Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About princemanto2580
princemanto2580
Path Finder
Member since:
11-29-2016
05-05-2023
Community Statistics
| Posts | 50 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 2 |
| Member Since | 11-29-2016 |
Activity Feed
- Posted Re: TA-lastpass does not index any data after setup on Getting Data In. 05-05-2023 04:53 AM
- Got Karma for Are there any practice exams or sample questions available for the Power User and Admin User Exams?. 09-29-2022 01:35 AM
- Got Karma for Re: Are there any practice exams or sample questions available for the Power User and Admin User Exams?. 09-29-2022 01:35 AM
- Posted SolarWinds Add-on for Splunk - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed on All Apps and Add-ons. 06-22-2021 11:29 PM
- Posted Re: Unable to initialize modular input "server" defined inside the app "splunk_app_db_connect": Intr on All Apps and Add-ons. 04-08-2021 04:00 AM
- Karma Re: How to define timestamp in props.conf for thes json event for niketn. 06-05-2020 12:48 AM
- Karma Re: Can i take Power User Certification after taking the prerequisite course(s) , I am new to Splunk for acharlieh. 06-05-2020 12:48 AM
- Karma Re: Simple installation script for Universal Forwarder for lguinn2. 06-05-2020 12:46 AM
- Karma Re: How to reindex data from a forwarder for yannK. 06-05-2020 12:46 AM
- Posted Re: SCCM queries for integration with Splunk on All Apps and Add-ons. 05-30-2018 11:53 PM
- Posted Which Data Model are need to update if I use Zscaler add-on on Splunk Enterprise Security. 05-30-2018 04:06 AM
- Tagged Which Data Model are need to update if I use Zscaler add-on on Splunk Enterprise Security. 05-30-2018 04:06 AM
- Posted Re: SCCM queries for integration with Splunk on All Apps and Add-ons. 05-09-2018 05:26 AM
- Posted Re: SCCM queries for integration with Splunk on All Apps and Add-ons. 05-06-2018 06:15 AM
- Posted Re: How can I monitor SCCM 2012 logs with Splunk? on Getting Data In. 05-06-2018 05:27 AM
- Posted Re: SCCM queries for integration with Splunk on All Apps and Add-ons. 05-06-2018 05:25 AM
- Posted Re: How can I monitor SCCM 2012 logs with Splunk? on Getting Data In. 05-06-2018 01:42 AM
- Posted SCCM queries for integration with Splunk on All Apps and Add-ons. 05-06-2018 01:40 AM
- Tagged SCCM queries for integration with Splunk on All Apps and Add-ons. 05-06-2018 01:40 AM
- Tagged SCCM queries for integration with Splunk on All Apps and Add-ons. 05-06-2018 01:40 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
05-05-2023
04:53 AM
the file lastpass-log.py not located under bin path. Even, trying to save the inputs but not showing in UI as it's saved. But in backend inputs.conf showing value saved.
... View more
06-22-2021
11:29 PM
Hi, Currently facing issue to ingest log from SolarWind using the "SolarWinds Add-on for Splunk". From the internal log getting error "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed". Any support and assistance can help to rectify this issue.
... View more
Labels
- Labels:
-
configuration
-
troubleshooting
04-08-2021
04:00 AM
Even I also open a case for this, but no resolution on this issue.
... View more
05-30-2018
11:53 PM
Did you complete DB-Connect configuration?
This is the first change need to complete.
... View more
05-30-2018
04:06 AM
Hello All,
I used the Splunk Add-on for Zscaler (https://splunkbase.splunk.com/app/3865/). But what are the data-model need to update in order to see the events IN ES (Enterprise Security) is missing in the documentation section.
It will really great if someone can help me by sharing this information.
... View more
05-09-2018
05:26 AM
One thing is sure, without having SQL skill never try to rectify the error of these queries.
3 out of 5 is done but it was kind of brainstorming to make the correct query. Only sccm:malware and sccm:status_message are in progress.
But really appreciate and thanks for sharing the queries, it helps us to choose the right table_name.
... View more
05-06-2018
06:15 AM
I have seen the link you are referring, but I really can't figure out the queries as not much experience on SQL.
https://github.com/Ricapar/splunk-sccm/blob/master/default/inputs.conf
It will be a great help if you can share the working queries over here.
... View more
05-06-2018
05:27 AM
I have already created a separate thread for the same.
https://answers.splunk.com/answers/657104/sccm-queries-for-integration-with-splunk.html
Anyways, thanks for showing the missing details on this question.
Work was done so far: Successfully configure the DB-Connect on Splunk to read the entire SCCM-DB.
SCCM version: 2012 R2 (Build : 1706)
Splunk Version: 6.5.0 (on premise)
... View more
05-06-2018
05:25 AM
Forgot to add these details:
Work was done so far: Successfully configure the DB-Connect on Splunk to read the entire SCCM-DB.
SCCM Version: 2012 R2
Splunk Version: 6.5.0 (on premise)
... View more
05-06-2018
01:42 AM
I have MS-SCCM in my Customer Location and integrated with Splunk with the help of DB-Connect. Can anyone help with the queries for Client Status Messages, Client Software Inventory, Client Health and Client Endpoint Protection?
... View more
05-06-2018
01:40 AM
I have MS-SCCM in my Customer Location and integrated with Splunk with the help of DB-Connect. Can anyone help with the queries for Client Status Messages, Client Software Inventory, Client Health and Client Endpoint Protection?
... View more
04-02-2018
06:13 AM
Hi,
I tried with "SELECT dateadd(HOUR, 4, [EPOEvents].[ReceivedUTC]) as [timestamp]," but still is showing the difference with 4 hours. Can you help on this?
... View more
11-13-2017
09:40 PM
Hi, for me getting an error on 401 Client Error for Unauthorized URL.
2017-11-12 09:01:37,305 ERROR pid=21224 tid=MainThread file=base_modinput.py:log_error:307 | HTTP Request error: 401 Client Error: Unauthorized for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$format=json&orderby=Received%20asc&$filter=StartDate%20eq%20datetime'2017-11-09T09:31:45.118227Z'%20and%20EndDate%20eq%20datetime'2017-11-14T05:28:45.118271Z'
I tried the above URL from the web, but I cannot login inside.
Any details will be helpful.
... View more
10-15-2017
03:10 AM
For me also getting some kind of different error for both was_findings and knowledge_base. Any please or suggestion will be highly appreciate. Log source path is "ta_QualysCloudPlatform.log" under /opt/splunk/var/log/splunk.
[was_findings]
TA-QualysCloudPlatform: 2017-10-15T10:12:15Z PID=9027 [MainThread] DEBUG: TA-QualysCloudPlatform [knowledge_base] - Loading custom settings
TA-QualysCloudPlatform: 2017-10-15T10:12:15Z PID=9027 [MainThread] INFO: TA-QualysCloudPlatform [knowledge_base] - Start
TA-QualysCloudPlatform: 2017-10-15T10:12:15Z PID=9027 [MainThread] INFO: TA-QualysCloudPlatform [knowledge_base] - Start logging knowledgebase
TA-QualysCloudPlatform: 2017-10-15T10:12:15Z PID=9027 [MainThread] INFO: TA-QualysCloudPlatform [knowledge_base] - Outputting logs to stdout
TA-QualysCloudPlatform: 2017-10-15T10:12:15Z PID=9027 [MainThread] INFO: TA-QualysCloudPlatform [knowledge_base] - Making request: https://qualysapi.qualys.eu/api/2.0/fo/knowledge_base/vuln/ with params={'details': 'Basic', 'action': 'list'}
TA-QualysCloudPlatform: 2017-10-15T10:12:16Z PID=9027 [MainThread] ERROR: TA-QualysCloudPlatform [knowledge_base] - Unsuccessful while calling API [403 : Forbidden]. Retrying: https://qualysapi.qualys.eu/api/2.0/fo/knowledge_base/vuln/ with params={'details': 'Basic', 'action': 'list'}. Retry count: 1
[knowledge_base]
TA-QualysCloudPlatform: 2017-10-15T13:14:20Z PID=13220 [MainThread] DEBUG: TA-QualysCloudPlatform [was_findings] - Loading custom settings
TA-QualysCloudPlatform: 2017-10-15T13:14:20Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - Start
TA-QualysCloudPlatform: 2017-10-15T13:14:20Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - Start
TA-QualysCloudPlatform: 2017-10-15T13:14:20Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - WAS findings were last fetched on 1999-01-01T00:00:00Z
TA-QualysCloudPlatform: 2017-10-15T13:14:20Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - Fetching WAS findings data for Hosts which were scanned after 1999-01-01T00:00:00Z
TA-QualysCloudPlatform: 2017-10-15T13:14:20Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - Fetching all WAS detection data
TA-QualysCloudPlatform: 2017-10-15T13:14:20Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - Running in single thread mode
TA-QualysCloudPlatform: 2017-10-15T13:14:20Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - Making request: https://qualysapi.qualys.eu/qps/rest/3.0/search/was/finding with params=true1999-01-01T00:00:00Z
TA-QualysCloudPlatform: 2017-10-15T13:14:21Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - WAS detection fetched
TA-QualysCloudPlatform: 2017-10-15T13:14:21Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - Parsing WAS detection XML
TA-QualysCloudPlatform: 2017-10-15T13:14:21Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - API Response Code = UNAUTHORIZED
TA-QualysCloudPlatform: 2017-10-15T13:14:21Z PID=13220 [MainThread] DEBUG: TA-QualysCloudPlatform [was_findings] - Exception while parsing. API ERROR. Message=UNAUTHORIZED :: Traceback (most recent call last):
TA-QualysCloudPlatform: 2017-10-15T13:14:21Z PID=13220 [MainThread] ERROR: TA-QualysCloudPlatform [was_findings] - could not load API response
TA-QualysCloudPlatform: 2017-10-15T13:14:21Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - Done
TA-QualysCloudPlatform: 2017-10-15T13:14:21Z PID=13220 [MainThread] INFO: TA-QualysCloudPlatform [was_findings] - was_findings run completed. Sleeping for 10800s
... View more
10-11-2017
12:27 AM
Hi Sridhar, is that Admin Guide of NSS can be available from NSS Admin UI or Zscaler UI. I don't have much information on it. Appreciate for your help in advance.
... View more
