Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About florianhh
florianhh
Explorer
Member since:
03-23-2021
Friday
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 03-23-2021 |
Activity Feed
- Posted Re: Splunk Support for Active Directory: Why are non-admin users getting ldapsearch error "You do not have permissi on All Apps and Add-ons. Friday
- Posted KVstore field Aliase on Knowledge Management. 02-01-2022 03:55 AM
- Posted Re: Allow Usergroups to send Email on Splunk Enterprise. 11-05-2021 05:24 AM
- Posted Allow Usergroups to send Email on Splunk Enterprise. 11-05-2021 03:43 AM
- Karma Re: View only User for venkatasri. 06-18-2021 01:09 AM
- Posted Re: View only User on Security. 06-15-2021 12:32 AM
- Posted View only User on Security. 06-14-2021 07:21 AM
- Posted Re: What is the minimum permissions I can give a user to input data into the KV Store via REST API? on Security. 06-09-2021 11:33 PM
- Tagged Re: What is the minimum permissions I can give a user to input data into the KV Store via REST API? on Security. 06-09-2021 11:33 PM
- Tagged Re: What is the minimum permissions I can give a user to input data into the KV Store via REST API? on Security. 06-09-2021 11:33 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
Friday
This Worked for me as well. No need to give admin_all_objects permission! Splunk V. 8.2.5
... View more
02-01-2022
03:55 AM
Gooood Morning 🙂 I need some advice, we have several sources of Information about our Company assets, i know not ideal but better then dont know any. So i wrote a script thats collects everything from these Asset sources and writes the Info to a big KV Store. (1.5GB) on the Splunk-ES SH. The script does that every 6h. No i want to add these Info to the Splunk ES Asset- und Identitäts-Management. How do i aliase a kvstore field name so its CIM compliance with the required fieldnames as stated here. https://docs.splunk.com/ ? I thought about fieldaliases in a props.conf as per normal datasources. But im not sure to use the collection name as a source in the stanza? [source::ipam_assets_collection]
FIELDALIAS-asset_ip = Address AS ip Is there a better way?
... View more
11-05-2021
05:24 AM
Your absolute right about that. BUT i'm realy suppriced that splunk, what is a expensive pice of software only used by Security and Admin staff would have figured this out by now.
... View more
11-05-2021
03:43 AM
Hello Splunkys i Face some challanges right now. We run a Splunk Installation with about 50 Active Users with 10Different Roles. Now we have the need for allowing them to send them selfs alert Messages via EMAIL. First Problem: According to to the Docs its not possible to send a email if your not a Admin and the SMTP server needs authentication. Secound Problem, you can not set up per role or per user sender info only system wide via GUI. I found out that you can supply username= and Password= parameters via SPL search but this do not apply to alerts. And the Creds then show up in plaintext in the logs. I found that you can supply creds via alert_action.conf file per app. But then the creds would show up in the git_repo where we version our apps. Some .conf files honor ENV variables but i did not find if alert_action.conf would do so? And then they would be still accessable by CLI. Can it be so hard for Splunk to implement something so basic as per User email sending? Has somebody accived something similar ?
... View more
Labels
06-15-2021
12:32 AM
Thank you ! I've tried that from the WebUI but it did not work. I now did it trough the .conf file as you suggested and now it works. Oddly now the webUI Shows (EventCode::4740) as filter. Why is that odd format with :: ?
... View more
06-14-2021
07:21 AM
Hello Splunkys, i read this post Link on the Splunk Forum. I created a App and it only contains 1 dashboard. I create a user that has only access to this app. But you can't disable the users permission to view the search app. If you do that you get a 500 error after logging in. If you dont do it and allow view for the search app then it works but then the user is able to search more. Also Basically every think in Splunk that is clickable at that point will prompt you with a 500 internal server error page. Thats not cool. We need a Role for Helpdesk personal that shows something but we do not want that these persons can lookup some spl and spy on employee's.
... View more
Labels
- Labels:
-
access control
06-09-2021
11:33 PM
Hey There, i want to push this threat and ask if somethings changed since 2016? I have the same question, need to delete and post data to a KV store and do not want to grand Admin level permissions to a user just for that.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Friday
|
