×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
alek_cybersec
Explorer
Member since: ‎02-07-2022
‎03-06-2023
Community Statistics
Posts 5
Solutions 0
Karma Given 3
Karma Received 3
Member Since ‎02-07-2022
Activity Feed
View All

Re: Why does ps eventtype has no 'report' tag?

by in All Apps and Add-ons
‎09-06-2024 08:09 AM
‎09-06-2024 08:09 AM
Did you end up creating the tag to get the endpoint.processes data model to populate? I am seeing the same issue in Splunk_TA_nix 9.7.0  ... View more

Re: Linux UF boot-start issues and non-impacting e...

by in Installation
‎07-31-2024 01:37 AM
‎07-31-2024 01:37 AM
And what is the fix for that? Because this annoying error is messing up with ansible variables. I had to use Splunk UF version 8.x - it works fine. I had other issues on Splunk Enterprise version 9.x - disappointing ... View more

Splunk_TA_microsoft_sysmon v1.0.1 incomplete Regis...

by in All Apps and Add-ons
‎02-07-2022 07:37 AM
‎02-07-2022 07:37 AM
I'd like to report an incomplete transform of RegistryValueData in Splunk_TA_microsoft_sysmon v1.0.1 Now it looks like: [sysmon-registryvaluedata] REGEX = <Data Name='Details'>\w+\s\((.+)\)</Data> FORMAT = RegistryValueData::$1 So it works fine when Details contains: DWORD (0x00000001) But when it is a string value, it doesn't make sense.  What about this transform? [sysmon-registryvaluedata] REGEX = <Data Name='Details'>(?:([^(^)]*)|\w+\s\((.+)\))</Data> FORMAT = RegistryValueData::$1 ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-06-2023 07:03 AM
Karma from
View All
Karma given to
View All