Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About paola92
paola92
Explorer
Member since:
09-07-2015
08-18-2021
Community Statistics
| Posts | 22 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 09-07-2015 |
Activity Feed
- Posted Re: DBConnect 3.1.4 Input on All Apps and Add-ons. 07-08-2021 04:28 PM
- Got Karma for Re: Why do I have error with ForeScout Adaptative Response Add-on about retrieve alert actions?. 06-05-2020 12:49 AM
- Posted Re: How to monitor Oracle Service Bus Console 12.c in Splunk ? on All Apps and Add-ons. 11-19-2019 11:57 AM
- Posted Does not start splunk forwarder service on Deployment Architecture. 11-01-2019 06:43 AM
- Posted Re: Bad timestamp DB Connect on All Apps and Add-ons. 10-17-2019 02:12 PM
- Posted Sonicwall data Enterprise Security on Splunk Enterprise Security. 10-17-2019 01:51 PM
- Tagged Sonicwall data Enterprise Security on Splunk Enterprise Security. 10-17-2019 01:51 PM
- Posted Re: Connection timed out web monitoring with a site up on All Apps and Add-ons. 08-23-2019 02:53 PM
- Posted Bad timestamp DB Connect on All Apps and Add-ons. 08-23-2019 02:51 PM
- Posted Connection timed out web monitoring with a site up on All Apps and Add-ons. 08-23-2019 12:49 PM
- Tagged Connection timed out web monitoring with a site up on All Apps and Add-ons. 08-23-2019 12:49 PM
- Posted Can you help me with the following KV Store error: "Detected unclean shutdown - /home/dbindex/kvstore/mongo/mongod.lock is not empty" on Knowledge Management. 10-02-2018 08:41 AM
- Tagged Can you help me with the following KV Store error: "Detected unclean shutdown - /home/dbindex/kvstore/mongo/mongod.lock is not empty" on Knowledge Management. 10-02-2018 08:41 AM
- Posted Re: Why do I have error with ForeScout Adaptative Response Add-on about retrieve alert actions? on Splunk Enterprise Security. 06-01-2018 05:24 AM
- Posted Why do I have error with ForeScout Adaptative Response Add-on about retrieve alert actions? on Splunk Enterprise Security. 05-28-2018 10:25 AM
- Tagged Why do I have error with ForeScout Adaptative Response Add-on about retrieve alert actions? on Splunk Enterprise Security. 05-28-2018 10:25 AM
- Posted Why are the data models intrusion and malware only working in the app search? on Splunk Search. 01-31-2018 02:18 PM
- Tagged Why are the data models intrusion and malware only working in the app search? on Splunk Search. 01-31-2018 02:18 PM
- Tagged Why are the data models intrusion and malware only working in the app search? on Splunk Search. 01-31-2018 02:18 PM
- Posted Forescout compatibility with Splunk v6.6 on All Apps and Add-ons. 09-12-2017 06:22 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-08-2021
04:28 PM
The correct form to solve the issue without downgrade the app is using the bulk action. In the inputs tab click Bulk Actions and select create or edit and continue the process.
... View more
11-19-2019
11:57 AM
Does anyone know how to do this integration?
... View more
11-01-2019
06:43 AM
I have installed splunk forwarder for a windows servers and the service must be initialized when the server starts but some times the service doesn't start so I need to know how to see why the service doesn't start or how I must configure the service.
... View more
- Tags:
- splunk-enterprise
10-17-2019
02:12 PM
The issue was solved when I put the timezone in the connection configuration.
... View more
10-17-2019
01:51 PM
Hi,
I integrated my firewall sonicwall using the guide for Dell Sonicwall Analytics and this applications is working fine and I see information but the Security Enterprise Application wasn't showing nothing so I modiffied some search and now I see information in Traffic Center but all is unknown. I think this is because the sonicwall logs has not action field so I need your help to show the information in Enterprise Security or some guide to integrated the firewall sonicwall with Enterprise Security Application.
Thank you.
... View more
08-23-2019
02:53 PM
Hi,
Thank you for your response.
I found that a firewall was blocking my splunk IP.
... View more
08-23-2019
02:51 PM
Hi,
I configured a new input for DB connect and specified used the column end_time for timestamp but when I received the events the timestamps has 5 hours minus like this:
I need help!! Others two inputs works fine but the other that I created (5) has the same issue.
... View more
08-23-2019
12:49 PM
Hi,
I'm using the Web Monitoring application and now I have a URL that I'm sure that is responding but the response in the application is Connection timed out and the URL respond in 4 or 5 seconds
How can I diagnostic what is happening?
... View more
10-02-2018
08:41 AM
Hi,
I have several errors related to KV Store as:
-Failed to start KV Store process. See mongod.log and splunkd.log for details.
-KV Store changed status to failed. KVStore process terminated.
-KV Store process terminated abnormally (exit code 100, status exited with code 100). See mongod.log and splunkd.log for details.
So when reviewing the mongod.log I see:
Detected unclean shutdown - /home/dbindex/kvstore/mongo/mongod.lock is not empty.
I STORAGE [initandlisten]
I STORAGE [initandlisten] ** WARNING: Readahead for /home/dbindex/kvstore/mongo is set to 4096KB
I STORAGE [initandlisten] ** We suggest setting it to 256KB (512 sectors) or less
I STORAGE [initandlisten] ** http://dochub.mongodb.org/core/readahead
I STORAGE [initandlisten] **************
old lock file: /home/dbindex/kvstore/mongo/mongod.lock. probably means unclean shutdown,
but there are no journal files to recover.
this is likely human error or filesystem corruption.
please make sure that your journal directory is mounted.
found 76 dbs.
see: http://dochub.mongodb.org/core/repair for more information
And, I tried to run the ./mongod --dbpath /DB/kvstore/mongo --repair and obtained the error:
./mongod: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory
So I need help to solve the problem!
... View more
06-01-2018
05:24 AM
1 Karma
Hi,
I have ES and Forescout Adaptive Response Add-on but I have not the alert actions and shows the alert.
... View more
05-28-2018
10:25 AM
I install Forescout App and Add-ons for Splunk Enterprise Security but I receive a alert and the active alerts is not available.
... View more
01-31-2018
02:18 PM
Hi, I'm using Security enterprise but the datamodels intrusion and malware are not working but if I use the app search I see results.
Can anyone help me?
I upload the result for the same search on different app.
... View more
09-12-2017
06:22 AM
Hi,
I want to install Forescout app in my splunk enterprise 6.6 but I see in base splunk that it is compatible but in the documentation https://www.forescout.com/wp-content/uploads/2016/11/ForeScout-App-Splunk-2.5-Guide.pdf I see that is compatible only with version 6.4 and 6.5 so does anyone know if it supports version 6.6?
... View more
03-14-2017
12:42 PM
I disable all inputs but I do not see logs but if I realized a capture with tcpdump i see that the packets is getting in the server.
... View more
03-13-2017
07:45 AM
But if I disable all inputs I will received logs of the other forwarders?
... View more
03-13-2017
06:10 AM
I have a single instance in CentOS 7 and I am interested in receiving and analyzing logs of my Linux server. But when I installed the Splunk App for Unix and Linux in my single instance, I exceeded my license because I received all logs of my Splunk. So I need to know, how to ignore the logs of my single instance Splunk?
... View more
01-24-2017
02:48 PM
I tried to retrieve assets information of ldap so I used the search (I know that I must not to use search nt_host...)
"|ldapsearch domain=XXX search="(&(objectClass=computer))"
|eval city=""
|eval country=""
|eval priority="medium"
|eval category="normal"
|eval dns=dNSHostName
|eval owner=managedBy
|rex field=sAMAccountName mode=sed "s/\$//g"
|eval nt_host=sAMAccountName |search nt_host=segurinfo
|makemv delim="," dn
|rex field=dn "(OU|CN)\=(?.+)"
|table Source_Address,mac,nt_host,dns,owner,priority,lat,long,city,country,bunit,category,pci_domain,is_expected,should_timesync,should_update,requires_av"
and I have the table but I the IP is not because I do not use static IP so I think is possible to use the security logs that I have but I do not how can i correlate it.
I used the next search for nt_host=segurinfo: index="wineventlog" Workstation_Name=segurinfo and I see in the logs the information that I need.
... View more
10-20-2016
06:08 AM
The configuration in the splunk web is the same in the space of File or Directory or can I put C:\Users\paola.sarmiento\Documents\CFA-Splunk\Log\?
... View more
10-19-2016
03:32 PM
The files are XML for example a file has the name LogSwitchLight09-05-2016.txt and the initial line is: 001250 20160905
and other file is LogSwitchLight09-29-2016 and the initial line is: 001179 20160929
I have a inputs.conf in the path: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local
and the text is:
[monitor://C:\Users\paola.sarmiento\Documents\CFA-Splunk\Log\]
disabled = false
recursive = true
index=main
... View more
10-19-2016
02:24 PM
Hi,
I have a search head and I need to monitor a folder that has a text file in which every day there is a new file. I configured the Splunk forwarder on the host and configured Splunk for monitoring the folder, but I only receive one file and it never shows more.
What must I configure to receive the rest of files?
... View more
