cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
emikulic
Explorer
Member since: ‎07-29-2014
‎10-18-2023
Community Statistics
Posts 8
Solutions 0
Karma Given 0
Karma Received 5
Member Since ‎07-29-2014
Activity Feed
Topics I've Started
No posts to display.
View All

Re: How to edit inputs.conf to prevent WinNetMon f...

by in Getting Data In
‎10-18-2023 10:00 AM
‎10-18-2023 10:00 AM
This is an old post so a known issue. I think folks using ES app or using Splunk as a SIEM and almost any US Govt supplier will need most of that 'extra' info for any IT sec forensic analysis. Most all US Govt suppliers are subject to NIST now and CMMC coming in 2024. I would imagine HIPPA, SOX, GDPR, GLBA, and CCPA companies systems will need that as well. It is noisy but attacks are very often using non-standard ports to transfer information/data to/from an outside host like ICMP, SSH, and RDP as most application level IDS/IPS are looking at 80/443 inspection. For general SMB and Small Enterprise this is probably viable in some respects though. ... View more

Re: How can I control the client's Host Name that ...

by in Deployment Architecture
‎05-06-2022 08:42 AM
‎05-06-2022 08:42 AM
As I've learned recently, there's nothing stopping someone from defining a different Host value in an input, and causing that problematic situation much more quickly and broadly.  This seems like a huge oversight in functionality. ... View more

Re: How do you run btool check against all apps in...

by in Monitoring Splunk
‎11-29-2021 12:58 PM
‎11-29-2021 12:58 PM
This is a poor workaround and results in errors in the btool.log for one.  This needs a better supported solution for checking deployment apps before they are pushed out (or after). /opt/splunk/bin/splunk btool check --dir=/opt/splunk/etc/deployment-apps-symlink --debug | grep Splunk_TA_windows Even with or without the symlink to 'system' under this new deployment-apps-symlink, there are btool errors about spec files either not being present, or being in the incorrect place as per.     ... View more

Re: deployment server Application warning

by in Deployment Architecture
‎11-29-2021 10:23 AM
‎11-29-2021 10:23 AM
I have tried all these too and cannot seem to get deployment server apps checked. the btool output is simply silent. ... View more

Re: Why are forwarders not showing up in Add Data ...

by in Splunk Dev
‎09-16-2015 01:43 PM
‎09-16-2015 01:43 PM
You can also check inbound EventsPerSecond or Kbps similarly: index=_internal "group=thruput" host=myhosts* | timechart avg(instantaneous_eps) by host span=1m or index=_internal "group=thruput" host=myhosts* | timechart avg(instantaneous_kbps) by host span=1m naturally you'd check these in a real-time or short window if you are looking for what is happening at that minute. ... View more

Re: round fuction usage for avg command output

by in Splunk Search
‎04-03-2019 08:35 AM
‎04-03-2019 08:35 AM
I know this has been around a while, but I felt I should share this with the community. You can incorporate the eval statement into the stats command: EG: | stats avg(eval(round(duration,0))) AS Avg_Duration [https://docs.splunk.com/Documentation/Splunk/7.2.5/Search/Usestatswithevalexpressionsandfunctions] This especially works well when you are using a split by statement. EG: | stats avg(eval(duration(count,0))) AS Avg_Duration by something ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-18-2023 10:11 AM
Karma from