Activity Feed
- Got Karma for Encrypted information from deployer to search head. 07-18-2024 07:25 AM
- Got Karma for How to use deployer to push app to the search head cluster?. 06-05-2020 12:49 AM
- Got Karma for Re: Splunk Enterprise Security: Adaptive Response Action Adhoc invocation failed. 06-05-2020 12:49 AM
- Got Karma for Re: Splunk Enterprise Security: Adaptive Response Action Adhoc invocation failed. 06-05-2020 12:49 AM
- Got Karma for Re: Splunk Enterprise Security: Adaptive Response Action Adhoc invocation failed. 06-05-2020 12:49 AM
- Got Karma for Re: Splunk Enterprise Security: Adaptive Response Action Adhoc invocation failed. 06-05-2020 12:49 AM
- Got Karma for Re: Custom search command always shows Statistics tab. 06-05-2020 12:48 AM
- Got Karma for Splunk Enterprise Security: Do I need to create a new correlation search to use threat intelligence?. 06-05-2020 12:48 AM
- Posted How to get information in ModularAction on All Apps and Add-ons. 04-18-2019 07:55 AM
- Tagged How to get information in ModularAction on All Apps and Add-ons. 04-18-2019 07:55 AM
- Tagged How to get information in ModularAction on All Apps and Add-ons. 04-18-2019 07:55 AM
- Tagged How to get information in ModularAction on All Apps and Add-ons. 04-18-2019 07:55 AM
- Posted Re: Encrypted information from deployer to search head on Deployment Architecture. 12-05-2017 01:06 PM
- Posted Re: Encrypted information from deployer to search head on Deployment Architecture. 12-05-2017 06:53 AM
- Posted Re: Encrypted information from deployer to search head on Deployment Architecture. 12-05-2017 05:50 AM
- Posted Encrypted information from deployer to search head on Deployment Architecture. 12-04-2017 01:55 PM
- Tagged Encrypted information from deployer to search head on Deployment Architecture. 12-04-2017 01:55 PM
- Tagged Encrypted information from deployer to search head on Deployment Architecture. 12-04-2017 01:55 PM
- Posted Re: How to use deployer to push app to the search head cluster? on Deployment Architecture. 12-04-2017 10:26 AM
- Posted How to use deployer to push app to the search head cluster? on Deployment Architecture. 12-04-2017 10:09 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
07-18-2024
09:24 AM
Hi @woodcock this is old topic however just want to know if pushing addon from deployer using encrypted credentials in new local/passwords.conf (previously encrypted by clustered search head) is different in term of behavior than configuring addon on search head (web UI) and letting SHC replicating passwords.conf?
... View more
01-06-2021
11:52 PM
I encountered the very same error. I was following this guide: https://www.splunk.com/en_us/blog/tips-and-tricks/write-your-own-search-language.html What I noticed was that this guide is from 2008. Newer version of Splunk already have a built-in "shape" command. This one is defined in etc/system/default/searchbnf.conf: [shape-command]
syntax = shape <field> (maxvalues=<int>)? (maxresolution=<int>)?
shortdesc = Produces a symbolic 'shape' attribute describing the shape of a numeric multivalued field. Apparently, the built-in shape command takes precedence over your custom shape command when running a search. So I suggest rename your "shape" command to "shape2" or something else.
... View more
04-18-2019
07:55 AM
We are developing a ModularAction using the CIM framework, and we want to know how to get the following information:
trigger_date
trigger_timeHMS
trigger_time
These are the possible tokens user can enter into the config according to this doc:
https://docs.splunk.com/Documentation/Splunk/7.2.5/AdvancedDev/ModAlertsLog#Pass_search_result_values_to_alert_action_tokens
Thank you very much in advance!
... View more
12-04-2017
10:49 AM
@irsysintegration, push it using $Splunk_Home/bin/splunk apply shcluster-bundle -target https://<Search Head Host>:8089 .
... View more
09-09-2019
06:07 PM
Thanks @jawaharas, just so happens I'm fault finding the TheHive add-on too
... View more
09-14-2017
07:31 AM
Ok, answering my own question. One way to contribute. 🙂
Need to set the following env var:
SPLUNKD_URI
to the FQDN of your machine. Then it will work.
... View more
07-11-2017
10:43 AM
The default correlation would show in threat activity dashboard as well as would generate a notable event provided the correlation search is enabled and configured. There is a bit of housekeeping that is performed to prepare the data. I would take a look at the threat gen saved searches within ES, specifically Threat - Source And Destination Matches - Threat Gen and take a look at the search interval and also the search to ensure it runs. You can also look at the threat activity data model data and see what is in there as this is where the correlation search looks.
... View more
01-02-2020
01:17 AM
Getting same issue . how to upload the custom app on splunk cloud.
... View more
09-11-2017
01:38 PM
But new code should use v2.
... View more
