I know this has been asked many different ways but, I cant seem to get the search correct. I am attempting to "Don't Display Data that is less than 10 days old. I have to set-up a whitelist via a look table, the idea here is we add IP's or URL that show no threat, so want to stop seeing alerts coming in. But - we want to recheck the data again in 10 days.
This is my test search, But it still shows IP or URL's in the lookup table.
| from datamodel:"Threat_Intelligence"."Threat_Activity"
| search NOT [| inputlookup my_whitelist.csv | fields threat_match_value]
| where lastSeen>=relative_time(now(),"-10d") AND _time<=now()
| table _time threat_match_value
My look table fields are
... View more
Hi all, Hope you can assist. I am having issues with connecting to my SolarWinds App server via the Splunk add on. I have tested my connection via Curl from my heavy forwarder, and I can get it to connect, and pull back the query . curl -k -v -u MyUserName https://mysolarwindsserver.local:17778/Solarwinds/InformationService/V3/JSOn/Query?query=SELECT+IPAddress+FROM+Orion.Nodes The issue is, if I take take the -k out, I get this error "curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above" See below. Has any one seen this issue before? I have read over loads via this community, and can't seem to locate the fix. Also, when I log in to the HF and look at the Splunk Add-on for SolarWinds under the account tab it is says "loading" Enter host password for user 'MyUserName':
* Trying x.x.x.x....
* TCP_NODELAY set
* Connected to mysolarwindsserver.local (x.x.x.x) port 17778 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above. Thanks
... View more