×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
emixam3
Explorer
Member since: ‎08-12-2015
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 6
Karma Received 1
Member Since ‎08-12-2015
Activity Feed
View All

How to modify default fields in Trend Micro Deep S...

by in All Apps and Add-ons
‎05-23-2017 05:49 AM
‎05-23-2017 05:49 AM
Hi, I'm receiving syslog flow from Trend Micro Deep Security. After installing the app for Splunk, I would like to check how the fields are populate by it. I've got an issue with the field "DPI_Reason", where I can find the Trend Micro rule number. The field in the raw data is, for example, "502", but the field in splunk is "-502". And it only populate the field with default values like 502 or 504, not with custom rules like 1001234. Thanks Max ... View more

Re: How to configure SSL certificate to recognize ...

by in Security
‎06-15-2016 11:24 PM
‎06-15-2016 11:24 PM
OK. Have you got some documentation about subjectAltName deprecation? ... View more

How to configure SSL certificate to recognize mutl...

by in Security
‎06-15-2016 01:04 AM
‎06-15-2016 01:04 AM
Hi, I made certificates from external CA for all my splunk servers, and that works! No problem, splunk documentation is very clear on it. I use OpenSSL. My problem is that my servers have two or more DNS names. For example, server1.domain.com and web.domain.com for the same server. When I made the server certificate just for server1.domain.com, that works. Same thing, of course, with web.domain.com. But when I made the server certificate for both, with server1.domain.com in commonName field and web.domain.com in subjectAltName field, as OpenSSL documentation says, I've got and error in my browser if I navigate to web.domain.com. It says that the certificate is made for server1.domain.com. How can I do for my certificate working for both dns name? I hope I'm quite clear in my explanations, english is not my native language. Thanks for all. ... View more

Re: How to make a world map dashboard using logs f...

by in Dashboards & Visualizations
‎01-21-2016 05:31 AM
1 Karma
‎01-21-2016 05:31 AM
1 Karma
Ok thanks, that works for me. I followed your example for a lookup file, that I put in $SPLUNK_HOME/etc/system/lookups/ I put in transforms.conf file ($SPLUNK_HOME/etc/system/local/): [geoloc] filename = geoloc.csv And finaly use the lookup and the geostats command in research. Thanks again! ... View more

How to make a world map dashboard using logs from ...

by in Dashboards & Visualizations
‎01-20-2016 03:55 AM
‎01-20-2016 03:55 AM
Hi, I want to make a world map dashboard with my logs from a mail server. In the logs, I don't have IP's, but email addresses for sender and receiver. I want to see on a world map, for example, if the receiver address is toto@msn.de, then I should see a dot in Germany. I find many things about IP geolocalization, but, as I say, I don't have IP's in my logs. Any ideas? Thanks Max ... View more

Re: Raspberry Pi Help Needed

by in Installation
‎08-12-2015 03:26 AM
‎08-12-2015 03:26 AM
HI! Anything works for me. I tried the three steps procedure, the guilmxm's steps, but nothing matched. I see a connection between my raspberry and my indexers (with tcpdump on port 9997), but nothing in splunk. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to