cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
username9000
New Member
Member since: ‎12-14-2012
‎06-05-2020
Community Statistics
Posts 7
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-14-2012
Activity Feed
View All

Re: Passing Variables OR Writing to a file

by in Splunk Search
‎01-03-2013 06:32 AM
‎01-03-2013 06:32 AM
Thx for your help. Is there any direct way to pass the IP address to the script? or is outputting the results to a file and then having the a script search said file the only way? I'm thinking more a programming way which is probably inapplicable. ... View more

Re: Passing Variables OR Writing to a file

by in Splunk Search
‎12-28-2012 12:14 PM
‎12-28-2012 12:14 PM
I have figured out how to output the IP to a text file via host="192.168.4.1" UTM5 Login failed: | stats count by src_ip | where count >3 | return src_ip | outputtext usexml=false | rename _xml as raw | fields - raw, _raw | outputcsv results.txt But am still looking to pass the IP from the search directly into the script that will run. The variables found below do not put out any using formation. http://docs.splunk.com/Documentation/Splunk/5.0.1/Alert/Configuringscriptedalerts ... View more

Passing Variables OR Writing to a file

by in Splunk Search
‎12-28-2012 10:45 AM
‎12-28-2012 10:45 AM
Greetings, I am trying to output an IP address from a search to a script. My goal is to have the search call a script to block IP it finds. Below is my search and an example of its results. My Search: host="192.168.4.1" UTM5 Login failed: | stats count by src_ip | where count >3 | return src_ip Returns: src_ip="192.168.4.23" How do I pass the src_ip from my search to a script I am calling? Or do I have to write it to a separate file? ... View more

Re: Scripting, Search, Passing Vars

by in All Apps and Add-ons
‎12-28-2012 08:20 AM
‎12-28-2012 08:20 AM
I found this in another thread, seems to have done the trick. \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})" thx for ur help ... View more

Re: Scripting, Search, Passing Vars

by in All Apps and Add-ons
‎12-28-2012 08:00 AM
‎12-28-2012 08:00 AM
The logs only have one IP address in them (192.168.4.3), by using the GUI will it account for IP addresses that vary in the individual octet? For example, 17.45.252.1? etc? Or do i need to edit the rex syntax? I receive an error message for entering IP addresses that are not found within the log. ... View more

Re: Scripting, Search, Passing Vars

by in All Apps and Add-ons
‎12-28-2012 06:32 AM
‎12-28-2012 06:32 AM
Hi Bob, No I have not extracted the src_ip field. Am I to define a regular expression to extract the IP or is there a more friendly GUI approach? ... View more

Scripting, Search, Passing Vars

by in All Apps and Add-ons
‎12-27-2012 02:18 PM
‎12-27-2012 02:18 PM
Greetings, I am trying to setup up Splunk to count the failed login attempts on our firewall and then run a script that will login to the firewall and block said IP address. Currently, I have it setup to capture failed login attempts and run the default script (echo.sh) for testing purposes. My questions is, how do I count and pass the IP address after “from” in the log below? Dec 27 15:37:36 192.168.4.1 seclogin: [2012 Dec 27 15:37:36] UTM5 Login failed: invalid user sdhsdh from 192.168.4.3 Do I have to create a field type or use the field extractor? How does either, affect Splunks outputs listed here: http://docs.splunk.com/Documentation/Splunk/5.0.1/Alert/Configuringscriptedalerts ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM