Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About ravida
ravida
Explorer
Member since:
05-26-2021
06-17-2025
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 1 |
| Member Since | 05-26-2021 |
Activity Feed
- Posted Re: Clicking on a custom rule's name in ES Top Notable Events doesn't filter in the Incident review on Dashboards & Visualizations. 05-23-2024 09:53 AM
- Posted Re: Clicking on a custom rule's name in ES Top Notable Events doesn't filter in the Incident review on Dashboards & Visualizations. 05-23-2024 06:44 AM
- Posted Re: Clicking on a custom rule's name in ES Top Notable Events doesn't filter in the Incident review on Dashboards & Visualizations. 05-22-2024 01:24 PM
- Posted Clicking on a custom rule's name in ES Top Notable Events doesn't filter in the Incident review on Dashboards & Visualizations. 05-20-2024 12:07 PM
- Tagged Clicking on a custom rule's name in ES Top Notable Events doesn't filter in the Incident review on Dashboards & Visualizations. 05-20-2024 12:07 PM
- Tagged Clicking on a custom rule's name in ES Top Notable Events doesn't filter in the Incident review on Dashboards & Visualizations. 05-20-2024 12:07 PM
- Karma Re: Enterprise Security incident urgency showing "informational" when I set correlation rule notable to " for meetmshah. 11-07-2023 09:19 AM
- Karma Re: Enterprise Security incident urgency showing "informational" when I set correlation rule notable to " for meetmshah. 11-07-2023 09:19 AM
- Posted Enterprise Security incident urgency showing "informational" when I set correlation rule notable to "high"? on Splunk Enterprise Security. 06-20-2023 12:23 PM
- Got Karma for Is there a way to find out what the oldest events are, by index, in the local cache when running SmartStore?. 02-22-2023 05:27 AM
- Posted Is there a way to find out what the oldest events are, by index, in the local cache when running SmartStore? on Splunk Enterprise. 02-02-2023 01:43 PM
- Karma Re: Realtime search with a sliding window that doesn't snap to the hour for richgalloway. 01-23-2023 07:09 AM
- Posted Realtime search with a sliding window that doesn't snap to the hour? on Splunk Search. 01-20-2023 11:39 AM
- Posted How to verify a secure connection between the deployment server and the forwarder? on Security. 08-11-2022 12:40 PM
- Karma Re: How to create a new index? for codebuilder. 10-21-2021 08:39 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 |
05-23-2024
09:53 AM
It happens for all of them. The strange part is, when i first click, you can see the notable name in the URL after "/incident_review?form.rule_name=(rule name)" followed by earliest/latest timestamos but after a moment it disappears and is replaced with a new URL which only has the earliest/latest values
... View more
05-23-2024
06:44 AM
They are blank. I was under the impression these are for showing the contributing events. Although I am trying to get the "Incident Review" to only show those notables in the list, instead of all notables.
... View more
05-22-2024
01:24 PM
They are blank. I was under the impression these are for showing the contributing events. Although I am trying to get the "Incident Review" to only show those notables in the list, instead of all notables.
... View more
05-20-2024
12:07 PM
Hi folks, This has been bugging me for a while. When I click on a custom-made correlation search in the Security Posture's Top Notable Events dashboard pane, it doesn't filter for that rule name in the incident review, it just shows all of them. Where do I configure it to drill down properly? Thanks!
... View more
06-20-2023
12:23 PM
Hi folks,
I created a correlation search that looks for administrators setting passwords to never expire, which then creates a notable event for incident review. I tried setting the severity to both "high" and "critical", but when the notable is created the urgency field shows up only as "informational".
When I test the rule, I did it against on accounts that show up as both "high" and "critical" priority in the Identity Investigator, data I enrich via Active Directory.
I checked the lookup table for urgency_lookup and it is as you would expect, nothing is different than the default that would make it calculate to informational. What may I be missing?
Thanks!
... View more
Labels
02-02-2023
01:43 PM
1 Karma
Is there a way to find out what the oldest events are, by index, in the local cache when running SmartStore? I am able to ssh in and look at the local buckets, but is there a way to see it in the monitoring console or by query?
Thanks!
Joe
... View more
Labels
- Labels:
-
administration
01-20-2023
11:39 AM
Hi folks,
I have a realtime search that looks at failed windows logins, producing a "single value" timechart visualization with a sparkline and trend value next to it.
index=windows EventCode=4625 | timechart span=1h count
Instead of having it snap to the hour, I would like it to show the values without snapping, effectively grouping by the current minute - 60m for each. Is there a way to group that in real time searches?
... View more
Labels
- Labels:
-
timechart
08-11-2022
12:40 PM
Hi folks, I have recently been testing out how to ensure the connection between my deployment server and the universal forwarders is secure. I followed the instructions and deployed a new app with some stanzas to a test windows workstation server class, via deploymentclient.conf to conform to this: [deployment-client] sslVerifyServerCert=true caCertFile=$SPLUNK_HOME/etc/apps/<this apps name>/auth/ca.pem sslCommonNameToCheck = <common name in DS cert> My question is how can I confirm it is connecting securely? Most of the documentation I find describes securing the indexers to forwarders, but not the deployment server to client/forwarder connection.
... View more
Labels
- Labels:
-
SSL
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-17-2025
11:21 AM
|
