Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About hichem_khalfi
hichem_khalfi
Path Finder
Member since:
02-02-2022
10-12-2022
Community Statistics
| Posts | 45 |
| Solutions | 0 |
| Karma Given | 17 |
| Karma Received | 0 |
| Member Since | 02-02-2022 |
Activity Feed
- Posted Re: Should I switch to TCP instead of UDP? And, how do I send email alerts? on Splunk Enterprise. 08-06-2022 04:35 AM
- Posted Re: An Alert returned an Email undeliverable, but I cannot find the email in the schedule? on Alerting. 08-05-2022 04:09 PM
- Posted 2 problems: Can't send alert mail or download apps on the portal because of the wrong password? on Splunk Enterprise. 08-05-2022 04:59 AM
- Tagged 2 problems: Can't send alert mail or download apps on the portal because of the wrong password? on Splunk Enterprise. 08-05-2022 04:59 AM
- Posted Re: Should I switch to TCP instead of UDP? And, how do I send email alerts? on Splunk Enterprise. 08-05-2022 04:51 AM
- Karma Re: Should I switch to TCP instead of UDP? And, how do I send email alerts? for richgalloway. 08-05-2022 04:51 AM
- Posted Re: Why am I not receiving alert by mail even though I've configured correctly? on Alerting. 08-03-2022 12:05 PM
- Karma Re: Why am I not receiving alert by mail even though I've configured correctly? for richgalloway. 08-03-2022 12:01 PM
- Posted Should I switch to TCP instead of UDP? And, how do I send email alerts? on Splunk Enterprise. 08-03-2022 01:33 AM
- Tagged Should I switch to TCP instead of UDP? And, how do I send email alerts? on Splunk Enterprise. 08-03-2022 01:33 AM
- Posted Re: Why am I not receiving alert by mail even though I've configured correctly? on Alerting. 08-03-2022 12:24 AM
- Karma Re: alert by mail for richgalloway. 08-02-2022 12:04 PM
- Posted Why am I not receiving alert by mail even though I've configured correctly? on Alerting. 08-02-2022 05:56 AM
- Tagged Why am I not receiving alert by mail even though I've configured correctly? on Alerting. 08-02-2022 05:56 AM
- Karma Re: get data splunk for chaker. 07-29-2022 09:55 AM
- Karma Re: get data splunk for gcusello. 07-29-2022 09:55 AM
- Karma Re: get data splunk for gcusello. 07-29-2022 09:55 AM
- Karma Re: get data splunk for gcusello. 07-29-2022 09:55 AM
- Karma Re: get data splunk for gcusello. 07-29-2022 09:55 AM
- Karma Re: get data splunk for gcusello. 07-29-2022 09:55 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-06-2022
04:35 AM
Hi @richgalloway I see the same problem which is related to the password when I consult index = internal "sendmail" I notice that the problem: bad password although I am sure that I type it correctly the same problem when installing apps via the portal I type my credentials but I can't access splunkbase however when I navigate to the site I can access and do everything so the splunk enterprise portal refuses identification
... View more
08-05-2022
04:09 PM
Hi @saibhargavg Please what version are you using ??? Because i have a problem with sending mail : inuse a correct password but splunk didnt accept it so let me change the version, i'm using 8.2.5 and you ??
... View more
08-05-2022
04:59 AM
please help me I have 2 problems the first problem with sending alerts by email: in analysnat index= _internal "sendmail" it notifies me that it has a bad password problem but I am sure of entering my password
the second problem with access to splunkbase via splunk portal: I can't access splunkbase via the splunk enterprise portal to download applications, (bad password too) however I can do that through URL
is there a workaround because it is very important to send alert emails?? for app installation; I manage, I download from the site then I install it but I must have a solution for the problem of alert emails.
... View more
- Tags:
- mails
Labels
- Labels:
-
administration
-
configuration
08-05-2022
04:51 AM
hi @richgalloway my problem comes from the splunk portal: after the problem of sending alerts by email, the portal does not accept my splunk account. I can't access splunkbase through the splunk enterprise portal to download applications, but I can do that through URL is there a workaround because it is very important to send alert emails?? for app installation; I manage, I download from the site then I install it but I must have a solution for the problem of alert emails.
... View more
08-03-2022
12:05 PM
Hi @richgalloway Bad username and password it's a password problem but I have a problem: my password is made up of 9 syllables example: 123456789 on the other hand I notice that the registered password is composed of only 6 syllables because there are 6 stars (******), I tried to delete all the registered passwords but always the same problem
... View more
08-03-2022
01:33 AM
please i need some informations because i have some issues:
1- i'm using udp port to send logs from my antivirus server to splunk server, I noticed that the logs come after a delay of 2 and 3 hours, my question: is it advisable to switch to TCP instead of UDP to guarantee the reception of the logs??
2- I have a problem with sending alert emails, the configuration is correct, well I noticed that the saved password is different to my password (number of stars) assuming my password is 12345678 then I must have 8 stars (********) but when I check the configuration I find only 6 stars which indicates that it is not my password, I I erased all saved passwords but still the same problem note that the alert works perfectly (display on the console) but the email is not sent.
... View more
- Tags:
- informations
Labels
- Labels:
-
administration
-
configuration
08-03-2022
12:24 AM
hi @richgalloway 1- i'm using smtp.gmail.com:587 is correct or no ???? 2- what command should i use to verify sending mail ??? sorry i d'ont know it , just i write index=_internal ???
... View more
08-02-2022
05:56 AM
helllo
I can't receive an email alert despite having configured it correctly the alert is launched on the portal indicating the outcome but the email is absent
1- mail serer configuration! smptm.gmail.com: 587 I added a gmail address with password
2-alert configuration: I put a destination address: I put an outlook address
please help me to fix it
... View more
- Tags:
- alert mail
Labels
- Labels:
-
configuration
07-29-2022
09:22 AM
hi @gcusello Super ; problème résolu dernière question ; dans le cas où j'ai 2 serveurs avec un dépassement de quota et que je souhaite regrouper leurs données dans un 3ème serveur y a-t-il une solution?
... View more
07-29-2022
06:58 AM
HI @gcusello please clarify me a bit more, I copied all the var/lib/splunk folder, but I didn't copy any index.conf files because I use index by default: index=main but I have no results on the new server where are the files indexes.conf to copy them? do you know the exact path? thanks
... View more
07-29-2022
03:22 AM
HI @gcusello this is what I want to know: 1/ how can I have this academic license? the procedure ? 2/ I know I'm talking about technical stuff but I want to be sure of a few points: by copying this folder ($SPLUNK_HOME/var/lib/splunk) I make sure that all the old data will be present on the new server?? I used only one index by default (main) so what should I do ? thank you
... View more
07-29-2022
01:56 AM
Hi @gcusello what I understand then: I can no longer use this server now because I had a test model containing a firewall and an antivirus with its own indexes 2- Is there a solution to complete the tests on a new splunk server without losing the existing information on the first server?
... View more
07-29-2022
01:44 AM
Hi @gcusello 1- what I understand then: I can no longer use this server now because I had a test model containing a firewall and an antivirus with their own indexew, i used index= main for them 2- Is there a solution to complete the tests on a new splunk server without losing the existing information on the first server?
... View more
07-29-2022
01:26 AM
hi @chaker I am preparing a presentation on splunk I lost my first license after 3 quota overruns, and as you know if I prepare a new splunk server I lose all information on the first server that's why I'm looking for a solution to have them on the second server
... View more
07-29-2022
01:04 AM
Hi please I have 3 questions regarding the splunk enterprise solution (500 mega free log)
infact I am a student and I want to master this solution
1/ after 3 quota overruns, what exactly happens? does splunk server stop receiving logs or what??
2/ what is the difference between: Free license and Enterprise Trial license?
3/ in case I had 2 splunk servers and I want to put one of the 2 as slave because I will need it but I only need the logs that analyzed it, what happens technically?
... View more
- Tags:
- splunk slave
Labels
- Labels:
-
other
07-26-2022
03:59 AM
HI 1- I don't understand do I have to install TA WINDOWS on the splunk server or not because gcusello said no??? 2- yes i choosed this path 3- i used this command now and i had result | ldapsearch domain=TRANSVET search="(objectClass=user)" attrs="sAMAccountName,cn" so i have connection between splnk server and server active directory but why i cant save the password , in my environment i always find the empty password box and i retype it evry time
... View more
07-26-2022
03:11 AM
Regarding SA-ldapsearch I have already installed on splunk server only and I did the configuration successfully and the test passed but I can no longer save the password: if I close his tab and I come back: I find all the saved information except the password I don't understand why and can this thing cause problems, I insist that when I type the password again I always had a connection with the AD server
... View more
07-26-2022
03:06 AM
so my first mistake: I installed TA WINDOWS on splunk server and I have to delete it..ok. and considering "TA_microsoft_ad" I install it on the splunk server and forward it or not?? I apologize but I need to know the correct configuration because every one tells me contradictory information to the other
... View more
07-26-2022
02:53 AM
like I said : on the Splunk server I installed Splunk_TA_windows Splunk_TA_microsoft_ad SA-ldapsearch (I don't know why I can't save the domain password on this add on despite the connection being successful) on the active directory server which is my Forwarder I installed only Splunk_TA_windows Splunk_TA_microsoft_ad I used only one Forwarder because normally the AD server can provide me with the information of all users. but despite that I can't find information on a few users 1/ do I have to install SA-ldapsearch?? thank you for briefly describing his role 2/ please check my input.conf file
... View more
07-26-2022
02:38 AM
tank you for your answer no no I installed the redictor only on the active directory server, I only checked the box: enable AD monitoring because I want the information to come from the server after that I created the folder on the 2 paths SPLUNK_HOME\etc\apps folder\local SPLUNK_FORWARDER\etc\apps folder\local in these 2 paths I put the same configuration file input.conf I know the eventcode but the problem that I can have users and others not: for example I have 4 users who logged in at 9am but on the console I find only 2 the problem does not come from the user station because I only take all the information from the server and for that I asked for the best procedure for monitoring users active directory
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-12-2022
09:09 AM
|
