Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About dantimola
dantimola
Communicator
Member since:
11-13-2016
08-17-2025
Community Statistics
| Posts | 86 |
| Solutions | 2 |
| Karma Given | 41 |
| Karma Received | 17 |
| Member Since | 11-13-2016 |
Activity Feed
- Posted Splunk Stream for M1/arm-based processor on Splunk Search. 07-17-2023 10:19 PM
- Posted Re: Internal server error 500 on system/licensing- How to resolve? on Dashboards & Visualizations. 07-17-2023 10:13 PM
- Got Karma for Re: Is it possible to rebuild multiple buckets with this command in the thawed directory?. 05-02-2023 12:39 PM
- Got Karma for Re: Is it possible to rebuild multiple buckets with this command in the thawed directory?. 09-21-2022 11:51 AM
- Karma Re: Help with script to make Splunk status up automatically if Splunk is down for gaurav_maniar. 03-18-2022 10:04 AM
- Karma Re: Indexers showing: WARN AdminHandler:AuthenticationHandler - Denied session token for user: splunk-system-user for RishiMandal. 10-11-2021 01:45 AM
- Got Karma for Re: Is it possible to rebuild multiple buckets with this command in the thawed directory?. 03-10-2021 06:54 AM
- Karma Re: Logic Behind Geographically Improbable Access Detected ? for Richfez. 02-01-2021 10:10 PM
- Got Karma for FS-ISAC Feeds Not Showing in Threat Artifacts. 11-01-2020 04:56 AM
- Posted Re: Splunk ES - Threat Intelligence TAXII feed not Working in Splunk Cloud on Splunk Enterprise Security. 10-14-2020 04:02 AM
- Posted Re: STIX TAXII Data Not Showing On Some Days on Splunk Enterprise Security. 10-14-2020 04:01 AM
- Karma Re: SEP 14.2 RU1 log format change for cascompany. 06-05-2020 12:50 AM
- Karma Re: Best practice to integrate Citrix mcs to Splunk for jconger. 06-05-2020 12:49 AM
- Karma Re: how create alert is send email in each once appear new result? for p_gurav. 06-05-2020 12:49 AM
- Karma Re: Splunk search help -- output data should match 2 or more of the keywords for DalJeanis. 06-05-2020 12:49 AM
- Karma Re: Search to display port scan attempts for DalJeanis. 06-05-2020 12:49 AM
- Karma Re: Universal Forwarder Disk Usage for koshyk. 06-05-2020 12:49 AM
- Karma Re: Is there a way set CPU and Memory consumption for splunkd process to a particular limit? for lguinn2. 06-05-2020 12:49 AM
- Karma Re: Using more than one Management Port for ddrillic. 06-05-2020 12:49 AM
- Got Karma for Re: Splunk search help -- output data should match 2 or more of the keywords. 06-05-2020 12:49 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-17-2023
10:19 PM
Since Splunk stream doesn't support M1/arm-based processors yet, are there any Splunk stream alternatives that we can use to get wire data directly from hosts? Is it also in Splunk's roadmap to support M1/arm-based processors for stream?
... View more
Labels
- Labels:
-
metadata
07-17-2023
10:13 PM
I'm having the same error in version 9.0.4. Did you find a fix for this?
... View more
10-14-2020
04:02 AM
I'm currently facing the same issue, have you resolved this already? Would you mind sharing the solution if ever? Thanks.
... View more
10-14-2020
04:01 AM
Have you resolved this already? Would you mind sharing the solution? I'm having the same problem right now.
... View more
11-25-2019
09:23 PM
Have you fixed this issue? I got the same issue.
... View more
09-13-2019
04:43 AM
1 Karma
Good day,
I have enabled FS-ISAC Threat Intelligence feed to our environment. I've confirmed that the feed was successfully when I checked the Threat Intelligence Audit dashboard FS-ISAC feed was there and has a download status Retrieved document from TAXII feed , I also got the result status="Finished parsing STIX documents" success="159" failed="0" when using the search index=_internal sourcetype="threatintel:manager" "*fsisac*" , however when I checked the Threat Artifacts dashboard the FS-ISAC feed was not there. How can I confirm if Splunk ES is using the FS-ISAC feed? Have I missed a step in adding new threat intelligence via TAXII feed? Should I create lookup and Saved Search for this? Thanks
... View more
07-10-2018
01:27 AM
Hi All,
Just want to ask if Deployment Client (Universal Forwarder) 6.0 and below is still compatible with Splunk Deployment Server (Splunk Enterprise) 7.0?
Cheers,
Dan
... View more
Then you can proceed with generating a self-signed certificate. 🙂
... View more
04-23-2018
02:22 AM
Have you tried this?
app: https://splunkbase.splunk.com/app/2891/
docs: https://docs.splunk.com/Documentation/AddOns/released/CyberArk/About
... View more
04-23-2018
02:20 AM
Is this what you are looking for? https://docs.splunk.com/Documentation/Splunk/7.0.3/AdvancedDev/ScriptSetup
... View more
04-23-2018
02:15 AM
Hello, Once the default ssl certificate expires, connection between deployment server and the client will be revoked, our workaround is to upgrade the universal forwarder so that it will renew the default certificates, however, Splunk's recommendation is DO NOT USE THE DEFAULT CERTIFICATE, generate a new one self-sign certificate, it will be more secure, to do that you can follow the instructions on the link below:
https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Howtoself-signcertificates
certificates signed by third party: https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Getthird-partycertificatesforSplunkWeb
... View more
03-05-2018
01:44 AM
https://splunkbase.splunk.com/app/3381/
... View more
02-25-2018
10:42 PM
Looks the same but it lacks details.
... View more
02-25-2018
10:02 PM
Good Day,
Just like to ask if is it possible to deploy a self-signed certificate to thousands of deployment clients via Deployment Server? I've configured our Splunk Infra to use self-signed certificate but we cannot implement it to thousands of our clients, it is impossible for us to access all of the clients and configure the Universal Forwarder to use self-signed certificate because all of the servers are in production. Thanks in advance for the answers.
Cheers
... View more
02-22-2018
07:19 PM
Hi All,
Good Day, currently our Splunk Infrastructure is built with 3 Heavy Forwarders, 6 Non-clustered Indexers, and 2 Clustered Search Heads, our data sources is huge, our Splunk is currently handling almost 8k+ of log sources (servers, network elements etc.) everyday and is still growing, we almost spent 500 GBs of data every day, and our current license is 600 GB. We are planning to do a migration this year and this is our proposed infrastructure.
2 Deployment Server
12 Heavy Forwarders (per site e.g, Log sources from NewYork site = 2 HFs, Log sources from Canada site = 2 HFs....)
6 Clustered Indexers
2 Clustered Search Heads
I just want to seek recommendations, suggestions etc. Are we doing it right? Thank you for the answers in advance.
Cheers,
Dan
... View more
02-21-2018
07:48 PM
Resolved the issue by adding _whitelist = \.lst$ in the inputs.conf
... View more
02-18-2018
11:07 PM
Good Day,
Would like to post a question, is it normal that CPU Utilization of Splunk Universal Forwarder is higher when perfmon monitoring is enabled? I can also see sub-processes on the server that results in high CPU Utilization. Thanks in advance for the answers.
... View more
02-12-2018
06:25 PM
Tried it also, it is indeed working, however, our client wants to use the Splunk Universal Forwarder installed on that server instead of uploading it to our Splunk manually which is the right way. Thanks for the answer by the way 🙂
... View more
02-12-2018
12:22 AM
Hi Splunkers,
Good day. Would like to ask regarding monitoring .lst , for your insight, .lst files are files oracle logs pulled from the server. When I'm trying the traditional way of monitoring logs (inputs.conf configuration), our Splunk is not reading the files unless otherwise renames as .log. Please see details:
**inputs.conf**
[monitor:///home/oracle/LAR/*.lst]
disabled = 0
index = oracledb
Sample data
... View more
02-04-2018
10:46 PM
Have you already configured your router to send syslog to your machine?
... View more
02-01-2018
11:56 PM
Here's the sample event:
username, PC-1
admin, PC-2
sample, SERVER_1
admin1, SERVER_1
The output I want is this
timestamp username, PC-1
another timestamp admin, PC-2
.......
... View more
02-01-2018
11:42 PM
Thank you for your answer, I got the idea but it didn't give me the output I wanted.
... View more
02-01-2018
11:39 PM
This is the closest one I've got, however, it didn't split the event just like the output I wanted but it let me create a new field I need using rex.
<my search here>
| rex mode=sed "s/([\r\n]+)/||/g"
| makemv _raw delim="||"
| mvexpand _raw
| rex (?<user>\w+)
| rex "||"(?<user>\w+)
| rex ", "(?<hostname>\w+)
... View more
02-01-2018
11:27 PM
SHOULD_LINEMERGE on props.conf already enabled. Sample raw event is in the "Sample Event:" found in the question.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-17-2025
08:35 PM
|
Karma from
Karma given to
