Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About debjit_k
debjit_k
Path Finder
Member since:
02-18-2022
2 weeks ago
Community Statistics
| Posts | 69 |
| Solutions | 0 |
| Karma Given | 14 |
| Karma Received | 0 |
| Member Since | 02-18-2022 |
Activity Feed
- Posted Re: How to find EPS/GB? on Getting Data In. 2 weeks ago
- Posted How to find EPS/GB? on Getting Data In. 2 weeks ago
- Posted Re: Splunk Version Query on Getting Data In. 3 weeks ago
- Posted What is the most stable version of Splunk presently? on Getting Data In. 3 weeks ago
- Posted Re: How to convert the data from JSON format to raw logs? on Getting Data In. 12-20-2022 06:38 PM
- Karma Re: How to convert the data from JSON format to raw logs? for gcusello. 12-20-2022 06:28 PM
- Karma Re: How to convert the data from JSON format to raw logs? for m_pham. 12-20-2022 06:28 PM
- Posted Re: How to convert the data from JSON format to raw logs? on Getting Data In. 12-20-2022 08:12 AM
- Posted How to convert the data from JSON format to raw logs? on Getting Data In. 12-19-2022 07:16 PM
- Posted Re: Dropping a subnet at index on Getting Data In. 12-18-2022 05:37 PM
- Karma Re: Dropping a subnet at index for gcusello. 12-18-2022 05:37 PM
- Karma Re: Trend Micro Vision one integration for gcusello. 12-18-2022 05:37 PM
- Posted Re: Trend Micro Vision one integration on All Apps and Add-ons. 12-18-2022 06:00 AM
- Posted Re: Dropping a subnet at index on Getting Data In. 12-18-2022 05:55 AM
- Karma Re: Dropping a subnet at index for gcusello. 12-18-2022 05:55 AM
- Posted How to drop a subnet at index? on Getting Data In. 12-17-2022 07:30 PM
- Posted Trend Micro Vision one integration on All Apps and Add-ons. 12-15-2022 06:59 PM
- Posted Re: need to optimize the current query on Deployment Architecture. 12-10-2022 02:46 AM
- Karma Re: need to optimize the current query for gcusello. 12-10-2022 02:46 AM
- Posted How to optimize the current query? on Deployment Architecture. 12-09-2022 11:32 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
2 weeks ago
Thank you for the query. Actually I'm looking for EPS only. Will the below query works just to find EPS. Thanks Debjit
... View more
2 weeks ago
Hi All,
Need little help I need to find EPS/GB of my existing data.
How to find out that data do we have any SPL for this or how it this.
Thanks
... View more
Labels
3 weeks ago
Hi @gcusello, Thank you for the information. So recently I upgrade the Splunk environment to 9.0.2, and it has some vulnerabilities do you think it is ok for another 6-7 months for the next upgradation and we can take those vulnerabilities as an exception? Or you think it might effect the production. Thanks
... View more
3 weeks ago
Hello All,
Hope you are doing good..
1. Can anyone please let me know what is the most stable version of Splunk is present
2. I have upgraded my splunk to the 9.0.2 version is this version stable as of now?
It would be great if anyone has any documents which will clear the doubts as of now I'm not getting any doc as such
Thanks
... View more
Labels
- Labels:
-
heavy forwarder
-
indexer
-
Linux
-
monitor
12-20-2022
06:38 PM
Hi Thank you for clearing the doubt.. Yes we also put KV_MODE=noneon props.conf. One concern im having even though if I can get data on search and reporting app but im not getting any data on the app trend micro vision one for splunk. Can you please guide me how to solve this issue. Thanks Debjit
... View more
12-20-2022
08:12 AM
Hi @gcusell, Thank you for the suggestion.. I though on JSON format the data is not pursed properly. But in _raw I can see much more information which is not coming in JSON format. I believe we need to extract the required information and create a field.. Is my understanding is correct? Thank Debjit
... View more
12-19-2022
07:16 PM
Hi ,
After onboarding trendmicro XDR we are facing few issue.
1. Getting logs in JSON format
2. Data is not pursed.
Queries
1.Can you please help us out how to convert the data from JSON format to raw logs
2. How to purse the data not getting any add on.
Note: attaching snap
We are getting data and in below there is an option as show as raw text when we are clicking on it is coming in same line. Kindly help us out how to solve this issue
Thanks
Debjit
... View more
Labels
- Labels:
-
JSON
-
props.conf
-
transforms.conf
12-18-2022
05:37 PM
Hi @gcusell, Thank you for the support For question 1 can you please help me with the regex of subnet ex 10.10.1.0/12 For question 2 is there any where from where we can get to know that data in host 1 is similar to data in host 2 Thanks Debjit
... View more
12-18-2022
06:00 AM
Hi @gcusell, Kindly need your suggestion for the below query. Attaching the snap for reference steps which im following. Note I change the index name from default to xdr and also created one local file inside the xdr app. Thanks
... View more
12-18-2022
05:55 AM
Hi @gcusell, Your point has been noted. 1. For question number 1 Yes im talking about filtering event at index time. My idea is to define Source type in transform.com And in props.conf Need to write the regex for the subnet and queue should be null. Kindly correct me if im wrong For question 2 Yes I want to identify the host having duplicate data and yes I have identity the index. For question 2 I'm guessing you give the required query which will help to identify the host from where we are getting duplicate data. Thanks Debjit
... View more
12-17-2022
07:30 PM
Hi @gcusell,
I have 2 double
1. How can I drop a source IP 10.0.0.0/24 subnet at indexer, I am aware of dropping a host at the indexer level but not this.
2. I'm getting duplicate data I.e. Duplicate data is being indexed. My query is how can know from which host the data is duplicate so that I can offboard those devices..
Kindly guide me for the above 2 solution.
Thanks
Debjit
... View more
Labels
- Labels:
-
indexer
12-15-2022
06:59 PM
Hi All, Hope you are doing good!! Basically we want to integrate trend micro vision one solution in our splunk. So before doing it I just wants to verify myself whether I know correct or not. 1. We need to install vision one application from splunk base. 2. After installation the app we need open that app and then click on configuration. 3. Then need to put url n authentication token. 4. Need to choose the log file type Then we will start receiving the data? Kindly let me know if my understanding is correct or not.. If my above understand is correct I want to know 1 things How to create UC because we are using some 3D party software to onboard data now how we can write query and all, sorry im sounding armature but this is my first time.. Thanks Debjit
... View more
Labels
- Labels:
-
intermediate forwarder
-
search head
12-10-2022
02:46 AM
Hi @gcusello, thank you for the updated query but im looking for a query which will only trigger if a single is log from 2 different country example ip user country 10.0.0.0 debjit india 10.0.0.0 debjit japan can you please help me to fig out the above solution thanks debjit
... View more
12-09-2022
11:32 PM
Hi
hope you are doing good.
im working on a use case which will trigger if any user is trying to connect from non business country.
attaching the snap for the query.
my query
want to optimize it more if one user is trying is log in from more than 2-3 country than it will trigger.
can you please help me with the query
thanks
debjit
... View more
Labels
- Labels:
-
search head
-
search head clustering
-
Windows
11-02-2022
10:46 PM
Hi So what kind of logs can have NTFS. Actually I want to monitor LOL attacks. Kindly guide me if we can create any UC using windows security logs for LOL attacks Thanks
... View more
11-02-2022
08:21 PM
Hi,
Hope you are doing good just have 1 doubt..
On our Splunk windows, we have onboarded the security logs, so my doubt is does security logs also help to monitor NTFS
Thanks
Debjit
... View more
Labels
10-19-2022
05:46 AM
Hi @gcusello , im having Splunk Security Essentials app on my Splunk I will try to check there. I don’t understand the 2nd one public IP n lookup table.. It will be easy for me to understand if you could give me an sample query. Thank you
... View more
10-19-2022
05:22 AM
Hi,
im working on new use case, but was stuck in few things.
I want to create a use case logic to monitors whenever user/IP are trying to access to log in from non authorize country. example a use is support to log in from Berlin but he or she is log in from Chicago.
My ask
1. Is it possible from Splunk end to implement such use case 2. If yes what kind of logs we need to monitor such activity, is FW logs are enough?
3. What will be the query
thanks
... View more
Labels
- Labels:
-
other
-
search head clustering
10-19-2022
05:12 AM
Hi @gcusello , thank you for the support I actually use list function. Thanks
... View more
10-17-2022
10:07 AM
Hi
Hope you are doing good..
I want to build one query where I will get user with associate event code or IP for example
If I use stats count by user, event code
I will get
User event code
Abc 1
Abc 2
But I want output like
User event code
Abc 1, 2
I.e. User name should not get repeat for different event code
Can you please guide me here
Thanks
... View more
Labels
- Labels:
-
other
