Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About theprophet01
theprophet01
Explorer
Member since:
06-22-2022
Wednesday
Community Statistics
| Posts | 13 |
| Solutions | 1 |
| Karma Given | 10 |
| Karma Received | 0 |
| Member Since | 06-22-2022 |
Activity Feed
- Karma Re: How to change ownership of dashboard? for gcusello. Wednesday
- Karma Re: ITSI query to generate a list of Services with their associated entities and alerts for proyleJDS. 01-07-2025 12:06 PM
- Posted Re: How to configure Splunk error pages / messages (like 404 not found)? on Security. 01-07-2025 12:05 PM
- Karma Re: Is it possible to export ITSI Services? for proyleJDS. 08-06-2024 05:13 AM
- Posted User able to create reports although edit_own_objects is disabled on Dashboards & Visualizations. 07-25-2024 06:18 AM
- Tagged User able to create reports although edit_own_objects is disabled on Dashboards & Visualizations. 07-25-2024 06:18 AM
- Tagged User able to create reports although edit_own_objects is disabled on Dashboards & Visualizations. 07-25-2024 06:18 AM
- Tagged User able to create reports although edit_own_objects is disabled on Dashboards & Visualizations. 07-25-2024 06:18 AM
- Tagged User able to create reports although edit_own_objects is disabled on Dashboards & Visualizations. 07-25-2024 06:18 AM
- Karma Re: [subsearch]: command="getservice", [HTTP 403] Client is not authorized to perform requested action for ITWhisperer. 07-11-2024 11:48 AM
- Posted Re: [subsearch]: command="getservice", [HTTP 403] Client is not authorized to perform requested action on Splunk ITSI. 07-11-2024 11:34 AM
- Posted Re: [subsearch]: command="getservice", [HTTP 403] Client is not authorized to perform requested action on Splunk ITSI. 07-11-2024 08:34 AM
- Posted [subsearch]: command="getservice", [HTTP 403] Client is not authorized to perform requested action on Splunk ITSI. 07-11-2024 08:00 AM
- Tagged [subsearch]: command="getservice", [HTTP 403] Client is not authorized to perform requested action on Splunk ITSI. 07-11-2024 08:00 AM
- Tagged [subsearch]: command="getservice", [HTTP 403] Client is not authorized to perform requested action on Splunk ITSI. 07-11-2024 08:00 AM
- Tagged [subsearch]: command="getservice", [HTTP 403] Client is not authorized to perform requested action on Splunk ITSI. 07-11-2024 08:00 AM
- Tagged [subsearch]: command="getservice", [HTTP 403] Client is not authorized to perform requested action on Splunk ITSI. 07-11-2024 08:00 AM
- Karma Re: ITSI how to obtain the same information found in gui for Entities and Services within a search for danspav. 04-29-2024 08:10 AM
- Posted Re: ITSI how to obtain the same information found in gui for Entities and Services within a search on Splunk ITSI. 04-29-2024 08:09 AM
- Posted ITSI how to obtain the same information found in gui for Entities and Services within a search on Splunk ITSI. 04-16-2024 05:26 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-07-2025
12:05 PM
Not sure if it helps as I have not tested it, but I found the error message under: /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/error.py there is a section for 404 in the script which contains: kwargs['message']='Page not found!'
... View more
07-25-2024
06:18 AM
Hello Splunkers, I've created a custom role with very basic capabilities enabled. The capability "edit_own_objects" has been disabled. For some reason the user is able to clone reports as well as save searches as reports. Also the user is able to access "New Report" button when clicking Settings->Searches,Reports,Alerts. I thought disabling edit_own_object capability would prevent the user from creating any objects, but it is not the case. I've made sure the user only has read access to the app as well. Any help of suggestions would be appreciated! Thanks!
... View more
Labels
- Labels:
-
Classic dashboard
07-11-2024
11:34 AM
Update @ITWhisperer you got me in the right direction. I was able to find the following article: https://docs.splunk.com/Documentation/ITSI/4.19.0/Configure/CustomRoles and was able to resolve the issue by including the new custom role under KV store collections: itsi_services itsi_teams By using the following the steps: Step 4: Assign the role KV store collection level access The SA-ITOA file includes default entries in metadata/default.meta that determine access to KV store collections for ITSI roles. For a list of default permissions to KV store collections for ITSI roles, see KV store collection permissions in ITSI. By default, only the itoa_admin role has read/write/delete access to all ITSI KV store collections. Set permissions to KV store collections in Splunk Web In Splunk Web, go to Settings > All configurations. Set the App to IT Service Intelligence (itsi). Set the Owner to Any. Make sure Visible in the App is selected. Filter by collections-conf to only display KV store collections. For a specific view, click Permissions in the Sharing column. Check the boxes to grant read and write permissions to the various collections for ITSI roles. Click Save. This action updates KV store access permissions for the specific ITSI roles in $SPLUNK_HOME/etc/apps/SA-ITOA/metadata/local.meta. Set permissions to KV store collections from the command line Create a local.meta file in the SA-ITOA/metadata/ directory. cd $SPLUNK_HOME/etc/apps/SA-ITOA/metadata
cp default.meta local.meta Edit SA-ITOA/metadata/local.meta . Set access for specific roles in local.meta. For example: [collections/itsi_services]
access = read : [ itoa_admin, itoa_analyst, itoa_user ], write: [ itoa_admin ]
... View more
07-11-2024
08:34 AM
Hi @ITWhisperer , thanks for reaching out, as part of my test the ITSI app permissions are set to read and write for "Everyone". Also an app called ITOA Backend with folder name SA-ITOA has the same permissions set.
... View more
07-11-2024
08:00 AM
Hello Splunkers, I have question, I'm trying to configure a custom role in Splunk where I'm assigning capabilities natively. I'm recreating the default capabilities assigned to User in Splunk Enterprise and itoa_user in Splunk ITSI without using the inheritance option (doing this as a test so I can later remove capabilities as I need to). The problem I have is that once I save the role with all 65 matching capabilities selected and login as the testuser assigned to that role, dashboards that use the "getservice" command in their searches do not work and display the following error: [subsearch]: command="getservice", [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/SA-ITOA/storage/collections/config/itsi_team This issue does not happen when I simply select Inherit capabilities for User and itoa_user. Any ideas as to what could be causing this issue? I'm running splunk version 9.1.1
... View more
Labels
04-29-2024
08:09 AM
thanks @danspav ! that is very helpful!
... View more
04-16-2024
05:26 AM
Hello! I would like to run a search which would display all information regarding entities and services. For example, for Entities where could I find information stored for: Entity Description, Entity Information Field, Entity Title. For Services, where could I find information stored for: Service Description, Service Title, Service Tags What type of search query could I run to find this information? Thanks,
... View more
Labels
- Labels:
-
administration
-
troubleshooting
-
using ITSI
04-15-2024
02:14 PM
Hello Fellow Splunkers, I'm fairly new to ITSI and was wondering if this could be achieved. I 'm looking to create a report which would allow me to list all Services I have in ITSI along with their associated entities as well as list associated alerts or severity. Is there a query that could achieve this? any pointers are very much appreciated! Also any pointers where I could potentially find the data and bring it together in a search would be very helpful too. Thanks!
... View more
Labels
- Labels:
-
troubleshooting
-
using ITSI
04-04-2024
07:34 AM
I'm looking to export Service from Splunk ITSI however, there is no direct export feature in the GUI (at least within the Services page). Is there any other way to export ITSI services?
... View more
Labels
- Labels:
-
using ITSI
09-20-2023
06:24 AM
Hello! I am using Splunk Enterprise Security app and whenever I access Security Posture Dashboard, the panels for both Top Notable Events and Top Notable Event Sources, are very small. I am only able to see 2 or 3 events at most and have to scroll up and down within the panel to see the rest of events. Is there any way to modify the panel size so that all top notable events are displayed without having to scroll within the small panel area? In previous versions, this panel used properly display at least 10 events without having to use any type of scrolling. Same issue happens with both chrome and microsoft edge browsers. Any help would be very much appreciated, Thanks!
... View more
Labels
08-29-2023
05:49 AM
That worked perfect! I also used the 5 min scheduled search as suggested using a cron schedule. Thank you @gcusello you sir are indeed a legend!
... View more
08-28-2023
11:36 AM
-I am running an alert which is not triggering email actions when using real-time option. The alert is used to search for hosts which have not sent logs in the last 5 minutes.
-For example, I shut down a host for testing and wait 5 minutes. I then manually use the search string and specify time frame (e.g. last 15 minutes)- I am able to obtain results.
However, even though the same search was configured in the form of an alert running in real time, it produces no results nor does it trigger an email.
Here is the search I am using:
index=* | stats max(_time) as latest by host | eval recent= if(latest > relative_time(now(),"-5m"),1,0). realLatest = strftime(latest, "%Y-%M-%D %H%M%S") | fields - latest | where recent = 0 | rename host AS Host, realLatest AS "Latest Timestamp" | table Host, "Latest Timestamp"
... View more
Labels
- Labels:
-
alert action
-
email
