cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
datsplunk4272
Explorer
Member since: ‎03-22-2021
‎05-14-2022
Community Statistics
Posts 8
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎03-22-2021
Activity Feed
View All

Re: Is there a way in Splunk to get the informatio...

by in Splunk Enterprise
‎05-12-2022 12:47 PM
‎05-12-2022 12:47 PM
Here is what I could have a summary: 1. Splunk authentication (I call local settings) and all local users' login/password are stored at  $SPLUNK_HOME$/etc/passwd file. After users login, their profiles will be located $SPLUNK_HOME$/etc/users/ directory. 2. This is a way that I use to manage the users because I am using radius authentication as mentioned above. I listed the links to download and configure below that I followed so you could do your lab. After completing the app installation and configuration, logging to SH > Click Settings > Add Data > Files & Directories ($SPLUNK_HOME$/etc/apps/radius_auth/local/user_info directory that will be monitored > follow the rest of the basic process. Download app: https://splunkbase.splunk.com/app/981/ Configuration the radius access: https://lukemurphey.net/projects/splunk-radius-auth/wiki/Install_and_Configuration   (I could not show you my system snapshot because it is not the lab but if you have one, you could share it.) ... View more

Re: Is there a way in Splunk to get the informatio...

by in Splunk Enterprise
‎05-12-2022 11:48 AM
‎05-12-2022 11:48 AM
Yes, @richgalloway is right! As our Search Heads are configured with RSA authentication, I created and monitored a local index in Search Head to track the JSON file for each user in SPL. $SPLUNK_HOME$/etc/app/<app_name(default: radius_auth>>local/user_info/<hash>.json ... View more

Re: syslog-ng systemctl not starting the service

by in Getting Data In
‎08-13-2021 01:03 PM
‎08-13-2021 01:03 PM
Hi: I believe, it is not the same. The post has an issue with the 'syslog-ng.service' app that would not be started.  ... View more

Re: syslog-ng systemctl not starting the service

by in Getting Data In
‎08-13-2021 12:59 PM
‎08-13-2021 12:59 PM
  For me, it should work, but could you try this.    filter f_all { not filter(f_cisco_asa); }; http://www.softpanorama.org/Logs/Syslog_ng/configuration_examples.shtml   ... View more

Re: syslog-ng systemctl not starting the service

by in Getting Data In
‎08-13-2021 12:51 PM
‎08-13-2021 12:51 PM
Hi: You can use this cmd follow to see what lines could cost the issue. I used to use to find mine as well. Please let me know your outcome. [ root@hostname ]# journalctl -a | grep syslog-ng   Also, I am concerning this code follow that you might check as well. I will double-check with it as well since I have never used it before. filter f_all { not ( filter(f_cisco_asa) ); };   ... View more

Re: Planning to modify Splunk login page to fit ou...

by in Dashboards & Visualizations
‎06-07-2021 01:47 PM
1 Karma
‎06-07-2021 01:47 PM
1 Karma
Please disregard my question. It is working now after clearing the browser cache. Have a great day!   ... View more

Planning to modify Splunk login page to fit our en...

by in Dashboards & Visualizations
‎06-07-2021 12:41 PM
‎06-07-2021 12:41 PM
Hi all: I am new with Splunk here, but I am able to handle the web app code. I tried to change the placeholder in the account.js file to display it follow as I wanted to, but it did not work after replacing the old one.   P/S. Planning to replace the background and place some notes for the users. Please assist. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-14-2022 02:04 AM
Karma from
View All