...fsense add more sourcetypes effectively. The app's author has a really neat transforms that looks into the syslog event and assign a sourcetype so that the appropriate props.conf stanza is then u...
hi
i have one problem,my splunk instance shows this messege in monitoring console -- > health check
Saturation of event-processing queues ------
One or more of the indexer queues on this i...
Hi Team, Can you suggest what should be search query of an alert that would trigger an alert only if a particular event say 'a' occurs twice. But for rest of the events it triggers and a...
Hi, we are using 6.4.0.
We have an existing LDAP strategy in place for while. When I went into the LDAP strategy and I hit the button SAVE (without changing anything). What I get back is this erro...
I am trying to extract a single section from within some JSON. (The original event is wrapped in even more json). I have built a regex and tested it, and everything seems to work. index=* s...
[monitor:///var/log/suricata/eve.json]
disabled=true
sourcetype= suricata
index = suricata
Currently not seeing any eve.json data coming from the suricata box to the splunk server? We do g...
Is it possible to share a sourcetype'd data between two apps? I have pfsense sending both firewall logs and Suricata eve json logs to the same UDP data input. The TA-pfsense app is s...
Hi Everyone,
We have Suricata NIDS onboard and plans to integrate with Splunk and in particular with Splunk Enterprise Security.
What are the best practices of implementing Suricata Alerts i...
Guys, I need support, I need to upload these files and process this data, but I need them to be indexed by the _time field, I was unable to use the standard type of pre-defined data. Can you help ...