Activity Feed
- Posted Re: windows ta addon not extracting action on Security. 07-08-2024 04:36 AM
- Posted Re: windows ta addon not extracting action on Security. 07-08-2024 04:26 AM
- Posted windows ta addon not extracting action on Security. 07-08-2024 01:13 AM
- Posted Re: assets and identities on Security. 05-30-2024 11:35 PM
- Posted assets and identities on Security. 05-30-2024 07:50 AM
- Karma Re: migrating production deployment server to new machine for richgalloway. 03-11-2024 01:40 AM
- Posted datamodel showing unknown with stats or tstats for dest field on Other Usage. 03-11-2024 01:22 AM
- Posted migrating production deployment server to new machine on Deployment Architecture. 12-07-2023 08:32 AM
- Got Karma for Re: Is there a way to encrypt sensitive data in index time and decrypt it in search time in Splunk?. 04-18-2023 11:51 AM
- Posted Re: Is there a way to encrypt sensitive data in index time and decrypt it in search time in Splunk? on Splunk Search. 04-18-2023 08:07 AM
- Posted Re: Filtering on combination of 2 values on Splunk Search. 04-27-2022 11:46 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-08-2024
04:36 AM
inputs are enabled for system,app,security logs ,its just action field is not being correctly extracted for event codes
... View more
07-08-2024
04:26 AM
we have a centralized collector via WEF for our windows logs where a uf with windows addon is sending logs to splunkcloud,where also we have a ta addon .
... View more
07-08-2024
01:13 AM
I am having issues with action extraction on my windows addon . for example the eventcode 4624 should have an action value of success ,but nothing is being extracted and this eventcode constitutes majority of the data .the status is being extracted correctly as success.does anyone know how action is being extracted for this eventcode.
... View more
Labels
- Labels:
-
authentication
05-30-2024
11:35 PM
so how can i ensure asset data correlation with logs as its based on ips ,anyway can it be done with hostname?
... View more
05-30-2024
07:50 AM
currently for asset correlation with ips we have infoblox ,but that only works when we are in the company premises and ip assigned on asset is part of company network.when someone works from home and the ip of asset changes due to personal internet that ip does not get added to the asset lookup as its not part of infoblox flow. i was thinking maybe using zscaler to add ip details for the asset but if there is any successful way someone used to mitigate this would be helpful .
... View more
03-11-2024
01:22 AM
HI , I have a Web data model where i recently got it mapped with the dest field.the issue is that event hough every filed has a dest in the index from where i am pulling data in datamodel i still see alot of fields with value unknown for dest while running stats or tstats command .I can see the the dest field when i specifically search it within a datamodel with a src ip . can anyone help to tell how do i rectify that . Thanks.
... View more
12-07-2023
08:32 AM
Hi All, we have our server that's reaching EOL and is currently a deployment server for 4k clients and we need to migrate to new machine. can anyone help to tell the steps to test the connectivity with new ds and then ultimately migrate to new ds server
... View more
Labels
- Labels:
-
deployment client
-
deployment server
04-18-2023
08:07 AM
1 Karma
Basically what you can do is use an algorithm or a custom function to encrypt part of the data, now to decrypt you can create a custom command that would call the decryption key and give you the expected output for it .this solution can have performance impacts on large sets of data as preprocessing may take time before data gets indexed.
... View more
04-27-2022
11:46 AM
you can try |where !(id=123456 AND user="unknown"). hope it helps ,give a thumbs up if you like the answer
... View more
