cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ryansaunders
Explorer
Member since: ‎03-07-2019
‎10-26-2021
Community Statistics
Posts 5
Solutions 2
Karma Given 8
Karma Received 1
Member Since ‎03-07-2019
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Splunk SOAR in Cloud Environment

by in Deployment Architecture
‎10-26-2021 04:24 PM
‎10-26-2021 04:24 PM
The answer is right on the main Splunk SOAR website.  You can host on-prem or use Splunk's hosted cloud offering. ... View more

Re: App update broke the app and I can't re-instal...

by in All Apps and Add-ons
‎03-09-2021 05:33 AM
‎03-09-2021 05:33 AM
I'm seeing the same behavior with the version number showing as 8.1.1R62a79cd, though the TA still appears to be working normally for me. I opened a support case about the version number this morning and will post back here if I hear anything. ... View more

Re: Splunk UBA Installation

by in All Apps and Add-ons
‎02-05-2021 01:10 PM
‎02-05-2021 01:10 PM
Have you already completed the installation of UBA or are you simply running the pre-check script for the first time prior to installation? If prior to installation, some errors are expected.  See the relevant docs here: https://docs.splunk.com/Documentation/UBA/5.0.4/Install/CheckSystemStatus You might see errors related to file-based configurations. Those configurations happen after setup, so you can ignore those errors when running the script before setting up Splunk UBA.  I recently completed a UBA clustered setup on RHEL.  I don't recall whether we saw the symlink or /var/log errors, but I do remember seeing the eth0 error.  That eth0 message went away after installation. If you haven't installed yet, I think you are likely safe to proceed.  Run the script again after installation to verify everything is set up correctly. ... View more

Re: Error phantom_forward:129 Splunk_home\etc\apps...

by in Splunk SOAR (f.k.a. Phantom)
‎02-04-2021 09:55 AM
‎02-04-2021 09:55 AM
I was having this same issue (except with Splunk running on Linux).  Version 4.0.35 of the Phantom App was released last week and added support for Splunk Enterprise 8.1.  Upgrading to the new version of the app resolved the problem for me. https://splunkbase.splunk.com/app/3411/ ... View more

Re: Error when upgrading to Splunk Enterprise Secu...

by in Splunk Enterprise Security
‎01-12-2020 09:24 AM
1 Karma
‎01-12-2020 09:24 AM
1 Karma
This appears to be caused by the max_upload_size parameter being set too low. Splunk's default max_upload_size is 500, which is smaller than the ES 6.0 installer. Increase the max_upload_size parameter in web.conf and this should clear up for you. See step 2 of the installation instructions here: https://docs.splunk.com/Documentation/ES/6.0.0/Install/InstallEnterpriseSecurity ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-26-2021 07:45 PM
Karma from
View All
Karma given to