×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
amortiz
Explorer
Member since: ‎10-04-2013
‎06-05-2020
Community Statistics
Posts 10
Solutions 0
Karma Given 14
Karma Received 2
Member Since ‎10-04-2013
Activity Feed
View All

Re: searching for linux audit events?

by in Splunk Search
‎10-23-2013 07:57 AM
‎10-23-2013 07:57 AM
Don't really have an answer, but am having to do the same type of searches at my location. Did the above solutions work? Thanks, Al ... View more

Can an ausearch command be used in the search fiel...

by in Splunk Search
‎10-21-2013 07:14 AM
‎10-21-2013 07:14 AM
I am attempting to convert a audit script on my linux audit server into something manageable in Splunk. Can I use the commands from the script in Splunk? An ausearch example is below. - ausearch –k logins and ausearch –m USER_LOGIN ... View more

Re: linux_secure by default

by in Deployment Architecture
‎10-18-2013 05:04 AM
‎10-18-2013 05:04 AM
Thanks, your answer matches what I've slowly been learning! Have a great weekend. Al ... View more

Extracting Searches From Apps

by in All Apps and Add-ons
‎10-18-2013 04:50 AM
‎10-18-2013 04:50 AM
I have a whale of a time getting Splunk apps approved to use with Splunk. Is there a way to look through the splunk apps that are on the site and pull out some of the scripts and searches? Don't know the copyright/copyleft of the apps but I've read through the documentation of the *nix app and it would be quicker or me to use parts I need rather than go through our approval process. Thanks, Al ... View more

Re: linux_secure by default

by in Deployment Architecture
‎10-18-2013 04:32 AM
‎10-18-2013 04:32 AM
It wasn't really a search, we have a OS running on top on Linux that returns specific data to our operations. Splunk tags our data linux_secure, and it appears changes some of the formatting I am used to looking at. I'd like to be able to turn the auto source_type off until I'm sure all of our audit requirements are being picked up by splunk. ... View more

linux_secure by default

by in Deployment Architecture
‎10-14-2013 10:04 AM
‎10-14-2013 10:04 AM
I have results from a search that splunk has tagged as linux_secure (sourcetype) appears by default. Is there a way to turn that option off? Thanks, Al Splunk 5.03 ... View more

Re: any good tutorial for splunk search queries

by in Splunk Search
‎10-08-2013 09:37 AM
‎10-08-2013 09:37 AM
apologize for my density level, what is an UI? Is it by chance short for utility or maybe user interface I did look through the linked page to make sure I wasn't missing the obvious. My Texas schooling only goes so far. Thanks, ... View more

Re: Best YouTube Videos

by in #Random
‎10-08-2013 08:46 AM
‎10-08-2013 08:46 AM
Thanks! I'm downloading the book now and I'll check out the other links. ... View more

Best YouTube Videos

by in #Random
‎10-08-2013 07:46 AM
‎10-08-2013 07:46 AM
Is there a list "out there" of the best Splunk videos on youtube? If not, anyone have a great link for beginning searches? The Lisa Guinn video is great but maybe one that's a little longer? A Texas educated user will be viewing the video so hopefully the speaker will talk real slow. Thanks! ... View more

how can i set a default Splunk Version selection o...

by in All Apps and Add-ons
‎10-08-2013 06:12 AM
2 Karma
‎10-08-2013 06:12 AM
2 Karma
Is there a way to add the Splunk version I use to my profile? If so will my future search results be based on version. Thanks. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to