×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jhernandez_splu
Splunk Employee
Member since: ‎03-18-2014
‎10-11-2022
Community Statistics
Posts 10
Solutions 1
Karma Given 7
Karma Received 8
Member Since ‎03-18-2014
Activity Feed
View All

Re: Attack Range Local

by Splunk Employee in All Apps and Add-ons
‎06-22-2022 01:24 PM
‎06-22-2022 01:24 PM
Hey yeah we have been looking at adding support specifically to run things locally using docker and or ESXi but going forward we will likely deprecate local support all together. Today the code has been moved to https://github.com/splunk/attack_range_local/ ... View more

Re: Script error during SA-ldapsearch test connect...

by Splunk Employee in All Apps and Add-ons
‎02-25-2015 02:15 PM
‎02-25-2015 02:15 PM
Gotcha. I was not the person whom installed it on the system, so I am not sure if it was an upgrade. Although I did notice the UI config changes were properly reflected on the local/ldap.conf file. Strange. ... View more

Re: Script error during SA-ldapsearch test connect...

by Splunk Employee in All Apps and Add-ons
‎02-24-2015 03:35 PM
‎02-24-2015 03:35 PM
Thanks this worked! Do you know why the new SA-ldapsearch exhibits this behavior? Just curious. ... View more

Re: Modular Input: Do we need to parse a "name" st...

by Splunk Employee in Getting Data In
‎01-07-2015 08:20 PM
1 Karma
‎01-07-2015 08:20 PM
1 Karma
So after further troubleshooting the name stanza is required to be parsed in the config. It is also required to be sent via the default/data/ui/manager/*.xml if you are configuring via the UI http://docs.splunk.com/Documentation/Splunk/6.2.0/AdvancedDev/ModInputsCustomizeUI#Manager_page_example Example: <element name="name" label="Input name"> <view name="list"/> <view name="create"/> <key name="exampleText">Just a name to identify this modular input. Example: default</key> ... View more

Re: Modular Input: Do we need to parse a "name" st...

by Splunk Employee in Getting Data In
‎01-06-2015 01:53 PM
‎01-06-2015 01:53 PM
In testing I got a very obscure error: https://www.evernote.com/shard/s237/sh/eef0807b-e8ae-4e60-9ab5-7f86356f86d1/a34f5708f4f7dce712f429c5072db0a7 In search internal logs this shows up: https://www.evernote.com/shard/s237/sh/43000d68-97dc-434c-9522-a3b9c0c61205/7b538ae4851c496307dd9ee3db9b695d I confirmed that the REST endpoint does work and I can create a new modular input entry: https://www.evernote.com/shard/s237/sh/da844c07-adea-482f-bd46-d37cbd86218f/9429a8205501a15b019212bd281b0837 ... View more

Modular Input: Do we need to parse a "name" stanza...

by Splunk Employee in Getting Data In
‎01-06-2015 01:11 PM
4 Karma
‎01-06-2015 01:11 PM
4 Karma
I have been working on a modular input and been struggling with the way you read input stanza data from splunk all examples for some reason parse a "name" stanza before actually getting any values back from the defined spec. http://docs.splunk.com/Documentation/Splunk/6.2.0/AdvancedDev/ModInputsScripts#Read_XML_configuration_from_splunkd do we need to parse this name stanza even if I have defined in my spec that my named stanza is default? Is it required? Referring specifically to this piece: if conf_node: logging.debug("XML: found configuration") stanza = conf_node.getElementsByTagName("stanza")[0] if stanza: stanza_name = stanza.getAttribute("name") if stanza_name: logging.debug("XML: found stanza " + stanza_name) config["name"] = stanza_name Is there another recommended way of reading that stanza back from Splunk? ... View more

Re: How to parse and extract JSON log files in Spl...

by Splunk Employee in Getting Data In
‎07-30-2014 10:21 AM
2 Karma
‎07-30-2014 10:21 AM
2 Karma
Namrata, You can also have Splunk extract all these fields automatically during index time using KV_MODE = JSON setting in the props.conf. Give it a shot it is a feature I think of Splunk 6+. For example: [Tableau_log] KV_MODE = JSON It is actually really efficient as Splunk has a built in parser for it. ... View more

Re: Most Secure Cipher Collection to Use with Splu...

by Splunk Employee in Security
‎06-06-2014 02:04 PM
‎06-06-2014 02:04 PM
By the way made a post about EC certs which might help with this. Thank you again MuS. ... View more

Re: Most Secure Cipher Collection to Use with Splu...

by Splunk Employee in Security
‎05-06-2014 11:26 PM
1 Karma
‎05-06-2014 11:26 PM
1 Karma
Thank you so much that really does help. ... View more

Most Secure Cipher Collection to Use with Splunk

by Splunk Employee in Security
‎05-06-2014 08:48 PM
‎05-06-2014 08:48 PM
What would be the most "secure" cipher suite to use with Splunk. By most secure I mean, implements Perfect forward secrecy (DHS or ECDHE), a hashing algorithm that has not been cracked (SHA256+). Another consideration to take in mind is one that works with most browsers (so compatibility would be a factor). Splunk 6.03 Ships with openssl 1.01g which comes with the following cipher suite (seems like a decent list to me): $ openssl ciphers -v 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256: DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256: ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384: ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA: DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA: AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK' |column -t Has anyone speficied a set/collection of ciphers they allow using web.conf: [settings] cipherSuite = TLSv1 Advice, suggestions, context is welcomed. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-11-2022 02:16 PM
Karma from
Karma given to