Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About Qingguo
Qingguo
Engager
Member since:
07-29-2021
11-14-2023
Community Statistics
| Posts | 11 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 07-29-2021 |
Activity Feed
- Posted How to do hint and input validation for custom field in phantom on Splunk SOAR. 12-11-2021 12:46 AM
- Posted Failure to open phantom (4.10.x) GUI on Splunk SOAR. 12-10-2021 11:49 PM
- Posted is it possible for branch to go back to original flow in playbook on Splunk SOAR. 11-16-2021 05:15 AM
- Tagged is it possible for branch to go back to original flow in playbook on Splunk SOAR. 11-16-2021 05:15 AM
- Posted Re: pass variable and value to subsearch on Splunk Search. 10-06-2021 07:31 AM
- Posted Re: pass variable and value to subsearch on Splunk Search. 10-06-2021 05:52 AM
- Posted Re: pass variable and value to subsearch on Splunk Search. 10-05-2021 08:35 AM
- Posted Re: pass variable and value to subsearch on Splunk Search. 10-05-2021 08:01 AM
- Posted pass variable and value to subsearch on Splunk Search. 09-28-2021 07:24 AM
- Posted Re: How to add filed from raw data into artifacts on Splunk SOAR. 07-30-2021 07:30 PM
- Posted quarantine device using ISE on Splunk SOAR. 07-29-2021 07:12 PM
- Tagged quarantine device using ISE on Splunk SOAR. 07-29-2021 07:12 PM
- Posted How to add filed from raw data into artifacts on Splunk SOAR. 07-29-2021 07:05 PM
- Tagged How to add filed from raw data into artifacts on Splunk SOAR. 07-29-2021 07:05 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
12-11-2021
12:46 AM
when inputing a customer field of data/time in container, is there any ways to do hints of input and input validation ? Currently it only support text/select in 4.10.X in customer field , and it is not real-time if done by playbook or some action.
... View more
Labels
- Labels:
-
using SOAR ⁄ Phantom
12-10-2021
11:49 PM
Failure to open phantom (4.10.x) GUI after setting up warm/standby , no error message when setup warm/standby and starting phantom. Any further troubleshooting or logs to check ?
... View more
Labels
- Labels:
-
using SOAR ⁄ Phantom
11-16-2021
05:15 AM
Hi team I found main flow will not run after adding branch flow , is it known limitation ? thanks
... View more
- Tags:
- playbook
Labels
- Labels:
-
using SOAR ⁄ Phantom
10-06-2021
07:31 AM
Just one clarification, "id" was being used in index1 for other meaning. Testing your query , I cant get values of start_time in index2
... View more
10-06-2021
05:52 AM
Thanks @somesoni2. Can we have a quick webex and discussion on this ? I am on this webex in another 1 hour from now. Join Mywebex
... View more
10-05-2021
08:35 AM
Sorry just one correction, field name of container in index1 is "container" and is renamed as "id" in index2 event log. Index2 events (base query: index=index2 ...) "id":"1497","start_time":"2021-09-26T8:53:16.232759Z" "id":"1498","start_time":"2021-09-25T8:53:16.232759Z"
... View more
10-05-2021
08:01 AM
Thanks for your reply , here are more detailed requirement, I've got some logs I need to join and put on the same row and difference values . Index1 events: (base query: index=index1 playbook=100) "Playbook":"100","update_time":"2021-09-27T10:51:16.572759Z","container":"1497" "Playbook":"100","update_time":"2021-09-27T10:52:16.572759Z","container":"1498" "Playbook":"100","update_time":"2021-09-27T10:53:16.572759Z","container":"1499" ........ Index2 events (base query: index=index2 😞 "container":"1497","start_time":"2021-09-26T8:53:16.232759Z" "container":"1498","start_time":"2021-09-25T8:53:16.232759Z" ..... Desired output: container start_time update_time time_diff(update_time-start_time) 1497 2021-09-26T8:53:16.232759Z 2021-09-27T10:51:16.572759Z xxx 1498 2021-09-25T8:53:16.232759Z 2021-09-27T10:52:16.572759Z xxxx 1499 .... Appreciated for any comments.
... View more
09-28-2021
07:24 AM
Hi All I have a question and need to do the following: Search contidtion_1 from (index_1 ) and then get the value of field_1 and the value of field_2. then search the value of field_1 from (index_2 ) and get value of field_3. I want to have a difference calculation between value of field_2 and value of field_3. It it possible to achieve this using a single query?
... View more
Labels
- Labels:
-
subsearch
07-30-2021
07:30 PM
It has been resolved by installing add-on and mapping cef field , thanks
... View more
07-29-2021
07:12 PM
After integration with ISE 2.4 successfully , I test action of quarantine for a device , phantoms shows it has been quarantined. however I cannot find any changes on ISE. ERS R/W has been enable Client MAC should be in list of ANC quarantine ? how can I do further troubleshooting
... View more
- Tags:
- action
Labels
- Labels:
-
using SOAR ⁄ Phantom
07-29-2021
07:05 PM
when the original syslog was forwarded to phantom, some key filed(like srcIP/dstIP) was missing artifact. these key filed was in raw_data if we search artifiact in splunk. can phantom identify/parse these field and add artifact automatically ?
... View more
- Tags:
- artifacts
Labels
- Labels:
-
using SOAR ⁄ Phantom
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-14-2023
06:32 AM
|
