cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jamesdsteel
Explorer
Member since: ‎03-13-2019
‎08-22-2023
Community Statistics
Posts 7
Solutions 0
Karma Given 2
Karma Received 3
Member Since ‎03-13-2019
Activity Feed
View All

Re: Network Resolution (DNS) - Could not construct...

by in Getting Data In
‎06-30-2022 07:29 AM
‎06-30-2022 07:29 AM
Just encountered the same error. Fixed by downloading the CIM app from Splunkbase and extracting the cim_dns_reply_codes2.csv.default file (from Splunk_SA_CIM/lookups/) , saving it as cim_dns_reply_codes2.csv and then uploading it back to the CIM app on our instance. For some reason the CSV is there in the app as cim_dns_reply_codes2.csv.default which Splunk doesn't seem to recognise as a valid CSV. Rebuilding the Network_Resolution data model and seems to be working now. ... View more

Re: Why is URL Toolbox not working with mozilla li...

by in All Apps and Add-ons
‎06-13-2022 04:35 AM
‎06-13-2022 04:35 AM
That would explain why the .co.uk domains aren't being parsed correctly because afaik the IANA list only has .uk as a TLD. ... View more

Re: Why is URL Toolbox not working with mozilla li...

by in All Apps and Add-ons
‎05-31-2022 07:44 AM
‎05-31-2022 07:44 AM
Had a similar issue on our Splunk Cloud instance which seems resolved by setting list="mozila" - the typo is on purpose; latest build of the app on our instance seems to have a typo in the dat file. Have noticed though that the Mozilla list isn't parsing out .co.uk domains correctly (setting TLD as just .uk) ... View more

Re: Hide table column in inline email table

by in Reporting
‎10-26-2020 02:55 AM
‎10-26-2020 02:55 AM
Thanks! Tested and this works a treat. ... View more

Hide table column in inline email table

by in Reporting
‎07-08-2020 03:31 AM
‎07-08-2020 03:31 AM
Hi, I'm looking for a way to hide a table column in an inline email table while still retaining the ability to use the hidden column in the email notification tokens. I want to use the token $result.recipients$ in my "To" field for the email notification, but don't want to display the recipients column in the inline table I'm sending in the email. Is there a way to remove the column while still being able to use the token? I've tried both table and fields commands to display only the columns I want, but they both completely remove the recipients field from the results so it can't be used in the token.. Thanks ... View more
Labels

Re: ldapsearch error_message=password is mandatory...

by in All Apps and Add-ons
‎04-30-2020 02:10 PM
3 Karma
‎04-30-2020 02:10 PM
3 Karma
Try adding the "list_storage_passwords" capability to the role of users who need to use the ldapsearch commands directly. This allows the users to retrieve the configured passwords for each bind account so that Splunk can make LDAP requests. I would recommend adding a new role with this capability and adding that role to users who need to be able to use ldapsearch commands, as the "list_storage_passwords" capability will allow them to hit the REST endpoint and view passwords stored in Splunk in cleartext. The admin role will automatically have this capability, which is why it works. ... View more

How to prevent duplicate logs with replicating SEP...

by in All Apps and Add-ons
‎03-13-2019 07:52 AM
‎03-13-2019 07:52 AM
Has anyone had any experience with setting up log collection from replicating SEPM servers and preventing duplicate indexing? We have two SEPM sites that replicate once per day. Currently we're forwarding all of the logs from one of the sites which picks up all of the logs, but leads to a delay of up to 24 hours in collecting logs from the second site. To prevent the delay, we'd have to start also forwarding from the second site, but I anticipate this would lead to duplicated logs as the replicated logs would be forwarded from both servers. I was hoping I might be able to blacklist based on a "server" or "site" string in the logs, but I can't find a string common to all logs for each site. Any suggestions or help appreciated and would love to know if anyone has managed this scenario before. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-22-2023 09:11 AM
Karma from
Karma given to
View All