Activity Feed
- Got Karma for Re: Error with Security Essentials. a month ago
- Got Karma for Re: Error with Security Essentials. 11-07-2024 01:57 AM
- Got Karma for Re: Error with Security Essentials. 10-24-2024 10:59 AM
- Got Karma for Re: Error with Security Essentials. 09-15-2024 09:09 AM
- Posted Re: Error with Security Essentials on Splunk Enterprise. 08-06-2024 03:17 PM
- Posted Re: How to convert the below into a tabular format using rex on Splunk Search. 04-16-2024 02:49 PM
- Karma Re: Carriage return newline (\r\n) not working as delimiter for makemv for somesoni2. 02-09-2022 04:08 PM
- Karma Re: Error encountered for connection from src=10.100.100.137:48221. Local side shutting down for sjohnson_splunk. 06-05-2020 12:46 AM
- Posted Re: Why does cisco security suite generate so many skipped searches? on All Apps and Add-ons. 04-12-2018 12:00 PM
Topics I've Started
No posts to display.
08-06-2024
03:17 PM
4 Karma
Also in A&I 08-03-2024 03:38:37.525 INFO ChunkedExternProcessor [25501 searchOrchestrator] - Running process: /opt/splunk/bin/python3.9 /opt/splunk/etc/apps/SA-IdentityManagement/bin/entitymerge_command.py 08-03-2024 03:38:37.845 ERROR ChunkedExternProcessor [25506 ChunkedExternProcessorStderrLogger] - stderr: (AttributeError) module 'time' has no attribute 'clock' I searched around and changed: vi /opt/splunk/etc/apps/SA-Utils/lib/SolnCommon/cexe.py Change time.clock to time.time
... View more
04-16-2024
02:49 PM
Example rex
|rex ".*\"LastmodifiedBy\":\s\"(?<LastmodifiedBy>[^\"]+)\""
|rex ".*\"ModifiedDate\":\s\"(?<ModifiedDate>[^\"]+)\""
|rex ".*\"ComponentName\":\s\"(?<ComponentName>[^\"]+)\""
|rex ".*\"RecordId\":\s\"(?<RecordId>[^\"]+)\""
... View more
04-12-2018
12:00 PM
I ended up disabling and un-accelerating un-needed saved searches (76 of them). In a local instance of savedsearches.conf:
/opt/splunk/etc/deployment-apps/Splunk_CiscoSecuritySuite/local/savedsearches.conf
[Cisco WSA - Web Request Metrics - Users with Multiple UAs]
disabled = 1
auto_summarize = 0
.
.
.
[Cisco IPS - GC - Top Attackers]
disabled = 1
auto_summarize = 0
... View more