Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About YJ
YJ
Explorer
Member since:
08-25-2023
03-28-2024
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 08-25-2023 |
Activity Feed
- Posted Re: Receiving a 401 Unauthorized error response from ServiceNow on Splunk Cloud Platform. 03-26-2024 04:44 PM
- Posted Splunk Not ingesting on Getting Data In. 03-12-2024 12:35 AM
- Posted Receiving a 401 Unauthorized error response from ServiceNow on Splunk Cloud Platform. 03-05-2024 04:49 PM
- Posted Splunk SOAR on Other Admin. 11-16-2023 06:15 PM
- Posted Splunk UBA VA on Other Admin. 11-03-2023 12:23 AM
- Posted Clustered environment Search Head/Indexers on Other Admin. 10-23-2023 05:53 PM
- Posted Splunk UBA manager on Deployment Architecture. 09-04-2023 08:36 PM
- Posted Re: Splunk Memory limit configuration on Deployment Architecture. 08-28-2023 01:44 AM
- Posted Re: Splunk Memory limit configuration on Deployment Architecture. 08-28-2023 01:41 AM
- Posted Is there Splunk Memory limit configuration? on Deployment Architecture. 08-27-2023 06:42 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
03-26-2024
04:44 PM
Hi Paul, That was what I was suspecting, the service account permission to access the Servicenow. The only problem i have is getting the other team(Servicenow) to provide info for my troubleshooting as they are denying that it is their end with issue. I was thinking since the service account is an AD account, there will surely be a security group assign to the service account . I have actually point out that the service account did not have any grouping assigned to it thus there could be a possibility that the servicenow account does not have the permission to access the Servicenow. There were actually similar issues where we found that some AD users security group were missing after an issue happened. I will try to go through this path and check on the permission again.. Thanks for the advice.
... View more
03-12-2024
12:35 AM
Referring to the below inputs.conf for one of my windows server , as you can see, there is some whitespace at the end of the first line before the closing bracket. The "folderA" is the folder where the contents, splunk should be ingesting but is not (there are multiple log files inside). Is there a possibility that because of this whitespace Splunk may not be ingesting the logs? And if yes, any explanation on this so that we can explain/advise to the client. " [monitor://C:\Program Files\somepath\folderA ]
index=someindex
sourcetype=somesourcetype "
... View more
Labels
- Labels:
-
universal forwarder
03-05-2024
04:49 PM
Hi,
Have anyone faced this issue where you received a Unauthorized 401 error response from ServiceNow?
The scenario is as below.
We are using a AD service account userA to interact with ServiceNow for incident creation .
On Splunk Side, we are using Basic Auth.
On AD, user account is set to never expired.
So far below we have checked the service account status. No changes was made but the issue was sudden.
Ran the query
>index=_internal sourcetype="ta_snow_ticket host IN ( search head)
Above query was the one, we saw the Return code is 401 (Unauthorized)
What else can be checked? As of now, we are planning to reset the service account password and try again.
But if it works the issue is finding what cause the password to be changed when it have been set to never expires.
... View more
Labels
- Labels:
-
Splunk Investigate
-
troubleshooting
11-16-2023
06:15 PM
I am currently integrating Splunk SOAR with Forcepoint Web Security. I am testing out the connectivity but getting error that SSL:UNSUPPORTED PROTOCOL. Forcepoint currently support up till TLS 1.1 anyway I can set/modify for SOAR/forcepoint to utilize 1.1 in the meantime instead of 1.2?
... View more
Labels
- Labels:
-
Security
11-03-2023
12:23 AM
Does Splunk UBA use/require below Log4j 1.2? Currently below was flagged during the VA scanning thus I am not sure whether we can remove or require to update it? Apache Log4j 1.2
... View more
Labels
- Labels:
-
Security
10-23-2023
05:53 PM
My current Splunk infra setup is clustered for Search Heads and Indexers. and we are using deployer and cluster master to manage configs for the respective SH and IDX. For example, can I manually placed an updated config in SH1 and then run a rolling restart so they will sync/replicate with each other. ? This is in the event the Deployer is down. But eventually once the Deployer is up , we will place the updated config in Deployer. So that when we run a sync, it will not affect/remove the file from the SH cluster. Will there be any issues in this scenario?
... View more
Labels
- Labels:
-
data
09-04-2023
08:36 PM
i got this error failed to: delete_local_spark_dirs on and failed to:force_kill_spark_jvms on when i run /opt/caspida/bin/Caspida start-all . Any idea how i can resolve this? -I was not able to access the web ui and I was running the cmd (on UBA manager) /opt/caspida/bin/Caspida stop-all . There was an error . And when I tried to run the start-all, it shows the same error.
... View more
Labels
- Labels:
-
other
08-28-2023
01:44 AM
Hi, Just to confirm/enquire more on this, what you meant is that we will be creating a service/script to run on the particular server ? Or there is already a Splunk default config file which have the settings for us to edit.
... View more
08-28-2023
01:41 AM
Hi, Thanks for the info. "There will be negative impacts on performance if the forwarder workload requires memory more than the specified limit." - This was also one of our concerns as we do have some UF that are configured to monitor quite a number of locations eg. > 20. In your experience, so far how much memory might be used in this case? So far I have seen Splunk services using up to 4GB on Windows server and impacting other constructs, but the cause was due to the Splunk UF installation was not installed properly and causing memory leak.
... View more
08-27-2023
06:42 PM
I am hoping someone could provide some comments/replies to check if we are able to limit the max memory usage for Splunk Universal Forwarders. If yes, Is the config filename "limit.conf" ? Just to add also, -Will there be any issues arising from limiting the memory usage? -I understand we can also limit the memory usage(have not tested yet) on the OS level, any advantages/disadvantages?
Where can I also get a formal solution from Splunk which mentioned that the configuration is possible.
... View more
Labels
- Labels:
-
universal forwarder
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-28-2024
03:31 AM
|
