Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About ghostdog920
ghostdog920
Path Finder
Member since:
04-05-2017
02-16-2023
Community Statistics
| Posts | 36 |
| Solutions | 3 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 04-05-2017 |
Activity Feed
- Posted How to get Splunk Enterprise v9 embed website into Dashboard panel? on Dashboards & Visualizations. 02-16-2023 08:16 AM
- Posted Palo/Splunk Parsing Issue - Field values are Truncating on Splunk Search. 07-01-2021 12:13 PM
- Posted Palo/Splunk Parsing Issue - Field values are Truncating on Splunk Search. 06-15-2021 12:12 PM
- Posted Re: Help With Event Cleanup - Remove "-" on Splunk Search. 08-07-2020 07:25 AM
- Karma Re: Help With Event Cleanup - Remove "-" for thambisetty. 08-07-2020 07:25 AM
- Posted Re: Help With Event Cleanup - Remove "-" on Splunk Search. 08-07-2020 07:15 AM
- Karma Re: Help With Event Cleanup - Remove "-" for thambisetty. 08-07-2020 07:15 AM
- Posted Help With Event Cleanup - Remove "-" on Splunk Search. 08-07-2020 07:04 AM
- Posted Re: Multi Valued Field Help on Splunk Search. 05-07-2019 04:44 AM
- Posted Re: Multi Valued Field Help on Splunk Search. 05-06-2019 05:57 AM
- Posted Re: Multi Valued Field Help on Splunk Search. 05-02-2019 12:22 PM
- Posted Re: Multi Valued Field Help on Splunk Search. 05-02-2019 12:22 PM
- Posted Re: Multi Valued Field Help on Splunk Search. 05-02-2019 12:22 PM
- Posted Re: Multi Valued Field Help on Splunk Search. 05-02-2019 10:27 AM
- Posted Re: Multi Valued Field Help on Splunk Search. 05-02-2019 10:26 AM
- Posted Re: Multi Valued Field Help on Splunk Search. 05-02-2019 10:10 AM
- Posted Re: Multi Valued Field Help on Splunk Search. 05-02-2019 09:55 AM
- Posted Re: Multi Valued Field Help on Splunk Search. 05-02-2019 09:53 AM
- Posted Multi Valued Field Help on Splunk Search. 05-02-2019 08:17 AM
- Tagged Multi Valued Field Help on Splunk Search. 05-02-2019 08:17 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-16-2023
08:16 AM
I am working on a dashboard for my help desk and would like to embed a website, https://status.twilio.com/ so that staff can easily view from the vendor if they are experiencing outages all from a single pane of glass. I can see in the old versions of splunk with html dashboards how to do this but not with the new version of dashboards and am not having much luck trying to figure this out. I attempted the below via a drill down but clearly not getting what I want, which is the content to hopefully display as an embeded page within the dashboard. Granted my drill down doesnt work either. Below is my code for the panel itself where i am trying to get this working. Not being a coder and not familiar with XML i realize i am asking for quite a bit of help. Any insight anyone can offer is greatly appreciated.
{
"type": "splunk.table",
"options": {
"count": 100,
"dataOverlayMode": "none",
"drilldown": "none",
"percentagesRow": false,
"rowNumbers": false,
"totalsRow": false,
"wrap": true
},
"dataSources": {},
"title": "Twilio Status",
"description": "",
"eventHandlers": [
{
"type": "drilldown.customUrl",
"options": {
"url": "https://status.twilio.com/"
}
}
],
"context": {},
"showProgressBar": false,
"showLastUpdated": false
}
... View more
Labels
- Labels:
-
dashboard
-
Dashboard Studio
07-01-2021
12:13 PM
Finally got this all straightened out. Needed to use cef utils for splunk along with a separate syslog destination from my panorama with custom cef events setup for the config section to get what i wanted.
... View more
06-15-2021
12:12 PM
Having a strange issue and not sure what my culprit/problem is. Have a panorama to syslogng to Heavy Forwarder to Indexer with a single search head. I see the parsing (I think) where fields are found and values= but they are truncating. Specifically, my raw event has this in it: before_change_detail="Emergency by IP { static [ ""Jim CentOS"" ]; } " after_change_detail=Emergency by IP { } but when i look at the field values, this is what i get: Any ideas on why my field values are getting cut short?
... View more
Labels
- Labels:
-
field extraction
08-07-2020
07:15 AM
So the mvindex basically says for that field, choose in this case, the 2nd value for the field as the only value for that field?
... View more
08-07-2020
07:04 AM
I am having a problem with what i believe is writing a regex to clean up some events before i report on them in dashboard. I am pulling specific security events from windows and each event should return a username and a domain. I am getting those results, but with each, it is also returning a second data item "-". That is throwing things off/making it look ugly and i havent had much luck ripping it out. Hoping someone can assist and possibly explain what the solution is doing? I tried to do an eval replace for the field where "-" is replaced with "" but then none of my events showed up so clearly that was wrong. A sample event looks like this to help clarify what i am getting: I basically need to drop the first line from both the "Account" and also "Account_Domain" so that i would only get service. and PF as values. As always, help is greatly appreciated.
... View more
05-07-2019
04:44 AM
Got this working (or at least not erroring) after I appended the index|rename as needed. I get a raw event dump and the regex fields still aren't listed in the "interesting fields" section as I would expect, but perhaps they wouldn't be?
... View more
05-06-2019
05:57 AM
Thanks everyone for the responses. I was out of the office Friday and also today so will get back to playing with this tomorrow and let you know the status.
... View more
05-02-2019
12:22 PM
So sorry, thought i responded back. I tried this:
index=nessus| makeresults |eval plug_out="Subject Name: Country: US State/Province: Virginia Locality: Glen Allen" | rex field=plug_out "Country:\s+(?.?)\s+State\/Province:\s+(?.?)\s+Locality:\s+(?.*)$"
And i got this output:
Error in 'rex' command: Encountered the following error while compiling the regex 'Country:\s+(?.?)\s+State\/Province:\s+(?.?)\s+Locality:\s+(?.*)$': Regex: unrecognized character after (? or (?-
The search job has failed due to an error. You may be able view the job in the Job Inspector.
Thoughts on where i messed up?
... View more
05-02-2019
12:22 PM
Tried this:
index=nessus| makeresults |eval plug_out="Subject Name: Country: US State/Province: Virginia Locality: Glen Allen" | rex field=plug_out "Country:\s+(?.?)\s+State\/Province:\s+(?.?)\s+Locality:\s+(?.*)$"
And got this:
Error in 'rex' command: Encountered the following error while compiling the regex 'Country:\s+(?.?)\s+State\/Province:\s+(?.?)\s+Locality:\s+(?.*)$': Regex: unrecognized character after (? or (?-
The search job has failed due to an error. You may be able view the job in the Job Inspector.
... View more
05-02-2019
12:22 PM
Still no go. Thanks for all your help with this though as i wouldn't have gotten this far without you.
... View more
05-02-2019
10:26 AM
05-02-2019
10:10 AM
Ok, unfortunately I do not see those "fields" if you will on the left side nav bar, nor does the table output anything other than the headers with no data.
... View more
05-02-2019
09:55 AM
WIth this expression, and excuse my ignorance, the rex creates extractions that go where? Or maybe a better way to ask is if i do that and don't see fields created for the attributes, how do i reference those rex values for a table (as an example)?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-16-2023
04:52 PM
|
