Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About aruncp333
aruncp333
Explorer
Member since:
06-12-2019
08-25-2023
Community Statistics
| Posts | 15 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 0 |
| Member Since | 06-12-2019 |
Activity Feed
- Posted Re: How to populate Assets and Identities in ES with SA-LDAPSearch on Heavy Forwarder? on Splunk Enterprise Security. 08-24-2023 07:03 PM
- Posted Splunk Add on for McAfee DAM (Database Activity Monitor) on Getting Data In. 04-08-2021 05:11 AM
- Tagged Splunk Add on for McAfee DAM (Database Activity Monitor) on Getting Data In. 04-08-2021 05:11 AM
- Posted Splunk Add-on for McAfee Web Gateway on All Apps and Add-ons. 01-14-2021 09:43 PM
- Posted Re: Dedicated Monitoring Console configuration problem - "splunk_server/splunk_server_group do not match any search on Monitoring Splunk. 10-09-2020 08:25 AM
- Karma Re: Clarification - indexes.conf for woodcock. 09-25-2020 09:23 PM
- Karma How to Splunk the SAP Security Audit Log for afx. 06-05-2020 12:50 AM
- Karma Re: How to Splunk the SAP Security Audit Log for afx. 06-05-2020 12:50 AM
- Karma Re: Splunk size of hot/warm/cold bucket for solarboyz1. 06-05-2020 12:50 AM
- Karma Re: How do I set up SSL forwarding with new, self-signed certificates and authentication? for SandzVG. 06-05-2020 12:45 AM
- Posted Deployment server and Deployer Server on a single splunk instance on Deployment Architecture. 02-26-2020 12:09 PM
- Tagged Deployment server and Deployer Server on a single splunk instance on Deployment Architecture. 02-26-2020 12:09 PM
- Tagged Deployment server and Deployer Server on a single splunk instance on Deployment Architecture. 02-26-2020 12:09 PM
- Posted Limiting RAM CPU and Disk utilization on Universal Forwarder on Getting Data In. 02-26-2020 12:05 PM
- Tagged Limiting RAM CPU and Disk utilization on Universal Forwarder on Getting Data In. 02-26-2020 12:05 PM
- Tagged Limiting RAM CPU and Disk utilization on Universal Forwarder on Getting Data In. 02-26-2020 12:05 PM
- Tagged Limiting RAM CPU and Disk utilization on Universal Forwarder on Getting Data In. 02-26-2020 12:05 PM
- Tagged Limiting RAM CPU and Disk utilization on Universal Forwarder on Getting Data In. 02-26-2020 12:05 PM
- Posted Re: What's the difference between an event and a log on Splunk Search. 09-07-2019 01:59 AM
- Posted What's the difference between an event and a log on Splunk Search. 09-06-2019 01:03 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-24-2023
07:03 PM
1. Example search for collecting identity data from Active Directory: |ldapsearch domain=<domain_name> search="(&(objectclass=user)(!(objectClass=computer)))" attrs="userAccountControl,sAMAccountName,personalTitle,displayName,givenName,sn,mail,telephoneNumber,mobile,manager,department,whenCreated,accountExpires" |makemv userAccountControl |search userAccountControl="NORMAL_ACCOUNT" |eval suffix="" |eval priority="medium" |eval category="normal" |eval watchlist="false" |eval endDate="" |table sAMAccountName,personalTitle,displayName,givenName,sn,suffix,mail,telephoneNumber,mobile,manager,priority,department,category,watchlist,whenCreated,endDate |rename sAMAccountName as identity, personalTitle as prefix, displayName as nick, givenName as first, sn as last, mail as email, telephoneNumber as phone, mobile as phone2, manager as managedBy, department as bunit, whenCreated as startDate | collect <index-name> This example search assigns static values for suffix, endDate, category, watchlist, and priority. Use it as a guide to construct and test a working search, then replace the static values with information from your AD environment. 2. Example search for collecting asset data from Active Directory: |ldapsearch domain=<domain name> search="(&(objectClass=computer))" |eval city="" |eval country="" |eval priority="medium" |eval category="normal" |eval dns=dNSHostName |eval owner=managedBy |rex field=sAMAccountName mode=sed "s/\$//g" |eval nt_host=sAMAccountName |makemv delim="," dn |rex field=dn "(OU|CN)\=(?<bunit>.+)" |table ip,mac,nt_host,dns,owner,priority,lat,long,city,country,bunit,category,pci_domain,is_expected,should_timesync,should_update,requires_av | collect <index-name> 3. On HF make sure of outputs.conf forward the data to splunk cloud. 4. ON SH run a scheduled search to create lookups
... View more
04-08-2021
05:11 AM
Can someone help me with an ADDON for extracting fields out of the syslog data of McAfee DAM (Database Activity Monitor)
... View more
- Tags:
- splunk
Labels
- Labels:
-
field extraction
01-14-2021
09:43 PM
Is this Add-on : Splunk Add-on for McAfee Web Gateway supports McAfee Cloud Proxy ? https://splunkbase.splunk.com/app/3009/
... View more
Labels
- Labels:
-
configuration
-
troubleshooting
10-09-2020
08:25 AM
Does that mean your indexer cluster would have 4 search heads in SHC(as per your lab setup)?
... View more
02-26-2020
12:09 PM
Hi Splunkers
Can I use one single splunk instance as both the Deployer and Deployment server? If yes what are the pros and cons?
... View more
02-26-2020
12:05 PM
Hello Splunkers,
I want to know if we can limit the RAM, CPU and Disk utilization of a server where I have installed the Universal Forwarder.
Currently, based on my research I understand that the Bandwidth limit can be controlled using limits.conf.
Background: As I am installing the UF on my production server (*nix, Windows) I wouldn't want to choke the resource utilization on the server cuz of UF on it instead, I would like to limit the RAM and CPU utilization to 2-5% and Disk to 10-15%.
Thanks in advance.
... View more
09-07-2019
01:59 AM
That's interesting, Dal.
Further I have a follow up question.
Question: How can I propose splunk sizing if the customer is having existing solution in terms of events per second (EPS).
Let's say, 1000,000EPS conversion to Splunk/day license sizing.
Thanks in advance.
... View more
09-06-2019
01:03 PM
Can anyone explain me what's the difference between an event and a log.
According to me, an event is set of logs generated after matching a correlation.
... View more
- Tags:
- splunk-enterprise
08-19-2019
11:43 PM
Thank you solarboyz1
I would like to highlight that I am using only the "main" index.
One more thing u missed while suggesting is that transfer of frozen data to my Azure blobs.
... View more
08-19-2019
12:10 AM
Hello Splunkers
My setup:
1. I have 4 indexer cluster (not a multi-site)with a Search Head Cluster.
2. Each indexer is having 2TB Hard disk
3. I have a deployer server and Cluster master to manage the Cluster setups
Can anyone suggest me how can I configure the Log retention policy so that my 2TB HDD doesn't get exhausted? My intention is to use complete 2TB HDD for Hot and Worm buckets and once the data is ready to move to Cold/Frozen path I would like to transfer the logs to my Azure blobs. There is no specific plan with respect to number of days(log types) instead, its based on the amount of HDD which I have (2TB).
Thank you in advance.
... View more
08-07-2019
05:47 AM
Hi Splunkers
Is there any feature in Db connect to extract the from my logs(postgressql) automatically?
... View more
07-11-2019
04:00 AM
Hello Splunkers,
I have an enterprise splunk deployment with 4 indexer clisters and a Search Head cluster.
I have installed Sophos app on Search head. I am getting the logs from sophos central servers by api integration method. I would like to know where these logs are stored? How to identify which indexer its storing on.
... View more
- Tags:
- splunk-enterprise
07-09-2019
01:01 PM
I have Splunk ES Setup and I can see the logs coming from Sophos Central onto the Search Head(where I installed the app).
I would like to know where these logs are stored in Splunk. I have tried to find logs on indexers but it wasn't.
... View more
06-12-2019
11:18 PM
We are planning a new deployment of Splunk Enterprise - Indexer HA mode. Please suggest the stable version of Splunk Enterprise.
If you have any issue with the latest version: 7.3.0. Do you recommend the latest one? If not pls suggest the stable one.
... View more
06-12-2019
07:51 AM
Hello Splunkers
I have an Indexer Cluster setup on Azure(Splunk Enterprise) Platform. My indexer VM instance has 100GB of Hard Disk. My question is how can I use VHD/Network Attached disk so that I can store the logs and query them on VHD.
Pls note I am using Splunk Enterprise version.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-25-2023
12:26 AM
|
