Hello, what should be the sourcetype to define for the Trend Micro Apex ONE on the CCX Unified Splunk Add-on for Trend Micro for the logs to be parsed when they are sent to Splunk? ... View more

Hello Splunkers! I am looking for a way to collect the SunOS-SPARC OS logs. After some research, I have tried to update the inputs.conf in the Splunk Add-on for Unix and Linux ( https://splunkbase.splunk.com/app/833 ), as below (this is a snippet of the config file not all of it) : # Currently only supports SunOS, Linux, OSX. # May require Splunk forwarder to run as root on some platforms. [script://./bin/service.sh] disabled = 0 interval = 3600 source = Unix:Service sourcetype = Unix:Service index = os # Currently only supports SunOS, Linux, OSX. # May require Splunk forwarder to run as root on some platforms. [script://./bin/sshdChecker.sh] disabled = 0 interval = 3600 source = Unix:SSHDConfig sourcetype = Unix:SSHDConfig index = os # Currently only supports Linux, OSX. # May require Splunk forwarder to run as root on some platforms. [script://./bin/update.sh] disabled = 0 interval = 86400 source = Unix:Update sourcetype = Unix:Update index = os [script://./bin/uptime.sh] disabled = 0 interval = 86400 source = Unix:Uptime sourcetype = Unix:Uptime index = os [script://./bin/version.sh] disabled = 0 This didn't work and no logs were collected (I have made sure the user running Splunk forwarder has read privilege), is there any other recommendation? ... View more

Hi everyone, I have started working in Splunk UBA recently, and have some questions: Anomalies: How long does it take to identify anomalies after receiving the logs usually? Can I define anomaly rules? Is there anywhere to explain the existing anomaly categories are based on what or will be looking for what in the traffic? Threats: How long does it take to trigger threats after identifying anomalies? Is there any source I can rely on for creating threat rules? As I am creating rules and testing but with no results. ... View more

Hello Splunkers! I am downloading the eStreamer TA for Splunk (Cisco Secure Firewall app), and I am facing the issue below:   /opt/splunk/etc/apps/TA-eStreamer/bin/encore$ openssl pkcs12 -in client.pkcs12 -nocerts -nodes -out "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/10.1.50.10-8302_pkcs.key" Enter Import Password: Error outputting keys and certificates 802B49170A7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()   I understand that this error is related to Python package, but I can see that Python is already installed: Can anyone help me? ... View more

Hello! I have installed the kemp add-on from here: https://splunkbase.splunk.com/app/6830 . The issue is I cannot find a proper documentation on how to setup data and what sourcetype to specify in the inputs.conf . For more context, I am collecting the logs through syslog not API, so I need to specify the sourcetype in the inputs.conf for parsing to work properly. ... View more

Hello Splunkers! Is there a way to collect iPad logs? I saw the Mint iOS SDK documentation, but I don't find it clear. ... View more