Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About tokio13
tokio13
Path Finder
Member since:
01-11-2022
03-23-2023
Community Statistics
| Posts | 36 |
| Solutions | 2 |
| Karma Given | 15 |
| Karma Received | 4 |
| Member Since | 01-11-2022 |
Activity Feed
- Got Karma for Re: How to make visio icons appear correctly in Visio ?. 08-13-2023 11:26 PM
- Got Karma for Re: How to make visio icons appear correctly in Visio ?. 08-02-2023 02:43 AM
- Got Karma for Why are we getting an error "SCRAM-SHA-1 authentication failed" on kvstore?. 07-19-2023 08:50 AM
- Posted Re: Ingesting logs from SFTP Server via HF on Getting Data In. 03-23-2023 06:45 AM
- Posted Ingesting logs from SFTP Server via HF on Getting Data In. 03-23-2023 12:17 AM
- Tagged Ingesting logs from SFTP Server via HF on Getting Data In. 03-23-2023 12:17 AM
- Posted Re: Usecases, content ES and Source types on Getting Data In. 09-15-2022 04:56 AM
- Posted Usecases, content ES and Source types- Could someone explain how this works with content that comes with ES? on Getting Data In. 09-15-2022 12:35 AM
- Posted Re: Sourcetype, usecase on Getting Data In. 09-14-2022 08:36 AM
- Karma Re: Sourcetype, usecase for richgalloway. 09-14-2022 08:35 AM
- Karma Re: Sourcetype, usecase for gcusello. 09-14-2022 08:35 AM
- Posted How do correlation searches work with other source types if the source types weren't specified in search? on Getting Data In. 09-14-2022 07:30 AM
- Posted Re: Want to combine all the source types in single search result. on Getting Data In. 09-14-2022 07:19 AM
- Posted Re: Top Notable Event Sources - with HOSTNAME on Splunk Search. 04-27-2022 07:22 AM
- Tagged Re: Top Notable Event Sources - with HOSTNAME on Splunk Search. 04-27-2022 07:22 AM
- Posted Re: Top Notable Event Sources - with HOSTNAME on Splunk Search. 04-21-2022 03:58 AM
- Posted How to create a query wit top notable event sources with HOSTNAME? on Splunk Search. 04-21-2022 02:36 AM
- Tagged How to create a query wit top notable event sources with HOSTNAME? on Splunk Search. 04-21-2022 02:36 AM
- Posted Re: Where to find Telecom-Security use cases on Splunk Enterprise Security. 04-05-2022 04:23 AM
- Karma Re: Where to find Telecom-Security use cases for VatsalJagani. 04-05-2022 01:04 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 |
03-23-2023
06:45 AM
Since with the first solution I would end up with the logs (received from the STFP server) stored on the same VM where the HF is ( to use local monitor input) this would mean that the VM storage needs to increase. Since I don't have the storage available I guess I'm stuck. Would you be kind to elaborate on the creation of a scripted input to log in to the remote server and fetch the results?
... View more
03-23-2023
12:17 AM
Hello, Can someone guide me on how can I ingest logs from a SFTP server? I have available Heavy Forwarders that sit outside the SFTP location. Thanks!
... View more
- Tags:
- data
Labels
- Labels:
-
data
09-15-2022
04:56 AM
So basically unless the correlation searches that come by default out-of-the-box with Enterprise Security are being modified/customized they won't apply straight forward to the logs that are being forwarded from the nodes?
... View more
09-15-2022
12:35 AM
Hello everyone,
I'd appreciate if anyone could step in to help me with an unclarity that I have.
For use cases (anything in the Enterprise Security > content), I have found out that for the NEW correlation searches that will be created I can use macros or eventtypes/tags in my correlation search to address all existing source types AND new source types that might be onboarded to have all my use cases (CSs up to date).
Could someone explain, how is this working with the content that comes by default with Enterprise Security? How do those out-of-the-box correlation searches (saved searches and all the others) know how to look into data from my source types if the source types aren't specified?
Thank you in advance to anyone that will take they time to make this clear to me
... View more
Labels
- Labels:
-
other
-
sourcetype
09-14-2022
08:36 AM
This was very insightful! Thank you both Things have much more sense now
... View more
09-14-2022
07:30 AM
Hello everyone,
I have the following question:
For use cases (anything in the Enterprise Security > content), let's say I have 5 sourcetypes. If I create a new correlation search that I want to work for these 5 sourcetypes that I have the following:
index=something sourcetype=something1 OR sourcetype=something2 OR sourcetype=something3 OR sourcetype=something4 OR sourcetype=something5
That would mean that whenever a new source type is onboarded I would have to manually add it to all the correlation searches that I created or that are by default in Splunk Enterprise Security content.
How do other correlation searches work (the ones that come by default with ES) with other source types if the source types weren't specified in the query?
... View more
Labels
- Labels:
-
sourcetype
09-14-2022
07:19 AM
How did you solve this?
... View more
04-27-2022
07:22 AM
It actually worked only if I mention the Indexer, but that looks to consume quite a lot of resources
... View more
- Tags:
- d
04-21-2022
02:36 AM
Hello
Could someone help me with a query?
I have this default report Top Notable Event Sources which returns me IP's (count, sparkline etc). How can I add an extra column to have the hostname of those IP's?
... View more
- Tags:
- ip
Labels
- Labels:
-
other
04-05-2022
04:23 AM
Thank you Vatsal for your recommendations. I'll be leaving the post open, maybe there are other people that can suggest other resources as well. Cheers
... View more
04-04-2022
10:19 AM
Hi all,
Can somebody recommend some sources from where I could learn about writing and implementing Telecom-Security use cases for Splunk?
I'd appreciate any suggestions and recommendations.
Cheers
... View more
Labels
- Labels:
-
correlation search
03-03-2022
05:11 AM
Hello,
What could be the explanation for a Correlation Search that is set to run live, on the Next Scheduled Time tab in /app/SplunkEnterpriseSecuritySuite/ess_content_management it appears that the Next Scheduled Time to be in the past. (today is 3rd of march) This is also not triggering any events in the Incident Review Tab in Enterprise Security app.
Thanks to anyone that can give any hints
I appreciate
... View more
Labels
That worked fine for me. Went on the Design tab, and selected no Theme and now they look like in the picture below. Thanks!
... View more
02-28-2022
11:02 AM
I followed this solution and that solved my problem. (the steps from the solution should be applied to all the SH's even if you have problems with only one) https://community.splunk.com/t5/Knowledge-Management/Kvstore-has-stuck-at-starting-stage-for-all-the-search-heads-in/m-p/469564#M4150
... View more
02-28-2022
10:59 AM
I followed this solution and that solved my problem. (if you experience problem with only one SH, you should perform the solution below at the same time on all the SH) https://community.splunk.com/t5/Knowledge-Management/Kvstore-has-stuck-at-starting-stage-for-all-the-search-heads-in/m-p/469563
... View more
02-28-2022
04:54 AM
I was able to solve the problem by going to the /opt/splunk/etc/apps/search/lookups/ and removing a .csv that was exported by an old search query (output) and was actually not needed. Thanks every one once again!
... View more
02-28-2022
01:48 AM
For 1 of the 3 SH I get this message (not the capitan): xxxxxxxxxxxxxxxx-sh1:8191 configVersion : -1 hostAndPort : xxxxxxxxxxxxxxxx-sh1:8191 lastHeartbeat : Mon Feb 28 11:46:21 2022 lastHeartbeatRecv : ZERO_TIME lastHeartbeatRecvSec : 0 lastHeartbeatSec : 1646041581.267 optimeDate : ZERO_TIME optimeDateSec : 0 pingMs : 1 replicationStatus : Down uptime : 0
... View more
02-28-2022
01:44 AM
Hello, Did anyone else encountered this problem on a Search Head? KV Store changed status to failed. No suitable servers found: `serverSelectionTimeoutMS` expired. I tried all the solutions that I could find related to this problem, but without success.
... View more
Labels
- Labels:
-
search head
02-28-2022
01:38 AM
How did you solve this? I know this is an old post but hey, I'm trying..
... View more
02-25-2022
07:03 AM
1 Karma
Hello,
I'm experiencing some issues on kvstore:
[conn4556] SCRAM-SHA-1 authentication failed for __system on local from client xxx.xxx.x.xx:xxxxx ; AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch
I followed this https://community.splunk.com/t5/Deployment-Architecture/Why-is-the-KV-Store-status-is-showing-as-quot-starting-quot-in/m-p/284690 as for 1SH (total of 3) I'm reciving:
This member:
backupRestoreStatus : Ready
disabled : 0
guid : xxxxxxxxxxxxxxxxxxxxxx
port : 8191
standalone : 0
status : starting
storageEngine : mmapv1
I appreciate any help
... View more
Labels
- Labels:
-
Linux
02-24-2022
09:34 AM
I followed the documentation that you mentioned and everything looks the same on all my three Search Heads.
... View more
02-24-2022
08:39 AM
I have access to distsearch.conf on all of my search heads (3) . In this environment Cluster Master instance acts as Deployer. And the deployer acts like CM, they sit on the same instance. (+3IDX) I get the [ Knowledge bundle size=2608MB exceeds max limit=2000MB. Distributed searches are running against an outdated knowledge bundle. Please remove/disable files from knowledge bundle or increase maxBundleSize in distsearch.conf ] notification on the capitan of the search head cluster. This affects my searches: Expected common latest bundle version on all peers after sync replication, found none. Reverting to old behavior - using most recent bundles on all
... View more
- Tags:
- knowledge bundle
02-24-2022
07:47 AM
Unfortunately I was unable to resolve my issue with the mentioned answers. I'm still working on this but I appreciate you suggestions.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-23-2023
06:28 AM
|
Karma given to
