Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About tkoster8
tkoster8
New Member
Member since:
08-26-2015
11-03-2022
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 08-26-2015 |
Activity Feed
- Posted Re: Error when starting UF the first time- How can I resolve? on Installation. 11-03-2022 01:19 PM
- Posted Re: Why does Splunk universal forwarder have high CPU usage on system? on Getting Data In. 04-02-2019 06:05 AM
- Posted Why does Splunk universal forwarder have high CPU usage on system? on Getting Data In. 04-01-2019 03:32 PM
- Tagged Why does Splunk universal forwarder have high CPU usage on system? on Getting Data In. 04-01-2019 03:32 PM
- Tagged Why does Splunk universal forwarder have high CPU usage on system? on Getting Data In. 04-01-2019 03:32 PM
- Posted regsvr32 logging on Getting Data In. 03-11-2019 08:18 AM
- Tagged regsvr32 logging on Getting Data In. 03-11-2019 08:18 AM
- Tagged regsvr32 logging on Getting Data In. 03-11-2019 08:18 AM
- Posted Re: In the Slack Addon for Splunk, why am I getting the error 'NoneType' object has no attribute 'storage_passwords'? on All Apps and Add-ons. 09-11-2018 11:57 AM
- Posted Bash History Issue on All Apps and Add-ons. 07-17-2018 08:29 AM
- Tagged Bash History Issue on All Apps and Add-ons. 07-17-2018 08:29 AM
- Tagged Bash History Issue on All Apps and Add-ons. 07-17-2018 08:29 AM
- Tagged Bash History Issue on All Apps and Add-ons. 07-17-2018 08:29 AM
- Posted Splunk Add-on for Amazon Web Services: Is there a limit on the number of buckets to check for inputs? on All Apps and Add-ons. 09-26-2016 02:01 PM
- Tagged Splunk Add-on for Amazon Web Services: Is there a limit on the number of buckets to check for inputs? on All Apps and Add-ons. 09-26-2016 02:01 PM
- Tagged Splunk Add-on for Amazon Web Services: Is there a limit on the number of buckets to check for inputs? on All Apps and Add-ons. 09-26-2016 02:01 PM
- Tagged Splunk Add-on for Amazon Web Services: Is there a limit on the number of buckets to check for inputs? on All Apps and Add-ons. 09-26-2016 02:01 PM
- Tagged Splunk Add-on for Amazon Web Services: Is there a limit on the number of buckets to check for inputs? on All Apps and Add-ons. 09-26-2016 02:01 PM
- Tagged Splunk Add-on for Amazon Web Services: Is there a limit on the number of buckets to check for inputs? on All Apps and Add-ons. 09-26-2016 02:01 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-03-2022
01:19 PM
So I ran into the same problem. For me it was that I was running kernel 2.6.X and 9.0 stopped supporting that. Check your kernel version and see if thats the issue (uname -msr ) supported version for 8.2: https://docs.splunk.com/Documentation/Splunk/8.2.5/Installation/Systemrequirements vs 9.0.2 https://docs.splunk.com/Documentation/Splunk/latest/Installation/Systemrequirements?_ga=2.37568416.1872271241.1667396247-1152715957.1638286169&_gl=1*iiedmx*_ga*MTE1MjcxNTk1Ny4xNjM4Mjg2MTY5*_ga_5EPM2P39FV*MTY2NzUwMzYzNi4xOTguMS4xNjY3NTA2MjgyLjQwLjAuMA..
... View more
04-02-2019
06:05 AM
1) They are running 7.2 or higher. So N/A.
2) Wouldn't this solution just give it access to more CPU? I mean its not a problem of volume of processing events as the files themselves are not that large and wineventlogs is like 99% of the total logs coming out of the box.
3) Since windows transcription is a windows based logging system they have an on/off. There is no way to define how windows puts PS logs in a thing especially since multiple scripts could be running at once and if written to the same file it could easily be confusing to the system.
Is there a way to see what is causing CPU utilization issues? I feel like its a stab in the dark but its seriously the only thing different about the system than 2 weeks ago when it was running fine.
... View more
04-01-2019
03:32 PM
I added an app recently to pull in PowerShell Transcription logs that are output to C:\Logs\YYYYMMDD\YYYYMMDDHHSS.randomstring.log
So I created the following app:
[monitor://C:\Logs\*\*.txt]
followTail=false
disabled = false
sourcetype = ps_transcript
index = powershell
On some systems, PS is being run constantly from certain program/script updates. (10k in 24 hours on one server in particular). This creates a lot of small files that Splunk universal forwarder (UF) picks up. However, Splunk UF's CPU and memory usage has been going crazy with this. It isn't the size of the events, but I believe more of the number of files it has to monitor. Is this accurate? Is there a way to return the CPU usage to normal while still consuming the PS logs?
... View more
03-11-2019
08:18 AM
I'm trying to figure out how to log whenever regsvr32 is called to register or unregister a dll. I know its possible to pull the events using something like sysmon but I'm trying to figure out if there is another setting that I'm missing or a splunk app out there that can pull it without having to install yet another agent on a system.
... View more
- Tags:
- dll
- wineventlog
09-11-2018
11:57 AM
Is the 1.1.1 release posted somewhere? I downloaded via the function site and had no such luck...
... View more
07-17-2018
08:29 AM
I recently pushed the Splunk_TA_nix App. In it it has a line to pull Bash history. However I'm noticing that everytime a user logs in it pulls in their whole bash history file whenever changes are made. So person A logs in 3 times in a day... there are three full histories of stuff they did weeks ago in splunk time stamped for today.
I'm trying to figure out how to stop this duplication from happening. Fschange seems like it might work but it sounds like it is depreciated so would prefer something that isn't going to randomly drop.
This is what the app has in the stanzas:
### bash history
[monitor:///root/.bash_history]
disabled = 0
sourcetype = bash_history
index = os
[monitor:///home/.../.bash_history]
disabled = 0
sourcetype = bash_history
index = os
I did try adding in the temporary followTail but to no avail.
... View more
09-26-2016
02:01 PM
I just updated to 4.1.0 and i noticed a drop in the volume of my logs coming from AWS. I look and i see that some of the buckets are not being checked or not being thoroughly checked. All my inputs are still listed however when i go to put in a new input or edit old ones I can only see/search 30 of my inputs. The others are not there. Is there a limit to the number of buckets I can be checking? Is there somewhere i can up this limit?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-03-2022
04:40 PM
|
