×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
johnlee2327
Explorer
Member since: ‎07-28-2020
‎10-23-2024
Community Statistics
Posts 5
Solutions 0
Karma Given 3
Karma Received 1
Member Since ‎07-28-2020
Activity Feed
View All

Re: How to create notable manually with selected t...

by in Splunk Enterprise Security
‎10-22-2024 09:02 PM
‎10-22-2024 09:02 PM
You can use "rule_description" as the field for the above description. ... View more

Re: Is any Rest API or link for answer certain pro...

by in Splunk SOAR
‎08-29-2024 06:21 AM
‎08-29-2024 06:21 AM
Update. I have found I can use this API to approve. But still need username password or token T^T. curl -X POST -k -u "username:password" https://10.250.74.118:8443//rest/approval/15/responses -d "{\"responses\": [\"deny\"]}" But it showing the error that: {"failed": true, "message": "Invalid resolution. must be one of approve, deny, delegate"} Anyone know why?   ... View more

Is any Rest API or link for answer certain prompt ...

by in Splunk SOAR
‎08-29-2024 05:56 AM
‎08-29-2024 05:56 AM
All I learning for prompt is that I need to open broser and prompt with SOAR GUI. Is any Rest API or link available for answer prompt ? I want to pass some variable in the mail. If somebody click certain link, It will accept or reject the prompt for event "4" base on API automatically. It will reduce IT's workload! ... View more
Labels

Prompt email with certain event

by in Splunk SOAR
‎08-19-2024 08:01 PM
‎08-19-2024 08:01 PM
I have try to prompt with my email. To execute the requested action, deny or delegate, click here https://10.250.74.118:8443/approval/14. It need to enter the WEB UI and found the "certain" prompt. If I have 10000 prompt, I can not found the event related to the email rapidly.  If it is possible that use rest api to post prompt decision to soar certain event? ... View more
Labels

Re: How to detect duplicate GUIDs on forwarders?

by in Deployment Architecture
‎08-02-2021 12:33 AM
1 Karma
‎08-02-2021 12:33 AM
1 Karma
I think the SPL and the concept of Davidpaper are good. But for some reason, in my environment, it will not be able to reveal all the hidden problems. My SPL is as follows, I hope people with the same problem can give it a try. It fix my problem.  index=_internal ClientSessionsManager | stats dc(hostname), values(hostname) by instanceId | sort - dc(hostname) ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-23-2024 04:56 AM
Karma from
View All
Karma given to
View All