Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About rpfutrell
rpfutrell
Explorer
Member since:
10-28-2020
05-05-2025
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 10-28-2020 |
Activity Feed
- Posted Re: How to determine input source to filter WinEventLog? on Getting Data In. 02-14-2025 08:14 AM
- Posted How to determine input source to filter WinEventLog? on Getting Data In. 02-10-2025 05:02 PM
- Posted Re: How to add link in ES Notable events "next steps" form? on Splunk Enterprise Security. 12-24-2024 07:02 AM
- Posted Re: How do I download the app? on Splunk Dev. 10-29-2024 06:14 AM
- Posted How do I download the app? on Splunk Dev. 10-28-2024 12:05 PM
- Posted Druva - Add-on needs to be republished using the latest add-on builder on All Apps and Add-ons. 06-06-2024 08:46 AM
- Posted Re: How to add link in ES Notable events "next steps" form? on Splunk Enterprise Security. 02-14-2024 11:28 AM
- Karma Re: How to get Splunk ID for certification exam at Pearson VUE? for jfarmiloe. 10-28-2020 02:28 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
02-14-2025
08:14 AM
Thank you @livehybrid , after a long day of mapping related things out , I got the bug a and found myself manually reviewing all the directories I could. Of course directly after I submitted this I found the correct inputs.conf and realized I need to use btool. 😃 Thanks again for sharing!
... View more
02-10-2025
05:02 PM
I'm trying to discover my source input.conf file that is responsible for pulling in the WinEventLogs. Our original implementation was back in 2019, and completed by another SME that has since moved on. When we implemented Splunk Cloud there was many other onsite components implemented, incuding an IDM server. Since moving to the Victoria Experience we no longer utilize an IDM server, but have the rest of the resources in placed as shown in my attached.. That said, I'm just trying to confirm where to filter my oswin logs from, but not convinced I have identified the source. While I found the inputs.conf file under Splunk_TA_windows (where I'd expect it to be) on the deployment server, I'm not confident it's responsible for this data input. This is because all my entries in the stanza specific for WinEventLog ... has a disable = 1. So while I want to believe, I cannot. I've look over mulmore importantly where are my WinEventLogs truly being sourced from (which inputs.conf)? I've review my resources on the Deployment Server, DMZ Forwarder and Syslog UFW Server and not finding anything else that would be responsible, nor anything installed regarding Splunk_TA_windows, however I am indeed getting plenty of data, and trying to be more efficient with our ingest and looking to filter some of these type of logs out. TIA
... View more
Labels
- Labels:
-
inputs.conf
-
Linux
-
Mac
-
Windows
12-24-2024
07:02 AM
It's nice to see that you can now post a URL in ES - thank you!
... View more
10-29-2024
06:14 AM
Thanks for the feedback - I did sent the developer an email inquiry. It appears the app is only available in the European markets... If I didn't miss it in the splunkbase documentation / website, it would be nice to have that listed there.
... View more
10-28-2024
12:05 PM
We found Visdom for Citrix VDI listing on splunkbase interesting, but not seeing how to download the app to review. Is this app still availble and supported by the developer(s)?
... View more
06-06-2024
08:46 AM
It looks like the last version of this add-on isn't compatiable with due to the add-on builder used, and the app version 1.0.2 has to be used wih SC vs. the latest release of 1.1.1. Can anyone confirm if there are plans to re-compile the add-on with the latest add-on builder and if the latest app is support on Splunk Cloud?
... View more
Labels
- Labels:
-
configuration
-
development
-
installation
02-14-2024
11:28 AM
I've been searching for the same answer, as Splunk ES is is limiting in the regards. Most our other tools are found elswhere - to expedite the review or mitigation, it would be very helpful to add a link in the next steps to say go to the EDR, the Proofpoint Server, O365 etc... vs. the SOC analyst needing to fumble through his/her bookmarks etc.. If this doesn't exist, I sure how it's on the roadmap.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-05-2025
07:54 AM
|
