Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About maaneeel
maaneeel
Explorer
Member since:
01-25-2021
06-07-2022
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 01-25-2021 |
Activity Feed
- Got Karma for DBConnect - tail_rising_column_init_ckpt_value. 11-05-2021 03:06 PM
- Posted DBConnect - tail_rising_column_init_ckpt_value on Getting Data In. 06-17-2021 01:19 AM
- Posted Re: Work with fieldnames that contains {}. +PRTG on Splunk Enterprise. 06-02-2021 03:15 AM
- Posted Re: Work with fieldnames that contains {}. +PRTG on Splunk Enterprise. 06-02-2021 12:20 AM
- Posted Re: Work with fieldnames that contains {}. +PRTG on Splunk Enterprise. 06-02-2021 12:13 AM
- Posted Work with fieldnames that contains {}. +PRTG on Splunk Enterprise. 06-01-2021 04:09 AM
- Posted Re: Use token just if is defined on Splunk Search. 02-15-2021 07:16 AM
- Posted Use token just if is defined on Splunk Search. 02-15-2021 06:41 AM
- Tagged Use token just if is defined on Splunk Search. 02-15-2021 06:41 AM
- Posted Re: Trend Micro Deep Security for Splunk - sourcetype rewrite in distributed environment? on All Apps and Add-ons. 01-25-2021 08:43 AM
- Posted Re: Trend Micro Deep Security for Splunk - sourcetype rewrite in distributed environment? on All Apps and Add-ons. 01-25-2021 08:16 AM
- Posted Re: Trend Micro Deep Security for Splunk - sourcetype rewrite in distributed environment? on All Apps and Add-ons. 01-25-2021 07:38 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 |
06-17-2021
01:19 AM
1 Karma
Hello, After configure DBConnect to get data from a SQL database, I found the following error after restart the splunk service: Invalid key in stanza [nameOfMyQuery] in /opt/splunk/etc/apps/splunk_app_db_connect/local/db_inputs.conf, line XX: tail_rising_column_init_ckpt_value (value:{"value":"0","columnType":4}) Checking the documentation https://docs.splunk.com/Documentation/DBX/3.5.1/DeployDBX/dbinputs it seems like is not a deprecated parameter... Removing this line from the config file, the data input works properly but I don't know if could I get repeated inputs or any similar error. How could I solve the problem? Thanks Thanks
... View more
Labels
- Labels:
-
heavy forwarder
-
other
06-02-2021
03:15 AM
Thanks I didn't know spath command, but after try it I have the same problem with the new field... Any idea? Thanks
... View more
06-02-2021
12:20 AM
I also tried use eval and filter by the new result without success
... View more
06-02-2021
12:13 AM
Hello again, It's not working, Thanks for your help @isoutamo
... View more
06-01-2021
04:09 AM
Hi, I'm using the PRTG app to get logs from this monitoring tool and build clean reports about our servers health. The API is returning a JSON and the automatic field extraction gets fields like sensors{}.sensor. How could I build a query referencing to this fields? If I try something like this fails: index=prtg "sensors{}.sensor"=Ping Thanks
... View more
Labels
02-15-2021
07:16 AM
Thanks for the answers. Using search account_name = * works properly, but I would like to remove the default value (*) from the input textbox, just to prevent that when the analyst finish a search of a specific user, doesn't need to type * again to display any user.
... View more
02-15-2021
06:41 AM
Hello, I need to create a dashboard panel (table) doing a query that uses the following filtering condition: account_name = "$userNameToken$") How could I prevent the situation where the token is not defined and display any user? Thanks
... View more
- Tags:
- query token
Labels
- Labels:
-
other
01-25-2021
08:43 AM
Hello, A few minutes ago, I discovered that my problem was produced by another log management platform that we have betweeen deep security and splunk (I thought that it was sending the log to the Heavy Forwarders) but it was sending these logs directly to the indexers, so the transmorfation has not been applied. After try to send logs directly to Heavy Forwarders the sourcetype is being replaced properly, a change that I also did is modify all files inside default directory and write the name of the index that I'm using before the queries that just contains sourcetype. Thanks!
... View more
01-25-2021
08:16 AM
So, you deployed a different input app on Heavy Forwarders for each sourcetype and then set these sourcetypes on the same input, right' thanks for you quick reply!
... View more
01-25-2021
07:38 AM
Hello, I have the same problem on my splunk (all servers are on prem), I installed the app on Heavy Forwarders, Indexers and Search Heads, and I'm receiving all logs but all events are tagged as deepsecurity instead of deepsecurity-antimalware, deepsecurity-firewal.... At the beggining I had the app on Indexers and Search Heads, and Heavy forwarders had a simple app created by me that just monitor the file writted by rsyslog, now I deployed the DeepSecurity app and copy inputs.conf inside. What could I check? Thanks
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-07-2022
12:15 PM
|
