×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
grantlindley
New Member
Member since: ‎07-26-2018
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-26-2018
View All

Re: How to configure a license slave when the GUI ...

by in Monitoring Splunk
‎01-06-2020 04:36 PM
‎01-06-2020 04:36 PM
The CLI did the trick. Thanks! ... View more

Re: Calculating file hashes and adding to events

by in Splunk Search
‎07-27-2018 05:02 AM
‎07-27-2018 05:02 AM
Do you want the hash of the file or the hash of the filename? The filename you can hash easily enough like | eval hash=md5(filename_field) . There shouldn't be a need to index that - you can run it at search time. If you want to calculate the hash of the file itself you'll need to do that with a scripted input - the universal forwarder by itself won't pull that from the event log (unless there is a windows event that contains that information) There are most likely many answers on here about the best way to do malware monitoring - also check out the channel #security on the Splunk slack for more advice ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM