Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About rsingh
rsingh
Explorer
Member since:
09-16-2016
06-05-2020
Community Statistics
| Posts | 32 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 1 |
| Member Since | 09-16-2016 |
Activity Feed
- Got Karma for Re: How to resolve error "ERROR TcpInputProc - Error encountered for connection" on server?. 06-05-2020 12:48 AM
- Karma How to delete a host and all its data from Splunk so it no longer appears in the Data Summary? for hutchingsp. 06-05-2020 12:47 AM
- Karma Re: windows logs for kovacez. 06-05-2020 12:46 AM
- Posted Re: How to resolve error "ERROR TcpInputProc - Error encountered for connection" on server? on Getting Data In. 12-19-2016 05:11 AM
- Posted Re: How to resolve error "ERROR TcpInputProc - Error encountered for connection" on server? on Getting Data In. 12-16-2016 08:35 AM
- Posted Re: How to resolve error "ERROR TcpInputProc - Error encountered for connection" on server? on Getting Data In. 12-15-2016 01:13 PM
- Posted How to resolve error "ERROR TcpInputProc - Error encountered for connection" on server? on Getting Data In. 12-15-2016 11:46 AM
- Tagged How to resolve error "ERROR TcpInputProc - Error encountered for connection" on server? on Getting Data In. 12-15-2016 11:46 AM
- Tagged How to resolve error "ERROR TcpInputProc - Error encountered for connection" on server? on Getting Data In. 12-15-2016 11:46 AM
- Posted Re: How to edit inputs.conf to search a log file for a specific thread on all servers? on Getting Data In. 12-12-2016 04:30 PM
- Posted Re: How to edit inputs.conf to search a log file for a specific thread on all servers? on Getting Data In. 12-07-2016 11:37 AM
- Posted Re: How to edit inputs.conf to search a log file for a specific thread on all servers? on Getting Data In. 12-07-2016 11:24 AM
- Posted How to edit inputs.conf to search a log file for a specific thread on all servers? on Getting Data In. 12-07-2016 10:59 AM
- Tagged How to edit inputs.conf to search a log file for a specific thread on all servers? on Getting Data In. 12-07-2016 10:59 AM
- Tagged How to edit inputs.conf to search a log file for a specific thread on all servers? on Getting Data In. 12-07-2016 10:59 AM
- Tagged How to edit inputs.conf to search a log file for a specific thread on all servers? on Getting Data In. 12-07-2016 10:59 AM
- Tagged How to edit inputs.conf to search a log file for a specific thread on all servers? on Getting Data In. 12-07-2016 10:59 AM
- Posted Being new to Splunk, do my inputs.conf and outputs.conf look correct on my local PC? on Splunk Search. 12-06-2016 01:33 PM
- Tagged Being new to Splunk, do my inputs.conf and outputs.conf look correct on my local PC? on Splunk Search. 12-06-2016 01:33 PM
- Tagged Being new to Splunk, do my inputs.conf and outputs.conf look correct on my local PC? on Splunk Search. 12-06-2016 01:33 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
12-19-2016
05:11 AM
makes sure - i was able to click on the error itself and it showed me which server was having the error. looks like the server had an old output.conf splunk server
thanks again
... View more
12-16-2016
08:35 AM
thanks i fixed it
... View more
12-15-2016
01:13 PM
1 Karma
thanks mmodestino - i think i resolved the previous errors but now i am getting a new one
ERROR ExecProcessor - message from ""C:\Program Files\Splunk\bin\splunk-perfmon.exe"" splunk-perfmon - OutputHandler::composeOutput: Counter is not found: Page Faults/sec
... View more
12-15-2016
11:46 AM
i am getting 2 different errors on my Splunk server - please see attached for errors, unsure what is wrong
thanks for all your help
... View more
12-12-2016
04:30 PM
this is how i placed it in my PC input file
[default]
host = NPC25
[monitor://C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG]
index=mbam
sourcetype=mbamservicelog
index=mbam sourcetype=mbamservicelog _index_earliest=-5m@m ActionTaken=ARW_ACTION_KILL_THREAD
index=mbam sourcetype=mbamservicelog earliest=-10m@m latest=-5m@m ActionTaken=ARW_ACTION_KILL_THREAD
... View more
12-07-2016
11:37 AM
ok got it thanks
... View more
12-07-2016
11:24 AM
thanks jkat54 - i am not using a deployment server, splunk is a new setup so once i configure the correct input.conf file i will use something like xcopy to push to local servers
... View more
12-07-2016
10:59 AM
i need help with adding this to my inputs.conf file on Splunk forwarder servers. i need Splunk to search this specific log file every 60 seconds and if a specific thread is found, to notify ASAP
Location of Log File = C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG
specific thread = ActionTaken=ARW_ACTION_KILL_THREAD
... View more
12-06-2016
01:33 PM
deploymentclient.conf
[target-broker:deploymentServer]
targetUri = splunk.domain.com:8089
outputs.conf
[tcpout]
server = splunk.domain.com:8089
[tcpout-server://splunk.domain.com:8089]
inputs.conf
[default]
host = MYPC257
[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0
[WinEventLog://Security]
index=security
current_only=1
evt_resolve_ad_obj=0
renderXml=1
disabled=0
Logon Failures
index=windows
LogName=Security EventCode=4625 | table _time, Workstation_Name, Source_Network_Address,
host, Account_Name
Monitor for Administrative and Guest Logon Failures
index=windows
LogName=Security
EventCode=4625 (Account_Name=_administrator OR Account_Name=guest) | stats
count values(Workstation_Name) AS Workstation_Name,
Values(Source_Network_Address)
AS Source_IP_Address,values(host) AS Host by Account_Name | where count > 3
... View more
12-05-2016
07:50 AM
can my splunk server be a deployment server also?
if i build a distribution server will it help me edit and distribute my input.conf and output.conf files
... View more
12-05-2016
06:28 AM
Genius - that worked. thanks
i have a dns name i would like to add to the server - nxsplunk.domain.com
i made the change in the Server settings but still cannot get to the name. can you point me to where else i need to add/change the name
thanks again
... View more
12-02-2016
06:41 AM
if i enter this url https://localhost:8001/ i get the snapshot below
here is my web.conf
[settings]
enableSplunkWebSSL = 1
privKeyPath =
serverCert =
startwebserver =1
mgmtHostPort = 192.168.101.148:8001
splunk-launch.conf
# Splunkweb service name
SPLUNK_WEB_NAME=splunkweb
SPLUNK_BINDIP=192.168.101.148:8001
i have a Windows 2008 Server and my Splunk version is 6.5.1
... View more
11-15-2016
08:33 AM
this is the URL i'm using to access splunk
https://localhost/en-US/app/launcher/home
http://localhost:8000/ does not resolve
... View more
11-15-2016
08:28 AM
when i go to port 8000
http://mysplunk.domain.com:8000/
Not Found
HTTP Error 404. The requested resource is not found.
... View more
11-15-2016
08:25 AM
when i go to port 8000
http://mysplunk.domain.com:8000/
Not Found
HTTP Error 404. The requested resource is not found.
... View more
11-15-2016
08:16 AM
i installed Splunk on my Windows 2008 server. i added the DNS name and IP to my DNS server but when i enter the DNS name, it takes me to IIS7 site. what am i doing wrong?
... View more
11-15-2016
06:55 AM
i was able to get the port changed thanks
... View more
11-10-2016
05:39 AM
i can't login to change - http://localhost:12300 i get to login page after i enter the admin and changeme - i get 500 page server error
This page was linked to from http://localhost:12300/en-US/account/login?return_to=%2Fen-US%2F.
... View more
11-09-2016
01:29 PM
i installed Splunk server on my WSUS server (Windows Server 2008) so i need to change the default port. i made the change in C:\Program Files\Splunk\etc\system\local\web but when i check on Splunk to launch the program it points to http://localhost:8000/
WEB config
[settings]
httpport = 12300
mgmtHostPort = 127.0.0.1:12389
if i manually type in http://localhost:12300 i get to login page after i enter the admin and changeme - i get 500 page server error
This page was linked to from http://localhost:12300/en-US/account/login?return_to=%2Fen-US%2F.
... View more
10-04-2016
10:01 AM
do you mean the location of the input and output.conf? if so i edit them from here
C:\Program Files\SplunkUniversalForwarder\etc\system\local
... View more
10-04-2016
05:56 AM
i removed the [splunktcp://9996] Connection_host = none but the errors are still occuring
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
