Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About kannu
kannu
Communicator
Member since:
04-20-2017
2 weeks ago
Community Statistics
| Posts | 103 |
| Solutions | 1 |
| Karma Given | 22 |
| Karma Received | 3 |
| Member Since | 04-20-2017 |
Activity Feed
- Karma Re: Why i am not able to use ACS services on Splunk cloud trial version for kprior201. 2 weeks ago
- Posted Re: Why i am not able to use ACS services on Splunk cloud trial version on Splunk Cloud Platform. 2 weeks ago
- Posted Why i am not able to use ACS services on Splunk cloud trial version on Splunk Cloud Platform. 2 weeks ago
- Posted Re: CIM compliance add-on normalizes data to which data model on Knowledge Management. 03-06-2024 02:11 AM
- Posted CIM compliance add-on normalizes data to which data model on Knowledge Management. 03-05-2024 04:14 AM
- Got Karma for How do I add JavaScript to a Splunk dashboard?. 11-15-2023 01:29 AM
- Got Karma for Re: extract multiple values from fields in same event. 04-20-2022 05:28 AM
- Posted sample data for splunk PCI compliance app on Security. 02-03-2022 12:44 AM
- Tagged sample data for splunk PCI compliance app on Security. 02-03-2022 12:44 AM
- Tagged sample data for splunk PCI compliance app on Security. 02-03-2022 12:44 AM
- Posted Re: extract multiple values from fields in same event on Splunk Search. 04-28-2021 11:25 PM
- Posted Re: extract multiple values from fields in same event on Splunk Search. 04-26-2021 10:52 PM
- Posted extract multiple values from fields in same event on Splunk Search. 04-26-2021 07:47 AM
- Karma Re: extract first value from json subarray for vnravikumar. 06-05-2020 12:51 AM
- Karma Re: Force splunk to get timestamp of file created for richgalloway. 06-05-2020 12:50 AM
- Karma Re: How do you calculate the average across columns in a table? for renjith_nair. 06-05-2020 12:50 AM
- Karma Re: forwarding logs to third party system for coccyx. 06-05-2020 12:50 AM
- Karma Re: forwarding logs to third party system for chrisyounger. 06-05-2020 12:50 AM
- Karma Re: How to extract month and year from _time for vishaltaneja070. 06-05-2020 12:50 AM
- Karma Re: How come the LDAP config is not picking up users directly under OU? for JDukeSplunk. 06-05-2020 12:50 AM
03-06-2024
02:54 AM
Hi @kannu, I understand: there aren't eventtypes.conf and tags.conf, (I don't understand how it was declared CIM compliant!). The only way is consider them as custom and follow the normalization process using the Add-On builder or the SA-CIM Vlaidator. Ciao. Giuseppe
... View more
07-12-2022
04:40 AM
Hi @kannu, did this fix your problem? Currently im facing the same, set DATETIME_CONFIG = Current - this inserts the file now in my configured schedule but only the headers of the CSV file.. Any suggestions?
... View more
06-30-2022
07:40 AM
@harsmarvania57 I found your solution more relevant to my case. I need to renew the RSA password; is it possible to change RSA password during server.pem renewal?
... View more
02-03-2022
12:44 AM
Hello All, I am working on building use cases for PCI compliance , Just got to know that splunk has an PCI compliance app for checking that clients data is PCI compliant or not . Just wondering if i can get sample data from somewhere to test My use cases and run the PCI compliance app as well . Thanks in advance Manish Kumar
... View more
Labels
- Labels:
-
SSO
07-22-2021
03:53 AM
1 Karma
This seems wrong now, support answer: Upgrade will no renew the default certificates. You will have to do it on your own.
... View more
04-28-2021
11:25 PM
1 Karma
Well , I have figured out the answer of my problem , Which is first I have extracted the inner json , from main json event , then i have used props.conf to index them using seprate event in that way splunk is taking all field with separate events . [azure] LINE_BREAKER=((?<=\}),(?=\{)|[\r\n]+) TRUNCATE = 0 SHOULD_LINEMERGE = false SEDCMD-remove_prefix=s/{"body":{"records":.?\[//g SEDCMD-remove_suffix=s/\]}.*}//g
... View more
10-16-2020
01:08 PM
This is an endorsement by a Cribl employee. As a previous user of Cribl, I would not recommend it.
... View more
07-09-2020
03:56 AM
The app is limited to 3. If you want to have more you need to edit the code.
... View more
- Tags:
- Teh
08-14-2019
01:26 AM
Hello Splunkers ,
Good day
I am stuck with one problem where i am monitoring .gz files using UF and getting the data on splunk as expected .
But when i have checked splunkd.log in that i am seeing below error
08-14-2019 02:34:43.158 -0500 ERROR ArchiveContext - From archive='E:\Tanium\Tanium Module Server\services\connect-files\output\SavedQuestion\Splunk-Running-Processes-with-MD5-Hash\Splunk-Running-Processes-with-MD5-Hash_2019-08-13T15-42-22.gz': Decompression error
Can anybody suggest how to get rid of it .
Thanks in advance
Kannu (manish kumar)
... View more
- Tags:
- gz
- splunk-enterprise
07-19-2019
04:59 AM
If you want to run in powershell please try same command starting with &
& "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd openssl x509 -in "C:\Program Files\SplunkUniversalForwarder\etc\auth\server.pem" -noout -enddate
... View more
06-24-2019
06:06 AM
@marycordova
After enabling all logging , Still i am not able to fetch /search the data for any of the field
Id
• Name
• Host_name
• OS_version
• State
• Agent_version
• Policy
• Last_logged_in_user
• Update_type
• Update_available
• Background_detection
• Is_safe
• Date_last_modified
• Ip_address
• Mac_address
• Date_first_registered
• Date_offline
... View more
05-10-2019
07:33 AM
Well, most of the people put the syslog directly to Heavy Forwarder Server. So if you don't have separate syslog server, then you can re-use the "syslog" software on the HF server itself as long as it is not heavily loaded.
esxi system (push via syslog) => Syslog server (collect using rsyslog or syslog-ng) => Splunk UF or HF can then send this to Indexer => Install addon on indexer/SH to extract fields (and on HF)
... View more
03-28-2019
06:46 AM
Pls look at https://docs.splunk.com/Documentation/StreamApp/7.1.2/DeployStreamApp/FileTransfer and specifically configure section, where you can edit and enable ftp.
https://docs.splunk.com/Documentation/StreamApp/7.1.2/User/ConfigureStreams
... View more
04-15-2019
02:43 AM
@knielsen . Your query is not returning the result in manner which i want .
SsdfWsdfC4 VMware, Inc.
SWsdfBeF5 VMware, Inc.
ansdfging5 5.0.3
asd1dfsing6 5.0.3
ansdfsdfg2
6.2.1
... View more
10-28-2019
03:41 AM
I'd use splunk app PDI : https://splunkbase.splunk.com/app/1901/
Or the latest Splunk data stream processing : https://www.splunk.com/en_us/software/stream-processing.html
... View more
10-09-2018
11:59 AM
Not exactly, the linked answer tells you to test the LDAP connection, and connection information with another tool and visually check the results for verification purpose.
Anyway, have a look at @JDukeSplunk answer how to setup multiple OU's for userBaseDN
cheers, MuS
... View more
11-23-2018
09:55 PM
See one of my recent answers in case your table as multi-values and you want to color them based on range: https://answers.splunk.com/answers/694420/is-it-possible-to-highlight-a-value-within-a-multi-1.html
... View more
09-20-2018
09:04 PM
@kannu ,
Try
index="your index" NOT [|inputlookup yourcsvfile]
... View more
10-23-2018
12:52 AM
as @teunlaan mentioned: the list forward-server command, only shows things as active, when there is actual data going across. If your only input is running just once every 5 minutes, then it will probably be silent for a good part of the time and therefor showing as inactive.
If you put a watch on that command, and keep your eyes on it when the scripted input triggers, you'll likely see it come to life.
... View more
06-07-2018
03:54 AM
1 Karma
@kannu, please refer to this documentation on Building your own custom visualization using Splunk's Custom Visualization API.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
2 weeks ago
|
Karma given to
