×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
christianvalin
Explorer
Member since: ‎08-05-2013
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎08-05-2013
Activity Feed
View All

Re: Unexpected precedence of monitor stanzas in in...

by in Getting Data In
‎03-28-2018 07:30 AM
‎03-28-2018 07:30 AM
In network router configurations, the most specific match usually wins. As for inputs.conf "monitor" stanzas, its usually the least specific match that wins / take precendence if two or more match the wildcard. This makes huge difference in hostname matching when processing syslog directories, for example. ... View more

Re: Upgrade all universal forwarders using deploym...

by in Deployment Architecture
‎02-07-2017 06:41 AM
‎02-07-2017 06:41 AM
Works for me if I invoke it with cmd.exe batchfilename.bat or Linux-esque 'myrefresh.sh &' ... View more

Re: Upgrade all universal forwarders using deploym...

by in Deployment Architecture
‎02-07-2017 05:09 AM
‎02-07-2017 05:09 AM
Point b would not stop the script; the script or batch file runs independently - it is an invoked process. What it is - a little wasteful because each time the client checks in, it would invoke the script. But then again, do clients need to check in every five minutes? In most environments, probably not and every so many hours may suffice. Just saying. ... View more

Re: Upgrade all universal forwarders using deploym...

by in Deployment Architecture
‎02-07-2017 04:19 AM
‎02-07-2017 04:19 AM
This lack of functionality seems like silliness... what if we created an app that ran a script or batch file (whatever matches the client) which in effect does: a) retrieves a new pkg or msi to the client from wherever you host the new UF version if the local (client version does not match what is on the hosted location) - ok maybe even check the package download/copy for accuracy (using hash) b) stop the UF locally (on the client) c) runs the new pkg or msi (which by default the UF will auto-start yes? or if no, start the local UF). d) exits gracefully. so this would be an experiment but I bet someone has come up with this already (anyone have a working example?) ... View more

Need to collect from multiple opsec instances

by in Getting Data In
‎03-04-2014 11:24 AM
1 Karma
‎03-04-2014 11:24 AM
1 Karma
In my case, I have multiple and separate Checkpoint management consoles (production, staging, development). I tried to create a new connection to staging after having my production instance operate for about a year. Trouble is that the new connection I just tried for Staging is not yet trusted. From the docs for the opsec app (version 2.0.4, latest), it seems like if I import the certificate I would unintentionally replace the certificate I need to support production. I told the 'wizard' that I already have a certificate. Do I need to have the opsec app installed once again for each new console (not firewall but management console) on my indexer and how do I accomplish that OR have I just missed something in my assumptions? Ideally I want to log each environment to a unique index so forwarding logs to one environment would work but it would not give me the isolation I need. How do I get my three management consoles monitored and events into Splunk? Has anyone else had a similar situation? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All