cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
mbjerkeland_spl
Splunk Employee
Member since: ‎08-22-2019
3 weeks ago
Community Statistics
Posts 8
Solutions 1
Karma Given 2
Karma Received 1
Member Since ‎08-22-2019
Activity Feed
Topics I've Started
No posts to display.
View All

Re: No CIM aligned fields for TA-WIndows-Defender

by Splunk Employee in All Apps and Add-ons
4 weeks ago
4 weeks ago
I just submitted a pull request to the original add-on with the changes you highlighted. I am hoping the original author includes it and gets a new version uploaded to Splunkbase. https://github.com/pdoconnell/TA-microsoft-windefender/pull/4 ... View more

Re: CEF app, Create output group button missing in...

by Splunk Employee in Archive
‎06-02-2020 12:29 PM
‎06-02-2020 12:29 PM
After a bit of troubleshooting where we first thought the issue was with missing role permissions in Splunk, it turned out the KV Store was not running due to an expired certificate. We recreated the certificate using the splunk createssl command, restarted and voila, the Create Output Group button reappeared. ... View more

Re: Python 3 modular input on a universal forwarde...

by Splunk Employee in Getting Data In
‎04-27-2020 11:55 PM
‎04-27-2020 11:55 PM
This has been filed as a bug and is slated to be fixed in 8.0.4, according to SPL-183467. Splunk UF should use the python in your PATH. ... View more

Re: Cisco Networks App - no results found, open in...

by Splunk Employee in Getting Data In
‎01-23-2020 10:44 AM
‎01-23-2020 10:44 AM
Hi, I'm the author of the App. Not sure why you are having issues with the dashboards, but this part indicates you have made local customizations to the App: | lookup dnslookup clientip as src_ip | top clienthost as the original app does not have this query. You may also try to clear any client side caches if you recently upgraded to Splunk 8. ... View more

Re: Search to alert user is logged into more than ...

by Splunk Employee in Getting Data In
‎01-20-2020 11:57 AM
‎01-20-2020 11:57 AM
You're welcome. You should be able to filter out users in the base search as well as in the end of the SPL using | search . Can you paste the exact search you are trying as well as a screenshot of your data and possibly also the fields returned? ... View more

Re: Search to alert user is logged into more than ...

by Splunk Employee in Getting Data In
‎01-20-2020 10:27 AM
‎01-20-2020 10:27 AM
Hi I suspect something as simple as this could work: sourcetype=cisco:asa tag=authentication tag=privileged | stats dc(host) as dc_host values(host) as values_host BY user | where dc_host > 1 You may need to refine the base search a bit and add additional BY clauses to get your desired result. I am on a cellphone so I am not able to test it myself unfortunately. ... View more

Re: Cisco IOS and TA not showing data in dashboard...

by Splunk Employee in Getting Data In
‎10-14-2019 07:56 AM
‎10-14-2019 07:56 AM
Add the index name as index=something to the stanza called cisco_ios You will see that one referenced in the other stanzas ... View more

Re: Cisco IOS and TA not showing data in dashboard...

by Splunk Employee in Getting Data In
‎10-11-2019 10:17 PM
1 Karma
‎10-11-2019 10:17 PM
1 Karma
There is a base eventtype you can adapt in the app. I believe it is the first one in eventtypes.conf. Just add your index name to that macro. A different approach would be to change your roles to automatically search that index by default. ... View more
Contact Me
Online Status
Offline
Date Last Visited
3 weeks ago
Karma from
View All
Karma given to
View All