cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
btanjialih
Explorer
Member since: ‎06-21-2018
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 2
Karma Received 2
Member Since ‎06-21-2018
Activity Feed
View All

Re: Symantec Endpoint 14 via syslog onboarding

by in Getting Data In
‎07-22-2019 01:00 AM
‎07-22-2019 01:00 AM
Hi, You will need to create a custom inputs.conf on the Heavy/Universal Forwarder (if you have one installed on the syslog server) and configure it to monitor your Symantec syslog filepath. For example, if your Symantec syslog is stored in /opt/syslog/symantec/symantec01012019.txt, your inputs.conf should be like this: [monitor:///opt/syslog/symantec/*.txt] ##default to main if not specific index = sourcetype = symantec:ep:syslog You will need to install this add-on on the Heavy Forwarder or Indexer, depending on your architecture, and the add-on will parse the logs to relevant sourcetype based on the regex. The recommended way of collecting SEPM logs should be via dumpfile instead of syslog as this add-on is not officially supported by Splunk or Symantec. Hope this help! Regards, Benjamin Tan,Hi, You will need to create a custom inputs.conf on the Heavy/Universal Forwarder (if you have one installed on the syslog server) and configure it to monitor your Symantec syslog filepath. For example, if your Symantec syslog is stored in /opt/syslog/symantec/symantec01012019.txt, your inputs.conf should be like this: [monitor:///opt/syslog/symantec/*.txt] ##default to main if not specific index = sourcetype = symantec:ep:syslog You will need to install this add-on on the Heavy Forwarder or Indexer, depending on your architecture, and the add-on will parse the logs to relevant sourcetype based on the regex. The recommended way of collecting SEPM logs should be via dumpfile instead of syslog as this add-on is not officially supported by Splunk or Symantec. Hope this help! Regards, Benjamin Tan ... View more

Re: qualys_kb_lookup is suddenly empty

by in All Apps and Add-ons
‎05-05-2019 10:46 PM
‎05-05-2019 10:46 PM
As stated on Splunkbase by the author in the release note: "Error faced while parsing knowledgebase API response when CVSS data is missing in the response." Updating the TA to the latest version should resolve this issue. ... View more

Integration between Azure Data Lake and Splunk

by in Getting Data In
‎01-17-2019 01:43 AM
2 Karma
‎01-17-2019 01:43 AM
2 Karma
Hi all, Am wondering if anyone has tried this integration before? From my research, we can ingest audit and diagnostic logs from both the Azure Data Lake Store and Azure Data Lake Analytics. How about the actual content reside in the Azure Data Lake Store or the results from Data Lake Analytics? Appreciate if anyone has any insights on this! Thanks! Regards, Ben ... View more

Re: modular_actions_invocations macro

by in Splunk Enterprise Security
‎06-21-2018 07:18 PM
‎06-21-2018 07:18 PM
Hi kchamplin, Thanks for the explanation! Is there an official documentation on this from Splunk? It would be great to learn more about this! ... View more

modular_actions_invocations macro

by in Splunk Enterprise Security
‎06-21-2018 01:50 AM
‎06-21-2018 01:50 AM
Hi all, Does anyone have any knowledge or understanding with the macro "modular_actions_invocations(2)"? This is a macro found in the Splunk_SA_CIM and it was found that it will be executed whenever a user change a status of a notable events in the incident review page. It would be nice if there's more information on this macro as it seems to be running in the background for a long time whenever it is trigger in one of our clients environment. Regards, Benjamin ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All