Activity Feed
- Got Karma for Re: Search result as input to another search. 06-05-2020 12:46 AM
- Posted Re: McAfee TA 2.0 inputs issues on Knowledge Management. 07-28-2014 09:15 AM
- Posted Re: ES3.1 install on Splunk Enterprise Security. 07-28-2014 09:13 AM
- Posted Re: Checkpoint R75.40 and OPSEC LEA on Getting Data In. 07-03-2012 02:13 PM
- Posted Re: Search result as input to another search on Splunk Search. 07-03-2012 04:32 AM
- Posted Re: Universal Forwarder - Start collection without indexing old logs on Getting Data In. 06-20-2012 06:23 AM
- Posted Windows 2008 R2 event subscriptions on Getting Data In. 12-09-2011 07:34 AM
- Tagged Windows 2008 R2 event subscriptions on Getting Data In. 12-09-2011 07:34 AM
- Posted Re: Splunk for Cisco IPS - connects to IPS every second regardless of "interval" setting on Getting Data In. 09-28-2011 04:14 AM
- Posted Dashboard templates on Splunk Search. 11-25-2010 01:49 PM
- Tagged Dashboard templates on Splunk Search. 11-25-2010 01:49 PM
- Tagged Dashboard templates on Splunk Search. 11-25-2010 01:49 PM
- Tagged Dashboard templates on Splunk Search. 11-25-2010 01:49 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
07-28-2014
09:15 AM
Sorry to tell you, but it seems your answer doesn't work. The timestamp is still wrong (index time)...
... View more
07-28-2014
09:13 AM
Between McAfee inputs problems (http://answers.splunk.com/answers/147469/mcafee-ta-20-inputs-issues), and that problem, I'm worry if Splunk did QA testing before the release Entreprise Security 3.1 ?!? It seems Splunk did not !
... View more
07-03-2012
02:13 PM
I played a lot with Checkpoint integration....and to be honest, it does NOT work at all !!!
Even Splunk says that they support OPSEC LEA for Checkpoint, it's wrong. More than 2 years they haven't updated anything. Loggrabber is old and nobody maintains it.
If I can recommend you something and if you have a enterprise license, please ask and ask Splunk support about Checkpoint integration....maybe one day they will do something.
Good luck !
... View more
07-03-2012
04:32 AM
1 Karma
I'm not sure if I understood your question, but you should try something like :
sourcetype=srctype3 | join [ search sourcetype=srctype1 OR sourcetyp=srctype2 dstIP=1.1.1.1 OR dstIP=2.2.2.2 | fields + srcIP dstIP | stats count by srcIP ] | fields + Hostname | stats count by srcIP Hostname
And see what you get. Let me know if it helps you.
... View more
06-20-2012
06:23 AM
Via inputs.conf (local): current_only = 1
or
Via wmi.conf (remote) : current_only = 1
... View more
12-09-2011
07:34 AM
Do you know if Splunk supports event subscriptions ? It's a new feature on Windows 7 and Windows 2008 R2. It helps to centralize event logs from different Windows servers on one server.
http://technet.microsoft.com/en-us/library/cc749183.aspx
... View more
- Tags:
- windows
09-28-2011
04:14 AM
Hi Josh,
I have the same troubles than you. After a quick look, I think I found the mistake :
File get_ips_feed.py :
[...]
58 while 1:
59 try:
60 sdee.get()
61 except:
[...]
I do not know why, but the loop runs forever, there is no exit / break into this loop.
We should ask Splunk why....maybe it's a bug.
A quick and dirty fix, add a break at the end of the loop :
167 ### Commen/Uncomment to write to stdout
168 # print syslog_msg +"\n"
169 break
It seems to work for me. Do not forget to change the "interval" option to 60 for example.
Let me know if it works for you too.
... View more
11-25-2010
01:49 PM
Hello,
I know quite good Splunk, at least the basic concepts. I have recently created a dashboard with few panels based on summary index searches. This dashboard helps me to get charts about a bunch of servers.
Because I have different group of servers around the world, I would like to generate the same kind of dashboards, but based on different servers.
It takes time to create all searches, and then the related dashboard. What is the best way to do the same for other group of servers ? Do I need to create everything manually ? Or does Splunk have another way based on templates to do the same ?
I wish I can create a dashboard template and call it with several parameters (like the name of the other group of servers for example) to generate my dashboard.
Thanks in advance for helping me to find the right way.
Yann
... View more
