running splunk stream. I believe within the deployment server will contain the configurations that is telling the client what to stream (dns, dhcp, http, etc).&n...
...wice, so I need a debugging setup.
I ran a packet capture to get about three minutes worth of the stream (500 or so megabytes) and stripped out the xml data into a raw text file. I am going t...
...opy of all their stuff to the DR indexer? I thought the master node just kind of juggles the incoming streams from the forwarders and balances the data across all the indexers. Also;
- should t...
I have just setup a Kinesis Firehose stream to push data into Splunk. While doing this I have setup a backsplash bucket to store any events that fail. I am running into the issue of things not b...
Sounds easy, eh? I've been using Splunk since v3 -- and I've setup forwarding for servers dozens of times, and migrated countless indexes, but this one is kicking my butt.
I have a stand-alone S...
...config is supposed to be setup on a universal forwarder and how the indexer is configured for each streamfwd source?
Splunk is version 6.4.2 with app for stream 6.5.1
The forwarder I'm t...