Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About Ramachandran
Ramachandran
Explorer
Member since:
05-14-2025
08-07-2025
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 0 |
| Member Since | 05-14-2025 |
Activity Feed
- Posted Recommended Hardware Configuration for SOAR On-Prem with Unprivileged User Playbook Execution on Splunk SOAR. 08-06-2025 11:33 PM
- Posted Subject: Alerts Not Reaching Splunk SOAR via App-to-App Connection from Splunk on Splunk SOAR. 05-22-2025 11:17 PM
- Karma Re: Error in SOAR Connection establishment for kiran_panchavat. 05-22-2025 11:04 PM
- Karma Re: Error in SOAR Connection establishment for livehybrid. 05-22-2025 11:03 PM
- Posted Error in SOAR Connection establishment on Splunk Enterprise. 05-22-2025 02:53 AM
- Posted Re: The overview of my task is to send the the live data logs from rsyslog to my splunk UI to monitor it on Splunk Enterprise. 05-15-2025 09:14 PM
- Karma Re: The overview of my task is to send the the live data logs from rsyslog to my splunk UI to monitor it for livehybrid. 05-14-2025 11:38 PM
- Posted Re: The overview of my task is to send the the live data logs from rsyslog to my splunk UI to monitor it on Splunk Enterprise. 05-14-2025 11:36 PM
- Posted The overview of my task is to send the the live data logs from rsyslog to my splunk UI to monitor it on Splunk Enterprise. 05-14-2025 10:46 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-06-2025
11:33 PM
Hi everyone! 👋 I’m currently working on a Splunk SOAR on-premises deployment and evaluating its performance using an AWS EC2 t3.xlarge instance (4 vCPU, 16 GB RAM, EBS-backed storage). I’d love your input on the following: What would be a recommended build configuration (CPU, RAM, disc) to support this kind of usage in playbooks? Does allowing multiple users to run playbooks simultaneously change the sizing recommendations? Any experience with tuning playbook runners or autoscaling settings to handle user-driven playbook execution effectively? Any advice or sizing tips from your deployments would be much appreciated. Thanks in advance!
... View more
Labels
- Labels:
-
troubleshooting
-
using SOAR ⁄ Phantom
05-22-2025
11:17 PM
Hi everyone, I'm working on integrating Splunk Enterprise with Splunk SOAR using the Splunk App for SOAR Export, and I'm running into an issue where alerts sent from Splunk aren't appearing in SOAR. Setup Details: Using App-to-App connection (not direct API/port 443) SOAR server is configured and marked active in the Splunk App for SOAR Export SOAR user has the observer and automation roles SSL verification is disabled (self-signed cert) Splunk and SOAR are on the same VPC/subnet with proper connectivity Test Alert Sent from Search & Reporting: | makeresults | eval foo="helloo" | eval src_ip="1.1.1.1" | table _time, foo, src_ip The Issue: No events are appearing in SOAR Nothing listed in Event Ingest Status or as Ad hoc search result No errors in the Splunk Job Inspector What I Need Help With: Are there any extra steps required in the new SOAR UI to allow data from Splunk’s App for SOAR Export? Any known limitations or misconfigurations I might be missing? Any guidance would be greatly appreciated! Thanks in advance. 🙏
... View more
Labels
- Labels:
-
using SOAR ⁄ Phantom
05-22-2025
02:53 AM
Hey everyone, I'm trying to configure a new server in the SOAR UI, but I'm running into this error: Error Message: There was an error adding the server configuration. On SOAR: Verify server's 'Allowed IPs' and authorization configuration. Status: 500 Text: JSON reply had no "payload" value I've already double-checked the basic config, but still no luck. From what I understand, this might be related to: Missing or misconfigured Allowed IPs on the SOAR server Improper authorization settings Possibly an issue with the server not returning the expected JSON format Has anyone faced this before or have any ideas on how to troubleshoot this? Any guidance or checklist would be super helpful Thanks in advance!
... View more
Labels
05-15-2025
09:14 PM
Could you help me with guiding me for setting up these whole thing.
... View more
05-14-2025
11:36 PM
Thanks for suggesting this bro, Let me try this once and let you know what is the result.
... View more
05-14-2025
10:46 PM
I’m forwarding logs from an EC2 instance using rsyslog with the omhttp module to a Splunk HEC endpoint running on another EC2 instance (IP: 172.31.25.126) over *port 8088*.My rsyslog.conf includes: rsyslog module(load="omhttp") action(type="omhttp" server="172.31.25.126" port="8088" uri="/services/collector/event" headers=["Authorization: Splunk <token>"] template="RSYSLOG_SyslogProtocol23Format" queue.filename="fwdRule1" queue.maxdiskspace="1g" queue.saveonshutdown="on" queue.type="LinkedList" action.resumeRetryCount="-1" )### Problem:Even though I’ve explicitly configured port 8088, I get this error: omhttp: suspending ourselves due to server failure 7: Failed to connect to 172.31.25.126 port 443: No route to hostIt seems like omhttp is still trying to use *HTTPS (port 443)* instead of *plain HTTP on port 8088*.---### Questions:1. How do I force the omhttp module to use HTTP instead of HTTPS? 2. Is there a configuration parameter to explicitly set the protocol scheme (http vs https)? 3. Is this behavior expected if I just set the port to 8088 without configuring the protocol?Any insights or examples are appreciated. Thanks!
... View more
Labels
- Labels:
-
configuration
-
troubleshooting
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-07-2025
03:03 AM
|
