cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Laszlo_K
Explorer
Member since: ‎06-15-2018
‎04-25-2022
Community Statistics
Posts 9
Solutions 0
Karma Given 1
Karma Received 2
Member Since ‎06-15-2018
Activity Feed
View All

Why can I not access my Certifications page?

by in Training + Certification
‎04-04-2022 12:33 AM
‎04-04-2022 12:33 AM
Tried to follow  splunk.com/pdfs/training/How-to-View-Your-Splunk-Certifications.pdf but cannot access the Support Portal, hence cannot see the My Certifications page. Any help is appreciated. Thank you. Laszlo ... View more
Labels

Re: Splunk ES - Threat Intelligence TAXII feed not...

by in Splunk Enterprise Security
‎11-04-2021 08:53 PM
‎11-04-2021 08:53 PM
Not intending to drag up an old topic, but I'm interested in knowing what "taxii2client" is referencing? It's my understanding that the latest versions of Splunk ES do not natively support TAXII v2. Is this in reference to a custom install of taxii2client from OASIS Open onto a Splunk ES instance, and somehow configuring it to work with feed ingestion to the Intelligence framework/collections? I've recently been trying to identify the best supported solution for STIX 2.1 feeds, which require TAXII 2 communications, into Splunk ES, so I'm curious about the points made in this discussion and what options have been working. ... View more

Re: Why is my dashboard giving error for only one ...

by Splunk Employee in Splunk Search
‎09-23-2021 03:08 AM
‎09-23-2021 03:08 AM
This might help  https://docs.splunk.com/Documentation/Splunk/8.1.2/ReleaseNotes/Fixedissues   ... View more

Re: Why does modifying notable severity in Splunk ...

by in Splunk Enterprise Security
‎09-02-2020 07:14 AM
‎09-02-2020 07:14 AM
Another solution may be to add this (or a macro) at the end of the rule to get the severity from the lookup based on the search name: | lookup correlationsearches_lookup rule_name as $search_name$ OUTPUTNEW severity   ... View more

Splunk Security Essentials not showing ESCU conten...

by in Splunk Enterprise Security
‎09-02-2020 05:52 AM
‎09-02-2020 05:52 AM
Enabled 3 ESCU rules in ES and mapped them in SSE using Content Introspection on the Manage Bookmarks page. After a Refresh Page all 3 rules showed up as "Successfully Implemented" in the main list of the Manage Bookmarks page. But not in the top statistics (the big numbers at the top of the page). Then changed the bookmark status to "Needs Tuning" for all 3 rules. The top statistics were not updated. After the next Refresh Page the status of the 3 rules changed back to "Successfully Implemented". Not sure if I missed some steps, did them in the wrong order or this is a bug. Any suggestion? Thank you. ... View more
Labels

Re: Issue with monitoring one specific log file

by in Getting Data In
‎04-04-2019 01:40 AM
‎04-04-2019 01:40 AM
@lakshman239 : Thanks for help. its got resovled. ... View more

Re: Error with macros in the search of the ES Cont...

by in All Apps and Add-ons
‎04-04-2019 06:57 AM
‎04-04-2019 06:57 AM
That would be for example : | convert timeformat="%m/%d/%Y %H:%M:%S" ctime(firstTime) | convert timeformat="%m/%d/%Y %H:%M:%S" ctime(lastTime) I'm curious if the | " ransomware_extension " macro will be found and executed... ... View more

[Sideview] Pulldown chain with interactive dynamic...

by in Dashboards & Visualizations
‎11-21-2018 08:05 AM
‎11-21-2018 08:05 AM
I tried to build a multiple filter and each selected value should filter the other 3 filter's value lists, no matter in which order the filters are used. This worked with a simple XML dashboard and a bunch of post-processing searches. Being a beginner with Sideview, I used a pulldown chain and it works only downstream, as expected 🙂 What should I change to have the desired functionality? Thank you. The pulldown chain: <param name="name">field1</param> <param name="label">Select field1</param> <param name="template">field1="$value$"</param> <param name="float">left</param> <param name="postProcess">|search $field2$ $field3$ $field4$ | dedup $name$ | sort $name$</param> <param name="valueField">$name$</param> <module name="Pulldown"> <param name="name">field2</param> <param name="label">Select field2</param> <param name="template">field2="$value$"</param> <param name="float">left</param> <param name="postProcess">|search $field1$ $field3$ $field4$ | dedup $name$ | sort $name$</param> <param name="valueField">$name$</param> <module name="Pulldown"> <param name="name">field3</param> <param name="label">Select field3</param> <param name="template">field3="$value$"</param> <param name="float">left</param> <param name="postProcess">| search $field1$ $field2$ $field4$ | dedup $name$ | sort $name$</param> <param name="valueField">$name$</param> <module name="Pulldown"> <param name="name">field4</param> <param name="label">Select field4</param> <param name="template">field4="$value$"</param> <param name="float">left</param> <param name="postProcess">| search $field1$ $field2$ $field4$ | dedup $name$ | sort $name$</param> <param name="valueField">$name$</param> <module name="Search" layoutPanel="panel_row1_col1" autoRun="False"> <param name="search"><![CDATA[ $search$ | search $field1$ $field2$ $field3$ $field4$ ]]></param> <module name="Pager"> <module name="Table"> ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-25-2022 07:49 AM
Karma from
View All
Karma given to
View All