×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
emixam3
Explorer
Member since: ‎08-12-2015
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 6
Karma Received 1
Member Since ‎08-12-2015
Activity Feed
View All

How to modify default fields in Trend Micro Deep S...

by in All Apps and Add-ons
‎05-23-2017 05:49 AM
‎05-23-2017 05:49 AM
Hi, I'm receiving syslog flow from Trend Micro Deep Security. After installing the app for Splunk, I would like to check how the fields are populate by it. I've got an issue with the field "DPI_Reason", where I can find the Trend Micro rule number. The field in the raw data is, for example, "502", but the field in splunk is "-502". And it only populate the field with default values like 502 or 504, not with custom rules like 1001234. Thanks Max ... View more

Re: How to configure SSL certificate to recognize ...

by in Security
‎06-15-2016 11:24 PM
‎06-15-2016 11:24 PM
OK. Have you got some documentation about subjectAltName deprecation? ... View more

How to configure SSL certificate to recognize mutl...

by in Security
‎06-15-2016 01:04 AM
‎06-15-2016 01:04 AM
Hi, I made certificates from external CA for all my splunk servers, and that works! No problem, splunk documentation is very clear on it. I use OpenSSL. My problem is that my servers have two or more DNS names. For example, server1.domain.com and web.domain.com for the same server. When I made the server certificate just for server1.domain.com, that works. Same thing, of course, with web.domain.com. But when I made the server certificate for both, with server1.domain.com in commonName field and web.domain.com in subjectAltName field, as OpenSSL documentation says, I've got and error in my browser if I navigate to web.domain.com. It says that the certificate is made for server1.domain.com. How can I do for my certificate working for both dns name? I hope I'm quite clear in my explanations, english is not my native language. Thanks for all. ... View more

Re: How to make a world map dashboard using logs f...

by in Dashboards & Visualizations
‎01-21-2016 05:31 AM
1 Karma
‎01-21-2016 05:31 AM
1 Karma
Ok thanks, that works for me. I followed your example for a lookup file, that I put in $SPLUNK_HOME/etc/system/lookups/ I put in transforms.conf file ($SPLUNK_HOME/etc/system/local/): [geoloc] filename = geoloc.csv And finaly use the lookup and the geostats command in research. Thanks again! ... View more

How to make a world map dashboard using logs from ...

by in Dashboards & Visualizations
‎01-20-2016 03:55 AM
‎01-20-2016 03:55 AM
Hi, I want to make a world map dashboard with my logs from a mail server. In the logs, I don't have IP's, but email addresses for sender and receiver. I want to see on a world map, for example, if the receiver address is toto@msn.de, then I should see a dot in Germany. I find many things about IP geolocalization, but, as I say, I don't have IP's in my logs. Any ideas? Thanks Max ... View more

Re: Raspberry Pi Help Needed

by in Installation
‎08-12-2015 03:26 AM
‎08-12-2015 03:26 AM
HI! Anything works for me. I tried the three steps procedure, the guilmxm's steps, but nothing matched. I see a connection between my raspberry and my indexers (with tcpdump on port 9997), but nothing in splunk. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to