×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
raffaelecervino
Engager
Member since: ‎06-22-2022
‎06-23-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎06-22-2022
Activity Feed
View All

Re: Create a list to collect well-knowed process

by in Splunk Search
‎06-23-2022 01:58 AM
‎06-23-2022 01:58 AM
Thanks,  it works perfectly! Is there a semantic to don't append the same processes in the .csv file? Because I run the search everyday (for a while) to appending new processes (to train the model about the main processes in the machine) and i would to prevent double processes in .csv file. Thanks a lot! ... View more

How to create a list to collect "well-knowed proce...

by in Splunk Search
‎06-22-2022 03:36 AM
‎06-22-2022 03:36 AM
Hi, I'm doing a project and I've installed Splunk Trial Enterprise on a server and Universal Forwarder on other three servers (with Ubuntu) that sends me logs. On forwarders exist a script that sends me logs of every processes that's running on server. I would to create a dynamic list where logs of processes is added and tagged as "Well-Knowned Processes".   After that when new logs of processes come to indexer they are compared with logs on dynamic list and if the process was not recognized (doesn't exist in the list) the alert is triggered. I would to do that to check suspicious process. Thanks    ... View more
Labels

Is it possible to Run a script on Universal Forwar...

by in Alerting
‎06-22-2022 03:16 AM
‎06-22-2022 03:16 AM
Hi, I've installed Splunk Trial Enterprise on a server and Universal Forwarder on other three servers (with Ubuntu) that sends me logs. I want to create an alert for a specific use case. This alert has to send a notify and run a script on the server where the alert was triggered. Is that possible?  Thanks ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-23-2022 07:48 AM
Karma given to
View All