Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About pm2012
pm2012
Explorer
Member since:
09-26-2022
Community Statistics
| Posts | 17 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 09-26-2022 |
Activity Feed
- Karma Re: Lookup search query field comparison and output for gcusello. 08-22-2023 02:55 AM
- Posted Lookup search query field comparison and output on Splunk Search. 08-22-2023 01:48 AM
- Tagged Lookup search query field comparison and output on Splunk Search. 08-22-2023 01:48 AM
- Posted Re: UNIX log parsing issue on Getting Data In. 08-06-2023 11:01 PM
- Posted Re: UNIX log parsing issue on Getting Data In. 08-06-2023 10:31 PM
- Posted How to fix UNIX log parsing issue? on Getting Data In. 08-06-2023 09:37 PM
- Tagged How to fix UNIX log parsing issue? on Getting Data In. 08-06-2023 09:37 PM
- Posted Re: Getting garbage HEXA ASCII logs from log source on Getting Data In. 06-07-2023 04:32 AM
- Posted Re: Getting garbage HEXA ASCII logs from log source on Getting Data In. 06-07-2023 12:51 AM
- Posted Re: Getting garbage HEXA ASCII logs from log source on Getting Data In. 06-06-2023 11:44 PM
- Posted How to stop getting garbage HEXA ASCII logs from log source? on Getting Data In. 06-06-2023 11:23 PM
- Tagged How to stop getting garbage HEXA ASCII logs from log source? on Getting Data In. 06-06-2023 11:23 PM
- Posted Re: Auto Filed value extraction on Splunk Search. 04-20-2023 12:13 AM
- Posted Re: Auto Filed value extraction on Splunk Search. 04-17-2023 12:18 AM
- Posted How to achieve auto filed value extraction? on Splunk Search. 04-16-2023 11:48 PM
- Tagged How to achieve auto filed value extraction? on Splunk Search. 04-16-2023 11:48 PM
- Posted How to map extracted field name (e.g actual_time) with _time field? on Splunk Search. 03-24-2023 01:47 AM
- Tagged How to map extracted field name (e.g actual_time) with _time field? on Splunk Search. 03-24-2023 01:47 AM
- Posted Re: Migration Qradar data to Splunk on Splunk Search. 03-21-2023 10:56 PM
- Posted Re: Migration Qradar data to Splunk on Splunk Search. 03-21-2023 10:45 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-22-2023
01:48 AM
Hi Team, I would like to achieve something similar to below 1- I have a csv lookup table name - customer-devices.csv having below two columns hostname DeviceType hostname1 Cisco hostname2 Cisco hostname3 Cisco 2- I am searching events having above hostname field for past 24 hr. My requirement it should print all hostnames in the output result which are there in the lookup and if those hostname are also in the search mark them Active if those are not there in search mark them Not Active. Like it print all three hostname which is there in lookup having status Active and Non Active basis on its availablility in the search log hostname DeviceType Status hostname1 Cisco Active hostname2 Cisco Active hostname3 Cisco Not Active
... View more
- Tags:
- lookup
Labels
- Labels:
-
other
08-06-2023
09:37 PM
Hi Team,
I could see logs coming from UNIX devices in the below format
<38>Aug 1 13:20:29 dns.customer.net 10.32.9.5 sshd[14171]: Failed password for michal from 10.32.7.28 port 58255 ssh2
When i look into the selected events on the left panel these logs are not getting parse, like username, source ip , port, protocol. Any suggestion please. Logs are coming through rsyslog mechanism using TCP input from the device
... View more
- Tags:
- unix
Labels
- Labels:
-
syslog
06-07-2023
04:32 AM
thanks @isoutamo Just last doubt, how to check which format is it and which is supposed to be like UTF-18 or something else
... View more
06-07-2023
12:51 AM
Here is the rsyslog.conf file appended config, where 10.10.10.10 is Splunk HF IP and defined ports being used for log collection against TCP inputs. ##############Splunk############# $InputFileName /var/SharedStorage/dl_logs/hostname01.com/dl_security/* $InputFileTag dl-dl_security-log $InputFileStateFile dl-dl_security-log $InputFileSeverity error $InputFileFacility local9 $InputRunFileMonitor $InputFileName /var/SharedStorage/dl_logs/hostname01.com/pacemaker/* $InputFileTag dl-pacemaker-log $InputFileStateFile dl-pacemaker-log $InputFileSeverity error $InputFileFacility local9 $InputRunFileMonitor $InputFilePollInterval 10 $template cmdlogsTemplate,"<dl> %timereported:::date-year%-%timereported:::date-month%-%timereported:::date-day% %timereported:::date-hour%:%timereported:::date-minute%:%timereported:::date-second% %HOSTNAME% %syslogtag% %msg% \n " if $programname == 'dl-dl_security-log' then @@10.10.10.10:61515;cmdlogsTemplate & ~ if $programname == 'dl-pacemaker-log' then @@10.10.10.10:61516;cmdlogsTemplate *.* @@10.10.10.10:61500 #########################
... View more
06-06-2023
11:44 PM
@ITWhisperer Input are configured using TCP at HF and logs are being sent using rsyslog.conf input parameters having needed filename. Logs are being sent to customized TCP port 615xx. Created multiple inputs for each filepath defined in rsyslog.conf
... View more
06-06-2023
11:23 PM
Hi SMEs,
I am getting some garbage/hexa format/ASCII format logs from one of the log source integrated with Splunk, it is customized linux platform and been integrated using TCP input. Sharing the sample log below. Seeking suggestions to find and fix it. thanks in advance
... View more
- Tags:
- ascii
Labels
- Labels:
-
Linux
04-20-2023
12:13 AM
Hi @gcusello The pattern is same, i mean there are fields at the right places however in different order and their respective values. Any clue how to make this auto extraction done?
... View more
04-17-2023
12:18 AM
Thanks @gcusello for the quick help, Actually fields are not unique and even their order is also not unique, like few logs having 4 fields and other more than that, also sometime field_1 at first place and sometime it is on different place.
... View more
04-16-2023
11:48 PM
Hi Team,
I have to do auto field extraction of the fields coming inside the payload under <mTypes>....</mTypes> to the corresponding values which are coming under <Results>........</Results>
<mTypes>field_1 field_2 field_3 field_4</mTypes>
some random paylod <Results>12 12 9 3</Results>
Kindly suggest, thanks in advance
... View more
Labels
- Labels:
-
field extraction
03-24-2023
01:47 AM
Hi SMEs, I have a unique requirement which need one of my extracted filed name = actual_time to be mapped with _time field. As while searching past 30 days data i am also getting the older data while looking at actual_time field. I think if i map actual_time with _time or by other mean i should be able to get the actual outcome. thanks in advance
... View more
- Tags:
- search
Labels
- Labels:
-
eval
-
field extraction
-
subsearch
03-21-2023
10:56 PM
thanks @gcusello for sharing this, however i didn't find anything in portal. Is it possible for you to share the related urls/links please?
... View more
03-21-2023
10:45 PM
thanks @gcusello for sharing this, however i didn't find anything in portal. Is it possible for you to share the related urls/links please?
... View more
03-21-2023
09:27 PM
Hey SMEs, Has anyone having any prior experience of migrating existing Qradar data to Splunk. Any docs or something useful please do share. thanks in advance
... View more
Labels
- Labels:
-
other
11-16-2022
04:34 AM
Hi SMEs,
Seeking advice on how i can create a rule/correlation search to detect some RHEL known vulnerabilities (CVEs)
... View more
- Tags:
- correlation search
Labels
- Labels:
-
other
10-06-2022
12:53 AM
Hi,
Customer is looking for attack surface management using Splunk. Is there any way around to achieve this if yes how this could be achieved in terms of any app/add-on or 3rd party solution? Your answer would really be appreciated. Thanks in advance
... View more
Labels
- Labels:
-
other
