cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
bahndg
Explorer
Member since: ‎07-09-2019
2 weeks ago
Community Statistics
Posts 4
Solutions 0
Karma Given 14
Karma Received 4
Member Since ‎07-09-2019
Activity Feed
View All

Re: Why is Azure Cloud Event-Hub Splunk Integratio...

by in All Apps and Add-ons
‎07-15-2022 08:46 AM
1 Karma
‎07-15-2022 08:46 AM
1 Karma
You may use Splunk Add-on for Microsoft Cloud Services https://splunkbase.splunk.com/app/3110/ in version 4.3.3+ (loops body.records now) and then use Microsoft Cloud Services Event Hub True Fashion Add-on for Splunk https://splunkbase.splunk.com/app/6508/ Your Azure Event hub message body nesting is completely gone now. ... View more

Re: How to ingest Event Hubs with Microsoft Cloud ...

by in All Apps and Add-ons
‎07-08-2022 05:37 PM
3 Karma
‎07-08-2022 05:37 PM
3 Karma
You require two permissions to ingest Event Hub through through Microsoft Cloud Services. - Azure Service Management -> "user_impersonation" - In Azure Portal -> Subscriptions -> Access control (IAM) -> Add role assignments -> Role: "Azure Event Hubs Data Receiver" -> User, group or service principal -> give this your app. It has been documented meanwhile at https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Configureeventhubs ... View more

Splunk Support for Active Directory: How to use GS...

by in Getting Data In
‎08-07-2019 07:31 AM
‎08-07-2019 07:31 AM
Splunk Version: 6.6.11 SA-ldapsearch App Version: 2.1.6 Build: 738 Hello, we have multiply domains in the forest and were able to connect to most domains using LDAP on 636 (TLS) using a Bind in DN-Format. But with two domains we are not using Simple-Auth via TLS Port 636 but rather GSS-API without TLS on Port 389 (GSS will add an secure layer). It seems the addon does not support this authentication at all because we always get the error message "External search command 'ldaptestconnection' returned error code 1. Script output = "error_message= # host: XXXX.DC: Could not access the directory service at ldap://XXXX.DC:389: Invalid credentials for the user with binddn="User@Domain.de". Please correct and test your SA-ldapsearch credentials in the context of domain="XXXX.DC" "" But the credentials are definately correct and I am able to connect with various tools like LDP.exe or LDAPAdmin with the same settings without any problems. How to make SA-ldapsearch use GSS-API with Port 389 on a DC using UPN-Username "User@otherdomain.de" with and without SASL ? ... View more

How to dynamically add results / correlate in a se...

by in Splunk Search
‎07-09-2019 01:12 PM
‎07-09-2019 01:12 PM
I want to dynamically add fields to my result set depending on a search I did. How do I can add fields/new columns based on a search from a result of the main-search ? index=test * | table Computer | appendcols [ search (index=another_test) Computer=$ParentSearch$.Computer) | head 1 | table Name ] | table Computer, Name dynamically. I cant work with lookups for each result because I want to generate the end result each time. Cant do that manually. I need to be to process this automatically. Another example: Lets say I am building a resultset with an query. When results show up, how can I enrich my resultset with values from another index? What I am looking is at writing SPLs which run once and during this one-shot they should correlate multiply events from multiply indexes. So result should be further processed and enriched by information from other indexes/columns. What is the best way to do that with Splunk in one SPL ? ... View more
Contact Me
Online Status
Offline
Date Last Visited
2 weeks ago
Karma from
View All
Karma given to