×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
ss1210
New Member
Member since: ‎08-21-2015
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-21-2015
Activity Feed
View All

Re: Has anyone compared using Splunk's netmon vs t...

by in All Apps and Add-ons
‎09-04-2015 12:58 PM
‎09-04-2015 12:58 PM
That's great, thank you! ... View more

Has anyone compared using Splunk's netmon vs the S...

by in All Apps and Add-ons
‎09-04-2015 07:17 AM
‎09-04-2015 07:17 AM
Hi, Has anyone compared the usage of the Splunk basic Netmon vs the Splunk App for Stream? I'm trying to get summary data from azure hosts. I am looking for something basic where we watch for the unexpected. So we would ignore inbound 80/443, but watch outbound random ports, etc.... It looks like the Stream App would be a pretty high volume of index data. I don't need the whole packets, just connection summary like what you would get from a cisco or firewall device. Has anyone looked at both and can you offer advice on if stream would be overkill or maybe the filter language lets us get more specific to watching what we want? Thank you! ... View more

How to get transforms for the Splunk for Palo Alto...

by in All Apps and Add-ons
‎08-21-2015 08:17 PM
‎08-21-2015 08:17 PM
Hi, I'm using Splunk Cloud and trying to get the Splunk for Palo Alto app running, but I'm sure this issue applies to other apps. Since we need a tcp/udp input, I created a universal forwarder and installed the PAN app on my cloud search head. I get the pan logs forwarding, but the source types are not being created like the transforms should do. If I try to unzip the PAN app on the forwarder, nothing flows. I read that the forwarder does not process the transforms anyway, but rather, it should be on my indexer. But in the cloud, I don't have any way to install the PAN app on my indexer. Does anyone know how to get the PAN app (or others) to handle the transforms? In the Cloud UI for settings, I can find that transform listed and the regex matches a raw line, but it doesn't assign it to the right source type. I'm assuming that's because the PAN app is not on my indexer. Has anyone ran into this before and know what to do? Thank you! Steve ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM