×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
anya25
Explorer
Member since: ‎03-11-2024
‎03-20-2024
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎03-11-2024
Activity Feed
View All

connect Splunk SOAR to external postgresql DB

by in Installation
‎03-20-2024 04:27 AM
‎03-20-2024 04:27 AM
I'm trying to connect my SOAR cluster (primary & warm backup) to an external postgresql database. the docs seem to only have information on backing up a SOAR node into another or backing up an existing SOAR cluster with an already existing external postgresql db server. How can I connect my splunk SOAR nodes to an external db? to be specific, if I already backed up the phantom db and restored it onto the external server (using postgres docs), how can I "tell" splunk SOAR to start using the external db instead of the internal socket? ... View more
Labels

Re: Splunk SOAR not forwarding data to splunk

by in Splunk Enterprise
‎03-17-2024 01:26 AM
‎03-17-2024 01:26 AM
Sorry, my mistake - the IP address in the errors in the log file belongs to antoher Splunk server that is turned off. I don't see any errors with the correct IP. ... View more

Re: Splunk SOAR not forwarding data to splunk

by in Splunk Enterprise
‎03-17-2024 01:22 AM
‎03-17-2024 01:22 AM
I don't see any events when filtering index=_internal and source=<path_to_splunkd.log> (with my path obviously) but I do see errors when looking in the splunkd.log file in my SOAR machine - lots of "connection to host <indexer>:9997 failed", which is weird because 9997 is open on the splunk indexer, the machines are in the same segment and the "test connectivity" worked. ... View more

Re: Splunk SOAR not forwarding data to splunk

by in Splunk Enterprise
‎03-17-2024 12:45 AM
‎03-17-2024 12:45 AM
Yes, I already set this up ... View more

Splunk SOAR not forwarding data to splunk

by in Splunk Enterprise
‎03-17-2024 12:05 AM
‎03-17-2024 12:05 AM
I'm trying to use the Splunk App for SOAR to forward logs and events from SOAR to Splunk Enterprise. The servers seem to be connected (test connectivity works) but the data (events, playbook runs etc.) isn't being indexed and doesn't appear in search in Splunk. I tried reindexing the data through SOAR but it didn't work. Adding audit input in the app is working fine, but data isn't being indexed in real time according to the supposed indexes (I did create them using the "Create Indexes" button in the app) Did anyone experience anything similar or has any idea as to what might be the issue? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-20-2024 08:46 AM
Karma given to
View All