Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About jrprez1804
jrprez1804
Path Finder
Member since:
12-17-2014
10-20-2023
Community Statistics
| Posts | 20 |
| Solutions | 0 |
| Karma Given | 34 |
| Karma Received | 1 |
| Member Since | 12-17-2014 |
Activity Feed
- Posted Re: Exchange Litigation Hold logs on Monitoring Splunk. 10-20-2023 10:02 AM
- Got Karma for How to leverage multiple lookup tables in a search. 06-05-2020 12:51 AM
- Karma Re: HttpPubSubConnection - Unable to parse message from PubSubSvr for rjteh_splunk. 06-05-2020 12:50 AM
- Karma Re: KV Store failing at SHC for kunalmao. 06-05-2020 12:48 AM
- Karma Re: Create alert from stats value for richgalloway. 06-05-2020 12:48 AM
- Karma Re: how can a saved search owner be changed for richgalloway. 06-05-2020 12:48 AM
- Karma how can a saved search owner be changed for vikram_m. 06-05-2020 12:48 AM
- Karma Re: How to disable Splunk Web on a universal forwarder? for aosso. 06-05-2020 12:48 AM
- Karma Re: ERROR BucketMover - aborting move because could not remove existing for lycollicott. 06-05-2020 12:48 AM
- Karma Re: Splunk Enterprise Security: Is it possible to implement multi-tenancy in a distributed search environment? for sdaniels. 06-05-2020 12:48 AM
- Karma Splunk Enterprise Security: Is it possible to implement multi-tenancy in a distributed search environment? for jrballesteros05. 06-05-2020 12:48 AM
- Karma Re: How do I find an orphaned search in Splunk 6.4.1? for yahuja_splunk. 06-05-2020 12:48 AM
- Karma Re: Why is my search head cluster not working after updating to Splunk 6.5.0? for splunk24. 06-05-2020 12:48 AM
- Karma Re: How to troubleshoot error "Search process did not exit cleanly, exit_code=-1, description="exited with code -1"."? for btran. 06-05-2020 12:48 AM
- Karma Alert Manager: How do I get the "tags" field populated? for daniel333. 06-05-2020 12:48 AM
- Karma Re: How do I force a universal forwarder to reindex all its inputs? for MuS. 06-05-2020 12:48 AM
- Karma Re: Deploying onto Search Head pool sometimes causes errors for vgunti. 06-05-2020 12:47 AM
- Karma Re: Why is rename not working with stats or chart? for richgalloway. 06-05-2020 12:47 AM
- Karma Re: How to set up an alert email to trigger if a heavy forwarder goes down in our environment? for cpetterborg. 06-05-2020 12:47 AM
- Karma Re: Getting Mcafee HIPS Firewall Logs to Splunk for daniel_goolsby_. 06-05-2020 12:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-31-2020
03:11 AM
this is perfect also I added the lookup to the kv store so now it is
| inputlookup notableIP | join ip [| inputlookup CriticalAsset]
We are using Splunk ver 7.2
... View more
01-29-2020
08:48 AM
1 Karma
I have two lookup tables:
notablesIp.csv and criticalAsset.csv
notableIP.csv
ip attack
1.1.1.1 Ransomware
1.1.1.2 Malware
CriticalAsset.csv
1.1.1.2
1.1.1.3
Desired results
1.1.1.2 Malware
How would I write a search that would tell me a notable happened on a critical asset?
They share a common field called IP.
... View more
01-17-2020
04:47 PM
index=notable |rename src as ip | stats count by ip
| JOIN type=inner ip [search index="abcd" "tags.Dev:"cluster1 OR index="abcd" "tags.Dev:"=cluster2
| stats count by ip]
if ip is in notable index and cluster1 return ip AND if ip in notable index and cluster2 return ip
... View more
- Tags:
- ip
- splunk-enterprise
02-28-2019
07:53 AM
We updated Stream to 7.1.2 to a new searchhead using a deployment server. The _internal logs don't have any error from splunk_app_stream. Most of the other pages in the Splunk-app-stream UI seam to load. We tried different browsers and get the same issues.
... View more
01-14-2019
07:42 PM
It was network changes IP address were swapped.
... View more
01-11-2019
05:46 AM
ERROR DistributedPeerManagerHeartbeat - Status 502 while sending public key to cluster search peer http://X.X.X.X:8089:
host=servers_in_my_shcluster
source=/opt/splunk/var/log/splunk/splunkd.log
This is a searchhead cluster for ITSI
... View more
08-20-2018
07:42 AM
This is the error message I saw this morning. When I log into my cluster Master I can see both indexers.
CLUSTER_ADD_PEER_FAILED_guid XXX-XXX-XXX server name=SplkIndx1 ip=x.x.x.x:8089_bucket already added as clustered, peer attempted to add again as standalone. Guid=XXX-XXX-XXX bid=linuxSecure ~123~456ABC
... View more
05-16-2018
01:53 PM
This customer only has FireFox & Edge approved to be installed.
... View more
05-16-2018
01:26 PM
It say certificate error "Connection is Not Secure". I can still get to splunkweb just find I'm just not sure why it claims my connection is not secure.
... View more
05-16-2018
12:41 PM
Use openssl to convert pxf file and installed both .key and .pem file in $SPLUNK_HOME/etc/auth/certs/ still browser reports unsecure website. Added serverCert and privKeyPath to web.conf than Restarted Splunkweb
Server: Windows 2012R2
SplunkVer: 6.6
... View more
01-04-2018
08:33 PM
AlertManager works fine in dev but when migrating to a multi-tenant environment alerts will not trigger with a very similar dataset. We are certain some of the other tenants are using alert manager because the Alert-Manager TA was all ready installed on all the indexers.
... View more
- Tags:
- Alert Manager
12-11-2017
08:02 AM
I created a csv file critical.csv with a list of critical assets, and uploaded the lookup table into Splunk. How would I create a query to check to see if these assets have been sending logs to splunk for the past X amount of time. The field name in the lookup is hostname. All of the host are using Splunk universal forwarders.
... View more
11-22-2017
03:43 PM
Use Monitoring Console builtin since Splunk 6.5. It is a great feature.
https://docs.splunk.com/Documentation/Splunk/7.0.0/DMC/DMCoverview
... View more
07-23-2017
11:13 AM
We have a script that pulls the disk info than the Universalforwarder reads the data and send to Splunk. With the query below I can generate a table with a clean output but now I need an alert on diskusage in above 80% utilization. In the example I would like DB1 C drive current condition to fire an triggered Splunk alert.
index=popeye host=DB1 OR DB2 sourcetype="DiskInfo*"
| rex "C: \s+\d+\.\d\s+(?<Percent_C_FS>\S+)"
| rex "D: \s+\d+\.\d\s+(?<Percent_D_FS>\S+)"
dudup host | stats count by host Percent_C_FS Percent_D_FS
host Percent_C_FS Percent_D_FS
DB1 15 75
DB2 55 65
... View more
07-06-2017
02:55 PM
date_hour>=17 OR date_hour<=8 | stats count by user
... View more
05-25-2017
08:25 AM
You can use tools like PDQ deploy for a windows environment to help automate this kind of task.
... View more
02-24-2015
09:32 AM
Hi,
Will this script let us see which version of SNMP is running?
... View more
02-02-2015
08:09 PM
You have to change the default.xml file in the app itself. $SPLUNK_HOME/etc/apps/Name_Of_App/local/data/ui/nav.
... View more
