cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
saotaigiri
Path Finder
Member since: ‎04-14-2020
‎01-19-2022
Community Statistics
Posts 17
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎04-14-2020
Activity Feed
Topics I've Started
View All

How do I set up Azure nsg logs on Splunk clouds?

by in Splunk Cloud Platform
‎01-18-2022 02:41 PM
‎01-18-2022 02:41 PM
Please, how do I set up Azure nsg logs on Splunk clouds? Please, does anyone have any material on that? ... View more

Re: Universal forwarder not for forwarding

by in Splunk Enterprise
‎12-11-2020 07:11 AM
‎12-11-2020 07:11 AM
Does the forwarder have inputs defined and enabled?  Has the forwarder written any error messages into its splunkd.log file?   Please I'm not too sure what you are asking, I installed the forwarder the normal way via windows, put in the splunk id and PW, put in a deployment server IP with the normal port 8089, the indexer @ 9997 and finished the installation. Not sure what I did wrong. Please help I'm a novice. ... View more

Universal forwarder not for forwarding

by in Splunk Enterprise
‎12-10-2020 01:18 PM
‎12-10-2020 01:18 PM
After installing the universal forwarder on the forwarding host using windows, the splunk enterprise has been able to detect it but it is not sending any logs. Has 0 deployed apps. Please I need help on how to get it to start forwarding logs. Thanks. ... View more
Labels

Re: Alert Omitting

by in Alerting
‎10-01-2020 08:19 AM
‎10-01-2020 08:19 AM
The output of the query brings the source IP, number of dest port and IPs. So when I dug deeper by search source IP one by one I found each IP address traffic is UDP 514 which is syslog server, hence my intent to add dedup udp514 to the query.  Please what do you think? ... View more

Alert Omitting

by in Alerting
‎10-01-2020 07:27 AM
‎10-01-2020 07:27 AM
The query below is what is used to detect scanning on a network: | tstats summariesonly=t allow_old_summaries=t dc(All_Traffic.dest_port) as num_dest_port dc(All_Traffic.dest_ip) as num_dest_ip from datamodel=Network_Traffic by All_Traffic.src_ip | rename "All_Traffic.*" as "*" | where num_dest_port > 100 OR num_dest_ip > 100 | sort - num_dest_ip   Unfortunately it detects syslog scanning and causes false positives. Please I need help on how or where to add dedup udp514 to the syntax so it omits the syslog files it detects or an option on how to omit the syslog files. Thanks   ... View more
Labels

Re: Top splunk alerts that fired

by in Dashboards & Visualizations
‎09-10-2020 11:47 AM
‎09-10-2020 11:47 AM
Please what is the query for this search? ... View more

Top alerts fires

by in Splunk Enterprise Security
‎09-10-2020 10:54 AM
‎09-10-2020 10:54 AM
Please I am looking for a query to search for the top alerts that fired within 2 weeks (or within a time frame). I am also looking for a query to show anomalies within a time frame ... View more
Labels

Re: Top splunk alerts that fired

by in Dashboards & Visualizations
‎09-10-2020 10:46 AM
‎09-10-2020 10:46 AM
Please what is the query for this search? ... View more

Splunk Forwarder issue

by in Getting Data In
‎08-14-2020 10:28 AM
‎08-14-2020 10:28 AM
A forwarder which was working before has stopped for up to a month now. After checking, it is confirmed that the forwarder is correctly configured, the service is running and reporting to the indexer, however there is no data showing on the indexer side or when a search is run on splunk  for that forwarder. Can someone please help me in the right direction? ... View more
Labels

Re: Idle log

by in Splunk Search
‎06-30-2020 10:58 AM
‎06-30-2020 10:58 AM
The query below is what I am using but it doesn't seem to work. Please can you look at it and if possible tweak to the correct one. | rest /services/server/info | eval LastStartupTime=strftime(startuptime, "%Y/%m/%d %H:%M:%S") | eval timenow=now() | eval daysup = round((timenow - startuptime) / 86400,0) | eval Uptime = tostring(daysup) + " Days" | table splunk_server LastStartupTime Uptime   I am looking to get an alert when  a server or host meant to be feeding Splunk goes down. Thanks ... View more

Re: Idle log

by in Splunk Search
‎06-29-2020 11:36 AM
‎06-29-2020 11:36 AM
Thanks for your reply, please could help to write the SPL query. I am not good at writing SPL queries. ... View more

Re: Idle log

by in Splunk Search
‎06-26-2020 08:51 AM
‎06-26-2020 08:51 AM
Hello, The server was turned off to test if the alert would work but t did not work. Please what can I do  to get an alert  where the forwarder is not getting any  data ... View more

Splunk processing Language (SPL)

by in All Apps and Add-ons
‎06-25-2020 12:30 PM
‎06-25-2020 12:30 PM
Please who knows a website where I can get video tutorials on Splunk processing Language (SPL) ... View more
Labels

Re: Idle log

by in Splunk Search
‎06-24-2020 12:50 PM
‎06-24-2020 12:50 PM
It is greyed out, should i enable it? ... View more

Idle log

by in Splunk Search
‎06-24-2020 12:44 PM
‎06-24-2020 12:44 PM
i need script in SPL to show when there is an idle forwarder or if a forwarder isn't forwarding ... View more
Labels

Script for idle logger

by in Splunk Search
‎06-23-2020 07:57 AM
‎06-23-2020 07:57 AM
Please i need a script that can give result when there is an idle logger, or when the fowarder isnt feed any information ... View more
Labels

How to learn Search processing language?

by in Splunk Search
‎04-14-2020 11:10 AM
‎04-14-2020 11:10 AM
Please i want to learn search processing language, is there some of video tutorial in? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-19-2022 11:22 AM