Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About vinchakov_a
vinchakov_a
Path Finder
Member since:
07-23-2012
06-05-2020
Community Statistics
| Posts | 50 |
| Solutions | 0 |
| Karma Given | 8 |
| Karma Received | 5 |
| Member Since | 07-23-2012 |
Activity Feed
- Karma Re: How to parse JSON log data? for emiller42. 06-05-2020 12:47 AM
- Karma Re: timestamp in the beginning for woodcock. 06-05-2020 12:47 AM
- Karma Re: How to compare most recent results with previous search results? for somesoni2. 06-05-2020 12:47 AM
- Karma estreamer_client ERROR: Remote host closed socket at SFStreamer.pm line 1735 for s_ruggiero. 06-05-2020 12:47 AM
- Got Karma for custom ssl certificate 8089. 06-05-2020 12:47 AM
- Got Karma for Re: custom ssl certificate 8089. 06-05-2020 12:47 AM
- Got Karma for help with splunk dedup. 06-05-2020 12:47 AM
- Got Karma for Missing eventtypes and lookup table using Cisco IOS app?. 06-05-2020 12:47 AM
- Got Karma for Hurricane Labs Add-on for Nessus: Why am I getting error "The lookup table 'nessus_plugin_lookup' does not exist?. 06-05-2020 12:47 AM
- Karma Cisco IOS Default Dashboard Not Working for hw023280. 06-05-2020 12:46 AM
- Karma Re: wrong host for emechler_splunk. 06-05-2020 12:46 AM
- Karma Re: some questions about for linu1988. 06-05-2020 12:46 AM
- Posted Re: After upgrading to 6.5.0, KV Store will not start on Knowledge Management. 02-05-2017 10:40 PM
- Posted Re: Hurricane Labs Add-on for Nessus: Why am I getting error "The lookup table 'nessus_plugin_lookup' does not exist? on All Apps and Add-ons. 11-16-2015 11:54 PM
- Posted Re: Hurricane Labs Add-on for Nessus: Why am I getting error "The lookup table 'nessus_plugin_lookup' does not exist? on All Apps and Add-ons. 11-15-2015 09:05 PM
- Posted Re: Hurricane Labs Add-on for Nessus: Why am I getting error "The lookup table 'nessus_plugin_lookup' does not exist? on All Apps and Add-ons. 11-13-2015 09:09 AM
- Posted Re: Hurricane Labs Add-on for Nessus: Why am I getting error "The lookup table 'nessus_plugin_lookup' does not exist? on All Apps and Add-ons. 11-13-2015 09:07 AM
- Posted Re: Hurricane Labs Add-on for Nessus: Why am I getting error "The lookup table 'nessus_plugin_lookup' does not exist? on All Apps and Add-ons. 11-13-2015 07:39 AM
- Posted Re: Hurricane Labs Add-on for Nessus: Why am I getting error "The lookup table 'nessus_plugin_lookup' does not exist? on All Apps and Add-ons. 11-13-2015 07:33 AM
- Posted Re: Hurricane Labs Add-on for Nessus: Why am I getting error "The lookup table 'nessus_plugin_lookup' does not exist? on All Apps and Add-ons. 11-12-2015 10:54 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 |
02-05-2017
10:40 PM
I have the same issue after update, but I get such errors in mongod.log:
2017-02-06T06:39:59.168Z E NETWORK [conn180] SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2017-02-06T06:39:59.168Z I NETWORK [conn180] end connection 127.0.0.1:33592 (0 connections now open)
2017-02-06T06:39:59.175Z I NETWORK [initandlisten] connection accepted from 127.0.0.1:33593 #181 (1 connection now open)
2017-02-06T06:39:59.175Z E NETWORK [conn181] SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2017-02-06T06:39:59.175Z I NETWORK [conn181] end connection 127.0.0.1:33593 (0 connections now open)
... View more
11-16-2015
11:54 PM
they have no field "severity"
... View more
11-15-2015
09:05 PM
I see new data in index=nessus. But in app it is empty. For an example I take request:
tag=vulnerability tag=report report_id=* severity=* NOT severity=informational | chart count over dest by severity | sort -count limit=10 | rename low as Low, medium as Medium, high as High, critical as Critical
It is in reply empty
Then I modify request (del severity and add index=nessus)
index=nessus tag=vulnerability tag=report report_id=* | chart count over dest by severity | sort -count limit=10 | rename low as Low, medium as Medium, high as High, critical as Critical
I obtain data.
... View more
11-13-2015
09:09 AM
I checked one of dashboard, and it is empty because it use "severity". If I delete severity in search string it works.
... View more
11-13-2015
09:07 AM
sorry, index=nessus sourcetype=nessus_vuln same as index=nessus
... View more
11-13-2015
07:39 AM
Yes I see events in index=nessus.
... View more
11-13-2015
07:33 AM
all by root user
... View more
11-12-2015
10:54 PM
I created empty csv and launched update_lookup.sh. It filled it. It downloaded data from nessus, I see them.
But in application empty dashboards.
... View more
11-12-2015
09:25 PM
1 Karma
11-13-2015 08:20:42.654 +0300 ERROR LookupOperator - The lookup table 'nessus_plugin_lookup' does not exist. It is referenced by configuration 'nessus_vuln'.
11-13-2015 08:20:42.654 +0300 WARN LookupOperator - Failed to find static lookup file: nessus_plugin_lookup.csv
I received this error. TA - 1.0.6BETA.
... View more
10-27-2015
12:58 AM
I see that from DCN, data comes in with a frequency of 5 minutes. How do I reduce this interval? I use a heavy forwarder as DCN
... View more
10-25-2015
09:02 PM
Also there is no way to collect directly? Why this excess layer if I don't want it?
... View more
10-22-2015
11:17 PM
Whether surely to use the intermediate forwarder for collection of metrics?
I want to collect directly metrics on Splunk Enterprise.
... View more
07-14-2015
11:34 PM
Why splunk adds the date and time to the beginning of a log. How to clean it?
Jul 15 09:27:20 172.16.19.1 Jul 15 2015 10:27:20 us-fw01 : ...
Jul 15 09:27:20 172.16.19.1 Jul 15 2015 10:27:20 us-fw01 : ...
Jul 15 09:27:19 172.16.19.1 Jul 15 2015 10:27:19 us-fw01 : ...
Jul 15 09:27:18 172.16.19.1 Jul 15 2015 10:27:18 us-fw01 : ...
Jul 15 09:27:17 172.16.19.1 Jul 15 2015 10:27:17 us-fw01 : ...
... View more
07-14-2015
09:24 PM
I understood that it not absolutely json. I could process it as wrote above to comments. It is possible to cut off a log on reception? before events creating
... View more
07-14-2015
05:06 AM
Partially I understood. I created new field extraction and doing:
sourcetype=_json | eval _raw = access_log_json | spath
But how can I execute all before { on the input step????
... View more
07-14-2015
04:40 AM
I created an input in the _json format and send to it httpd access logs.
I received such logs:
Jul 14 14:35:44 172.16.16.100 1 2015-07-14T14:35:44+03:00 us-.local httpd - - - {"PROGRAM":"httpd","LOGTYPE":"access","ISODATE":"2015-07-14T14:35:44+03:00","HTTP":{"VHOST":"..com","USER_AGENT":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36","STATUS":"200","SIZE":"21","REQUEST_TIME":"756174","REQUEST":"GET /admins/widget/?widget_ReplicationLag_yw1[]= HTTP/1.1","REMOTE_USER":"u.","REMOTE_ADDR":"","REFERER":"https://..com/invoices/index","DATE":"2015-07-14T14:35:44"},"HOST_FROM":"us-.local","HOST":"us-.local","FILE_NAME":"/var/run/syslog-ng/apache.access.fifo"}
How I can parse this logs?
... View more
05-14-2015
09:26 PM
1 Karma
I know how to do it, I tried to use on 8089 same certificate which I use for web.conf but another is necessary, with the password.
... View more
05-14-2015
05:05 AM
1 Karma
Splunk 6.2.2.
How can I change ssl certificate on 8089 management port? I read the instruction but it very short. Сould you tell in more detail how to make the certificate?
... View more
- Tags:
- ssl
04-16-2015
06:20 AM
I received this error after installing Splunk DB Connect:
04-16-2015 16:06:54.035 +0300 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 67, in init\n hand = handler(mode, ctxInfo)\n File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/rh_identities.py", line 24, in __init__\n self.verifySecretPath()\n File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/rh_identities.py", line 28, in verifySecretPath\n raise Exception("Unable to locate secret used to encrypt/decrypt passwords for identities")\nException: Unable to locate secret used to encrypt/decrypt passwords for identities\n
04-16-2015 16:06:54.035 +0300 ERROR AdminManagerExternal - Unexpected error "<type 'exceptions.Exception'>" from python handler: "Unable to locate secret used to encrypt/decrypt passwords for identities". See splunkd.log for more details.
... View more
04-08-2015
11:19 PM
Thu Apr 9 09:12:16 2015 - ERROR - Attempting to re-connect to the sensor: 172.16.23.50
Thu Apr 9 09:12:19 2015 - INFO - Checking for existing SubscriptionID on host: 172.16.23.50
Thu Apr 9 09:12:19 2015 - INFO - Attempting to connect to sensor: 172.16.23.50
Thu Apr 9 09:12:19 2015 - INFO - Successfully connected to: 172.16.23.50
Thu Apr 9 09:12:38 2015 - ERROR - Exception thrown in sdee.get(): Traceback (most recent call last): File "/opt/splunk/etc/apps/Splunk_TA_cisco-ips/bin/get_ips_feed.py", line 113, in run sdee.get() File "/opt/splunk/etc/apps/Splunk_TA_cisco-ips/bin/pysdee/pySDEE.py", line 211, in get self._request(params, **kwargs) File "/opt/splunk/etc/apps/Splunk_TA_cisco-ips/bin/pysdee/pySDEE.py", line 163, in _request data = urllib2.urlopen(req) File "/opt/splunk/lib/python2.7/urllib2.py", line 127, in urlopen return _opener.open(url, data, timeout) File "/opt/splunk/lib/python2.7/urllib2.py", line 410, in open response = meth(req, response) File "/opt/splunk/lib/python2.7/urllib2.py", line 523, in http_response 'http', request, response, code, msg, hdrs) File "/opt/splunk/lib/python2.7/urllib2.py", line 448, in error return self._call_chain(*args) File "/opt/splunk/lib/python2.7/urllib2.py", line 382, in _call_chain result = func(*args) File "/opt/splunk/lib/python2.7/urllib2.py", line 531, in http_error_default raise HTTPError(req.get_full_url(), code, msg, hdrs, fp) HTTPError: HTTP Error 401: Unauthorized
Thu Apr 9 09:12:38 2015 - ERROR - Attempting to re-connect to the sensor: 172.16.23.50
Thu Apr 9 09:12:42 2015 - INFO - Checking for existing SubscriptionID on host: 172.16.23.50
Thu Apr 9 09:12:42 2015 - INFO - Attempting to connect to sensor: 172.16.23.50
Thu Apr 9 09:12:42 2015 - INFO - Successfully connected to: 172.16.23.50
... View more
04-08-2015
11:10 PM
I found an error, after installation of addon input was switched off
... View more
04-03-2015
03:05 AM
I found in / opt/splunk/etc/apps/Splunk_TA_cisco-ips/var/log the file with IPS logs. But they aren't present in Splunk.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
