Hi,
did anyone also figure out that the 4672 Windows Event is not completly extracted by splunk?
4672 is a importent Event because it shows the previlegs of a logon account. It´s raw looks like...
Hi. Can you help me, please, to optimize the regular expression. The problem is, when I search in longer time, I receive the error message: Error in 'rex' command: regex= has exceeded configured m...
Hope you are doing great.
Again facing a challenging and seeking some help.
Prob statement
We have 200 windows server out of which 3 devices and not reporting suddenly.
I tried t...
I have installed Splunk multiple times on my machine and I am trying to figure out what ports I have configured. Is there a way to see what ports Splunk is running on?
Though "| eval myfield=entropy(somefield)" would be awesome, it doesn't exist (yet?). Is there a known method for this now or am I stuck using an "associate" hack to get entropy values for fields?
...
I'm trying to evaluate the normal distribuiton's PDF into my search as follows:
... | eval prob=(1/sqrt(2*pi()*sigma^2))*exp(-((x-mi)^2)/(2*sigma^2))
And I'm getting this error message:
E...
Why I am getting "ERROR BTreeCP - checkpoint failed: removal of dir /opt/splunkforwarder/var/lib/splunk/fishbucket/splunk_private_db/snapshot.old failed: Directory not empty" error message in splunkd...
Hello guys,
A few days ago the default dashboard of OSSEC in splunk worked fine, but I had to clean up some space so I deleted some data logs and now when I open the default dashboard it says: No ...
This is more an FYI as to how we did it than an actual question. Took us a while to find all the info we needed to be able to split up the warm/hot and cold buckets to their own drives on an existing...
Hi Base,
I just want to create a table from logon events on several servers grouped by computer. So the normal approach is: … | stats list(User) by Computer. Ok, this gives me a list with all the ...