cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ravida
Engager
Member since: ‎05-26-2021
3 weeks ago
Community Statistics
Posts 4
Solutions 0
Karma Given 4
Karma Received 1
Member Since ‎05-26-2021
Activity Feed
View All

Enterprise Security incident urgency showing "info...

by in Splunk Enterprise Security
‎06-20-2023 12:23 PM
‎06-20-2023 12:23 PM
Hi folks, I created a correlation search that looks for administrators setting passwords to never expire, which then creates a notable event for incident review. I tried setting the severity to both "high" and "critical", but when the notable is created the urgency field shows up only as "informational". When I test the rule, I did it against on accounts that show up as both "high" and "critical" priority in the Identity Investigator, data I enrich via Active Directory. I checked the lookup table for urgency_lookup and it is as you would expect, nothing is different than the default that would make it calculate to informational. What may I be missing?   Thanks! ... View more

Is there a way to find out what the oldest events ...

by in Splunk Enterprise
‎02-02-2023 01:43 PM
1 Karma
‎02-02-2023 01:43 PM
1 Karma
Is there a way to find out what the oldest events are, by index,  in the local cache when running SmartStore? I am able to ssh in and look at the local buckets, but is there a way to see it in the monitoring console or by query?   Thanks!   Joe ... View more
Labels

Realtime search with a sliding window that doesn't...

by in Splunk Search
‎01-20-2023 11:39 AM
‎01-20-2023 11:39 AM
Hi folks, I have a realtime search that looks at failed windows logins, producing a "single value" timechart visualization with a sparkline and trend value next to it. index=windows EventCode=4625 | timechart span=1h count Instead of having it snap to the hour, I would like it to show the values without snapping, effectively grouping by the current minute - 60m for each.  Is there a way to group that in real time searches?  ... View more
Labels

How to verify a secure connection between the depl...

by in Security
‎08-11-2022 12:40 PM
‎08-11-2022 12:40 PM
Hi folks, I have recently been testing out how to ensure the connection between my deployment server and the universal forwarders is secure. I followed the instructions and deployed a new app with some stanzas to a test windows workstation server class, via deploymentclient.conf to conform to this: [deployment-client] sslVerifyServerCert=true caCertFile=$SPLUNK_HOME/etc/apps/<this apps name>/auth/ca.pem sslCommonNameToCheck = <common name in DS cert> My question is how can I confirm it is connecting securely? Most of the documentation I find describes securing the indexers to forwarders, but not the deployment server to client/forwarder connection. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
3 weeks ago
Karma from
View All
Karma given to