Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About jaime_ramirez
jaime_ramirez
Communicator
Member since:
11-14-2018
08-17-2022
Community Statistics
| Posts | 72 |
| Solutions | 13 |
| Karma Given | 43 |
| Karma Received | 22 |
| Member Since | 11-14-2018 |
Activity Feed
- Got Karma for Re: Can i run a refresh from the command line?. 01-20-2023 05:02 AM
- Got Karma for Re: How to stop/Kill Splunk forwarder after receiving error message. 08-09-2022 01:18 AM
- Got Karma for Re: list all datamodels with the feeds (index, sourcetype). 07-11-2022 02:46 PM
- Got Karma for Re: calculate concurrency of transactions. 11-01-2021 05:07 AM
- Got Karma for Re: list all datamodels with the feeds (index, sourcetype). 06-23-2021 08:03 AM
- Posted Re: Determine Host of Bucket Involved in Cluster Fixup Task on Deployment Architecture. 03-03-2021 07:43 PM
- Karma Re: Determine Host of Bucket Involved in Cluster Fixup Task for muebel. 03-03-2021 07:42 PM
- Karma Determine Host of Bucket Involved in Cluster Fixup Task for muebel. 03-03-2021 07:42 PM
- Got Karma for Re: list all datamodels with the feeds (index, sourcetype). 07-13-2020 01:04 AM
- Got Karma for Re: Pareto Chart. 06-17-2020 07:54 AM
- Got Karma for Re: list all datamodels with the feeds (index, sourcetype). 06-12-2020 10:10 PM
- Karma Re: Check current date against lookup for justinatpnnl. 06-05-2020 12:50 AM
- Karma Re: Best way to extract the regex for the below xml format for vnravikumar. 06-05-2020 12:50 AM
- Karma Re: Basic linear interpolation in time for khevans. 06-05-2020 12:50 AM
- Karma Re: Generic Solution to Same Column Value Difference for jnudell_2. 06-05-2020 12:50 AM
- Karma Re: How to count the number of different values (multivalue) in a field? for rbechtold. 06-05-2020 12:50 AM
- Karma Re: Extract data from URL string for jacobpevans. 06-05-2020 12:50 AM
- Karma Re: Why Splunkd stops running but the splunkd.pid file remains for woodcock. 06-05-2020 12:50 AM
- Karma Re: How to set default KPIs value 100? for adonio. 06-05-2020 12:50 AM
- Karma Re: Multitenancy in Enterprise Security for jawaharas. 06-05-2020 12:50 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
03-03-2021
07:43 PM
Oustanding solution. We ended up using it for deleting buckets that were causing issues in our cluster.
... View more
06-03-2020
05:31 PM
Did you have any update on this?
... View more
04-25-2020
09:44 AM
Hi
Are you salting the files on pourpose using the crcSalt (I could not tell from the conf files)?
Do these files have any form of timestamp in them?
Do they by any chance generate the same hash value (possibly splunk thinks it has already indexed them)?
... View more
04-25-2020
08:15 AM
Hi
Have you tried using JRE 8 or OpenJDK 8 instead of 11. Have you checked this answer https://answers.splunk.com/answers/507416/splunk-db-connect-how-to-resolve-can-not-communica.html?
Hope it helps.
... View more
04-23-2020
04:41 PM
Hi.
We have experienced a similar case in which an Expired Instance would be added to the License Master but could not perform any searches.
The thing that we found out is that since the Expired Instance did not joined the Master, it started to use its Free License option without us realizing. After the Free License expired it blocked all Saved and Adhoc Searches, at this point we tried to make it join our License Master successfully but could not still perform any search.
The fastest solution that worked for us was to ask for a Reset License on Splunk Support Portal stating that we hadnt notice the violations ultil it was too late. They answered the same day with the Reset Key that you can upload to the Expired Instance directly (You must first separate this instance from your Master License Server and then apply the Reset Key to the Expired Instance directly; after it has cleared you can make it join the License Master again)
The other option was to migrate the data from the indexes ($SPLUNK_HOME/var/lib/splunk) and also selectively transfer the configurations ($SPLUNK_HOME/etc) to a freshly installed Splunk Instance, and then join it to the License Master.
Hope it helps
Cheers!!!
... View more
11-27-2019
08:20 AM
For string matching you could check this post:
https://www.splunk.com/en_us/blog/tips-and-tricks/you-can-t-hyde-from-dr-levenshtein-when-you-use-url-toolbox.html
Intelligent text pattern matching might be a little hard to implement. I will investigate further.
Hope it helps!!!
... View more
11-27-2019
08:15 AM
Could you try this instead:
index="iway_idoc" TMSG_TYPE="SAP_PLANARRIV"
| table STATUS
| search STATUS=Error
| stats count
This will count the records with STATUS=Error and then you can configure your alert to trigger if the count > 0.
For aggregate/statistical operations you should use stats command: https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/SearchReference/Stats
Hope it helps!!!
... View more
11-27-2019
08:00 AM
1 Karma
Hi
Last time I checked you could use the command | refresh from this app: https://splunkbase.splunk.com/app/1871
You could check the source code in the github repo: https://github.com/M-u-S/TA-debug-refresh
Also check this previous post: https://answers.splunk.com/answers/565493/is-there-a-cli-command-for-debug-refresh.html
It seems that if you want to refresh only selected endpoints you could list them and loop over them with curl. I will investigate further.
Hope it helps.
... View more
11-20-2019
11:23 AM
Have you tried this?
https://docs.splunk.com/Documentation/ES/5.3.1/Admin/Verifythreatintel
So in Security Intelligence > Threat Intelligence > Threat Artifacts, you should be able to find your Threat Source with its Intel Source ID.
Later I could elaborate more on the subject.
Hope it helps!!!
... View more
11-20-2019
11:09 AM
Have you tried this app?:
https://splunkbase.splunk.com/app/1794/
It can send alerts to dynamically genrated emails based on previous search results.
Hope it helps!!!
... View more
08-06-2019
01:26 PM
Have you tried the following?:
[WinEventLog://Application]
disabled = 0
whitelist = 26,25,19
whitelist1 = SourceName="DWMRCS"
index = wineventlog
evt_resolve_ad_obj = 0
checkpointInterval = 5
Hope it helps!!!
... View more
08-06-2019
12:10 PM
Hi
You must escape the [.] character:
[bl_subdom_domain01_com]
REGEX= query=subdom\.domain01\.com
DEST_KEY=queue
FORMAT=nullQueue
[bl_domain02_com]
REGEX= query=domain02\.com
DEST_KEY=queue
FORMAT=nullQueue
Hope it helps
... View more
08-06-2019
11:07 AM
So, are you pushing data from the mainframes to Splunk or pulling data from the mainframes?
... View more
08-06-2019
10:50 AM
Could you elaborate more on your issue? Some examples of what you are trying to accomplish would be helpful, as well as the data you are working with.
... View more
08-06-2019
09:13 AM
Thanks @jawaharas @starcher.
So if we want multitenancy to provide Enterprise Security to multiple silos, it would need an instance for each silo? How the licensing for ES would apply (could I reuse the application for several instances)?
... View more
08-05-2019
03:50 PM
For some of the log inputs you can change the default settings in the $SPLUNK_HOME/etc/log.cfg file. Although for the crash log I havent found anything yet.
Have you tried contacting Splunk support on this issue?
... View more
08-05-2019
02:35 PM
Hi.
Does anyone know if Multitenancy can be accomplished with a Single Instance of Enterprise Security?
I have searched and read a lot of info but havent came with a definitive answer yet.
Thanks a lot.
... View more
08-05-2019
02:07 PM
1 Karma
Hi
You can check the results given by an alert with the following:
index=_internal sourcetype="scheduler" search_type=scheduled savedsearch_name="Your alert name"
| where result_count=0
Hope it helps.
... View more
08-01-2019
12:28 PM
Check this:
https://answers.splunk.com/answers/476273/why-do-forwarders-go-down-with-unexpected-eof-mess.html
... View more
08-01-2019
11:42 AM
Check the splunkd log for any unusual behavior or any WARN/ERROR events.
Also it could be something regarding the ulimits. You could check the following info:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Troubleshooting/ulimitErrors
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-17-2022
02:16 AM
|
Karma from
