Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Dev_Choudhary
Dev_Choudhary
Path Finder
Member since:
03-29-2017
06-05-2020
Community Statistics
| Posts | 15 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 7 |
| Member Since | 03-29-2017 |
Activity Feed
- Got Karma for Re: How to convert epoch time to human readable format in search query?. 10-05-2022 04:46 PM
- Got Karma for Why is the Splunk user session timeout is not working?. 10-21-2021 02:37 PM
- Got Karma for Re: How to convert epoch time to human readable format in search query?. 08-03-2020 11:35 PM
- Got Karma for Re: How to convert epoch time to human readable format in search query?. 06-05-2020 12:47 AM
- Got Karma for Re: How to convert epoch time to human readable format in search query?. 06-05-2020 12:47 AM
- Got Karma for Re: How to convert epoch time to human readable format in search query?. 06-05-2020 12:47 AM
- Got Karma for Re: How to convert epoch time to human readable format in search query?. 06-05-2020 12:47 AM
- Posted Re: Simple Splunk Lab Sizing on Deployment Architecture. 10-22-2019 06:43 AM
- Posted Re: Getting null values for some events for O365 messagetrace events on Splunk Enterprise Security. 07-13-2018 02:49 AM
- Posted Getting null values for some events for O365 messagetrace events on Splunk Enterprise Security. 05-24-2018 02:54 AM
- Tagged Getting null values for some events for O365 messagetrace events on Splunk Enterprise Security. 05-24-2018 02:54 AM
- Tagged Getting null values for some events for O365 messagetrace events on Splunk Enterprise Security. 05-24-2018 02:54 AM
- Posted Re: Why is the Splunk user session timeout is not working? on Security. 02-12-2018 11:30 PM
- Posted Why is the Splunk user session timeout is not working? on Security. 02-12-2018 10:34 AM
- Tagged Why is the Splunk user session timeout is not working? on Security. 02-12-2018 10:34 AM
- Tagged Why is the Splunk user session timeout is not working? on Security. 02-12-2018 10:34 AM
- Tagged Why is the Splunk user session timeout is not working? on Security. 02-12-2018 10:34 AM
- Posted Re: Windows Logs by default gets tagged to alert data model on Splunk Enterprise Security. 11-07-2017 12:28 AM
- Posted Re: Has anyone successfully configured the O365 API to index email data into Splunk? on Reporting. 11-07-2017 12:17 AM
- Posted Re: How to use rex to remove "domain\' from a username? on Splunk Search. 10-27-2017 06:44 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 |
07-13-2018
02:49 AM
Request to add-on developer if they can help, heard from Splunk support other user also facing same issue
... View more
05-24-2018
02:54 AM
Getting null values of some event fields for sourcetype="ms:o365:reporting:messagetrace" , data is onboraded via Microsoft Office 365 Reporting Add-on for Splunk
Refer below screenshot
however when we check data on O365 portal value is available for all fields.
would like to understand if anyone else also getting this issue or any possible solution you know.
Thanks in advance
... View more
02-12-2018
11:30 PM
yes, by both way 1> from web console and 2> by command
... View more
02-12-2018
10:34 AM
1 Karma
Hi,
I have set the below in web.conf to set the user timeout session to 20 min but it's not working, any idea where is the issue:
web.conf
[settings]
tools.sessions.timeout = 10
ui_inactivity_timeout = 10
server.conf
[general]
sessionTimeout = 600s
... View more
11-07-2017
12:28 AM
Hi Sumit
check the tags.conf in windows AD add-on and comment the line mentioning tag = alert
... View more
11-07-2017
12:17 AM
Hi packet_hunter and all,
Now I am able to get Office365 Email messages to Splunk, check below add-on details
https://splunkbase.splunk.com/app/3720/#/details
... View more
10-27-2017
06:44 AM
try this
rex field=cs_userdn "\w+\\(?\S+)"
... View more
07-12-2017
05:15 AM
6 Karma
Try this
| eval Time=strftime(log_time_field/1000, "%d-%m-%Y %H:%M:%S")
... View more
06-30-2017
11:17 AM
30 9 * * *
min hour day month week-day
keep search head time to CST
... View more
06-20-2017
12:19 AM
with this API not able to get email related information.
Only option available is using script
... View more
06-19-2017
08:44 AM
recently configured Microsoft Cloud Services add-on to get these data but this is again limited to management events and office apps like sharepoint, onedrive access and file modification only.
... View more
06-19-2017
08:33 AM
Hi
Issue is resolved now. Two possible issues from ATP manager that I can highlights are
OAuth Client name should be ATP
Time range should be latest (like last 2 month), default it was taking something from 1990
... View more
03-29-2017
01:17 AM
Hi Team,
We have configuring Symantec ATP Add-on to receive Symantec ATP logs on Splunk.
We have defined App as ATP and got the Client ID and Client Secret on ATP manager (HTTP event collector already configured), when we are configuring add-on on Splunk HF we are successfully able to authenticate from Symantec ATP.
When searching the logs on Search Head with query sourcetype = Symantec* getting below error
ERROR 140385235900224 - Symantec ATP Manager: Exception while getting ATP manager host
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA-symantec_atp/bin/atp_manager_utility.py", line 110, in get_atp_manager_user_credentials
sessionKey=session_key)
File "/opt/splunk/lib/python2.7/site-packages/splunk/entity.py", line 129, in getEntities
atomFeed = getEntitiesAtomFeed(entityPath, namespace, owner, search, count, offset, sort_key, sort_dir, sessionKey, uri, hostPath, **kwargs)
File "/opt/splunk/lib/python2.7/site-packages/splunk/entity.py", line 222, in _getEntitiesAtomFeed
serverResponse, serverContent = rest.simpleRequest(uri, getargs=kwargs, sessionKey=sessionKey, raiseAllErrors=True)
File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/init_.py", line 516, in simpleRequest
raise splunk.AuthorizationFailed(extendedMessages=uri)
AuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/TA-symantec_atp/storage/passwords?count=-1&search=TA-symantec_atp
Thanks in Advance
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
Karma from
| User | Karma Count |
|---|---|
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
