Activity Feed
- Karma Re: Is there a way to encrypt sensitive data in index time and decrypt it in search time in Splunk? for Chiranjeev. 04-18-2023 11:51 AM
- Posted Re: splunk encryption on Splunk Search. 04-18-2023 06:35 AM
- Posted Does anyone know what is explore data option under settings? on Splunk Enterprise. 04-18-2023 05:41 AM
- Posted Re: splunk encryption on Splunk Search. 04-18-2023 05:37 AM
- Posted Is there a way to encrypt sensitive data in index time and decrypt it in search time in Splunk? on Splunk Search. 04-18-2023 12:16 AM
- Posted Re: How to combine multiple events into a single event based on identical timestamp on Getting Data In. 03-18-2023 11:35 PM
- Posted Re: How to combine multiple events into a single event based on identical timestamp on Getting Data In. 03-18-2023 11:26 PM
- Karma Re: How to combine multiple events into a single event based on identical timestamp for gcusello. 03-18-2023 11:22 PM
- Karma Re: How to combine multiple events into a single event based on identical timestamp for PickleRick. 03-18-2023 11:22 PM
- Posted How to combine multiple events into a single event based on identical timestamp? on Getting Data In. 03-17-2023 11:09 PM
- Posted Is it possible to do Line breaking and Event breaking in Universal Forwarder ? on Splunk Enterprise. 02-13-2023 12:17 AM
- Posted Why am I getting null values in my results? on Splunk Enterprise. 10-18-2022 08:07 AM
- Posted Re: How to check when splunk's automatic processing is finished? on Splunk Enterprise. 08-22-2022 06:23 AM
- Posted Re: Restrict users from export data on Splunk Enterprise. 03-30-2022 11:27 PM
- Posted Re: Restrict users from export data on Splunk Enterprise. 03-30-2022 11:15 PM
- Karma Re: Restrict users from export data for VatsalJagani. 03-30-2022 11:11 PM
- Posted Re: Restrict users from export data on Splunk Enterprise. 03-30-2022 10:48 PM
- Posted Re: How to search a splunk search result? on Splunk Search. 03-30-2022 09:48 PM
- Posted How to restrict users from export data via RestAPI, CLI ? on Splunk Enterprise. 03-30-2022 09:41 PM
- Posted How to upgrade Splunk from 8.2.2 to latest version? on Splunk Enterprise. 03-29-2022 09:57 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-18-2023
06:35 AM
I recently came across the below link, seems to be very interesting. Do you have any idea about it ? FINAL_FN120332_AngeloBrancato&DirkNitschke_Splunk_DataObfuscation
... View more
04-18-2023
05:41 AM
Does anyone know what is explore data option under settings ?
is there any documentation available ? It seems interesting to have virtual index and search from it. will the licensing impact if we create and use a virtual index ?
... View more
Labels
- Labels:
-
configuration
04-18-2023
05:37 AM
We are implementing an use case for a Financial institution. The requirement is the Credit card information should be encrypted in indextime and then the privileged role user can see the credit card information if needed in the search time.
... View more
04-18-2023
12:16 AM
Hi folks,
Is there a way to encrypt sensitive data in index time and decrypt it in search time in Splunk ? if yes, how can we do this ?
... View more
03-18-2023
11:35 PM
Thank you so much for your detailed quick response @gcusello. The third column of the raw log ([00000006]) is called Thread identifier, I want to take that value in account. So, my logic would be that if the Thread identifier and identical time stamp is same then it should be one event. How can we do that in SPL ? & is it possible to accomplish this in index time extraction ?
... View more
03-18-2023
11:26 PM
Thanks for the quick response @PickleRick. could you please explain more about your best solution? PickleRick: The best solution would be to reconfigure the source, if possible to send the data in some more... friendly format.
... View more
03-17-2023
11:09 PM
Hi, I am exporting my SAS server but it's splitting one big event to multiple small events with identical timestamp. I want to combine these small events to one event in splunk (index_time/search_time) .
Please refer to the below _raw log.
2021-09-16T14:56:13,979 INFO [00000003] :sas - NOTE: Unable to open SASUSER.PROFILE. WORK.PROFILE will be opened instead. 2021-09-16T14:56:13,980 INFO [00000003] :sas - NOTE: All profile changes will be lost at the end of the session. 2021-09-16T14:56:13,980 INFO [00000003] :sas - 2021-09-16T14:56:14,003 INFO [00000006] :sas - 2021-09-16T14:56:14,003 INFO [00000006] :sas - NOTE: Copyright (c) 2016 by SAS Institute Inc., Cary, NC, USA. 2021-09-16T14:56:14,003 INFO [00000006] :sas - NOTE: SAS (r) Proprietary Software 9.4 (TS1M7) 2021-09-16T14:56:14,003 INFO [00000006] :sas - Licensed to MSF -SI TECH DATA (DMA DEV), Site 70251144. 2021-09-16T14:56:14,003 INFO [00000006] :sas - NOTE: This session is executing on the Linux 3.10.0-1160.83.1.el7.x86_64 (LIN X64) platform. 2021-09-16T14:56:14,003 INFO [00000006] :sas - 2021-09-16T14:56:14,003 INFO [00000006] :sas - 2021-09-16T14:56:14,003 INFO [00000006] :sas - 2021-09-16T14:56:14,003 INFO [00000006] :sas - NOTE: Additional host information: 2021-09-16T14:56:14,003 INFO [00000006] :sas - 2021-09-16T14:56:14,003 INFO [00000006] :sas - Linux LIN X64 3.10.0-1160.83.1.el7.x86_64 #1 SMP Mon Dec 19 10:44:06 UTC 2022 x86_64 Red Hat Enterprise Linux Server release 7.9 (Maipo) 2021-09-16T14:56:14,003 INFO [00000006] :sas - 2021-09-16T14:56:14,006 INFO [00000006] :sas - You are running SAS 9. Some SAS 8 files will be automatically converted 2021-09-16T14:56:14,007 INFO [00000006] :sas - by the V9 engine; others are incompatible. Please see 2021-09-16T14:56:14,007 INFO [00000006] :sas - http://support.sas.com/rnd/migration/planning/platform/64bit.html 2021-09-16T14:56:14,007 INFO [00000006] :sas - 2021-09-16T14:56:14,007 INFO [00000006] :sas - PROC MIGRATE will preserve current SAS file attributes and is 2021-09-16T14:56:14,007 INFO [00000006] :sas - recommended for converting all your SAS libraries from any 2021-09-16T14:56:14,007 INFO [00000006] :sas - SAS 8 release to SAS 9. For details and examples, please see 2021-09-16T14:56:14,007 INFO [00000006] :sas - http://support.sas.com/rnd/migration/index.html 2021-09-16T14:56:14,007 INFO [00000006] :sas - 2021-09-16T14:56:14,007 INFO [00000006] :sas - 2021-09-16T14:56:14,007 INFO [00000006] :sas - This message is contained in the SAS news file, and is presented upon 2021-09-16T14:56:14,007 INFO [00000006] :sas - initialization. Edit the file "news" in the "misc/base" directory to 2021-09-16T14:56:14,007 INFO [00000006] :sas - display site-specific news and information in the program log. 2021-09-16T14:56:14,007 INFO [00000006] :sas - The command line option "-nonews" will prevent this display. 2021-09-16T14:56:14,007 INFO [00000006] :sas - 2021-09-16T14:56:14,007 INFO [00000006] :sas - 2021-09-16T14:56:14,007 INFO [00000006] :sas - 2021-09-16T14:56:14,007 INFO [00000006] :sas - 2021-09-16T14:56:14,008 INFO [00000006] :sas - NOTE: SAS initialization used: 2021-09-16T14:56:14,008 INFO [00000006] :sas - real time 0.19 seconds 2021-09-16T14:56:14,008 INFO [00000006] :sas - cpu time 0.08 seconds 2021-09-16T14:56:14,008 INFO [00000006] :sas - 2021-09-16T14:56:14,331 INFO [00000005] :sas - SAH011001I SAS Metadata Server (8561), State, starting 2021-09-16T14:56:14,362 INFO [00000009] :sas - The maximum number of cluster nodes was set to 8 as a result of the OMA.MAXIMUM_CLUSTER_NODES option. 2021-09-16T14:56:14,362 INFO [00000009] :sas - OMACONFIG option 1 found with value OMA.SASSEC_LOCAL_PW_SAVE and processed. 2021-09-16T14:56:15,160 INFO [00000009] :sas - Using AES with 64-bit salt and 10000 iterations for password storage. 2021-09-16T14:56:15,160 INFO [00000009] :sas - Using SASPROPRIETARY for password fetch. 2021-09-16T14:56:15,160 INFO [00000009] :sas - Using SHA-256 with 64-bit salt and 10000 iterations for password hash. 2021-09-16T14:56:15,169 INFO [00000009] :sas - SAS Metadata Authorization Facility Initialization. 2021-09-16T14:56:15,169 INFO [00000009] :sas - SAS is an adminUser. 2021-09-16T14:56:15,169 INFO [00000009] :sas - SASTRUST@SASPWI is a trustedUser. 2021-09-16T14:56:15,170 INFO [00000009] :sas - SASADM@SASPWI is an unrestricted adminUser. Thanks in advance.
... View more
Labels
- Labels:
-
field extraction
02-13-2023
12:17 AM
Is it possible to do Line breaking and Event breaking in Universal Forwarder ?
... View more
Labels
- Labels:
-
configuration
10-18-2022
08:07 AM
I have a search
index="xyz" sourcetype="csv"
| fillnull value="unknownMan" field1 field2 field3 field4
| eventstats dc(field1) as xyz by field2 field3 field4
| table field1 field2 field3 field4
while running this, i'm getting NULL values in the results?
Please help me with this why NULL values will be coming when there is no NULL values in the events??
... View more
Labels
- Labels:
-
configuration
08-22-2022
06:23 AM
He means, whenever we save a search as an alert we have two options. 1. scheduled 2. Real- time. How to do he confirm that the scheduled search has been executed.
... View more
03-30-2022
11:27 PM
is there any best practices for running Splunk's API from an external system? Documentation would be appreciated.
... View more
03-30-2022
11:15 PM
Thanks for your response . i have one more doubts. Is it possible to set up a new port dedicated to API in splunk ? if yes please tell me the process , Documentation would be appreciated.
... View more
03-30-2022
10:48 PM
Thanks for your quick response. As i already mentioned i know "export _ results _ is _ visible" role capability makes the restriction on SplunkWeb. i just want to restrict a specific user to export from RestAPI, CLI. is it possible ?
... View more
03-30-2022
09:48 PM
Does anyone happens to know , how can we restrict users from export data via RestAPI, CLI ? would appreciate splunk documentation .
... View more
03-30-2022
09:41 PM
Hi splunkers,
i know how we can restrict users from export data in splunk web.
Does anyone happens to know , how can we restrict users from export data via RestAPI, CLI ?
... View more
Labels
03-29-2022
09:57 PM
i want to upgrade splunk from 8.2.2 to latest version.
is there a way to output the data stored in Splunk to another storage ??
please provide splunk documentation.
Appreciate your time.
... View more
Labels
- Labels:
-
configuration
-
installation
-
upgrade
03-28-2022
11:28 PM
i investigated and found out no large amount of traffic inflow in that specific time range. and one more thing those are Derive type of data and was imported in HEC.
... View more
03-28-2022
09:56 PM
i'm getting a strange number of bytes (IF-MIB:: ifHCInOctets, IF-MIB:: ifHCOutOctets) received/sent on the device interface. a value of nearly 90 times of the normal value is displaying. This is only happening when a memory spike in the indexer. can you tell me why it's happening ? and what could be the possible solution ?
... View more
03-28-2022
09:43 PM
a value of nearly 90 times of the normal value is displaying. This is only happening when a memory spike in the indexer. can you tell me why it's happening ? and what could be the possible solution ?
... View more
03-28-2022
04:43 AM
How to resolve memory spike ?
... View more
Labels
- Labels:
-
configuration
-
installation
-
troubleshooting
03-22-2022
12:11 AM
no, i'm not saying it's a problem. i just want to know. does splunk very often update the password file ?
... View more
03-21-2022
10:41 PM
Thanks for the quick response yes i meant $SPLUNK_HOME/etc/passwd but recently i did not change any user information, roles, password. but still the file automatically updated itself.
... View more
03-21-2022
09:53 PM
Hi, Splunkers, I have a doubt. now currently using Splunk enterprise 8.2.5, today morning the etc/password file auto-updated and detected by a third party software ( confidential ). I never changed the file, so my question is-- does Splunk auto-update the $SPLUNK_HOME/etc/password file? please provide any Splunk documentation
... View more
Labels
- Labels:
-
configuration
-
installation
03-16-2022
05:44 AM
hi everyone, i have some doubts in indexer clustering how to stop data replication ? please provide splunk documentation.
... View more
Labels
- Labels:
-
indexer clustering
03-16-2022
02:19 AM
How do i enable Splunk App for AWS with Detailed billing report with resources and tags ? i want to automate this to monthly basis. please tell me step by step procedure.
... View more
- Tags:
- aws
- splunk-enterprise
