Activity Feed
- Posted How do I set up Azure nsg logs on Splunk clouds? on Splunk Cloud Platform. 01-18-2022 02:41 PM
- Posted Re: Universal forwarder not for forwarding on Splunk Enterprise. 12-11-2020 07:11 AM
- Posted Universal forwarder not for forwarding on Splunk Enterprise. 12-10-2020 01:18 PM
- Posted Re: Alert Omitting on Alerting. 10-01-2020 08:19 AM
- Posted Alert Omitting on Alerting. 10-01-2020 07:27 AM
- Posted Re: Top splunk alerts that fired on Dashboards & Visualizations. 09-10-2020 11:47 AM
- Tagged Re: Top splunk alerts that fired on Dashboards & Visualizations. 09-10-2020 11:47 AM
- Posted Top alerts fires on Splunk Enterprise Security. 09-10-2020 10:54 AM
- Posted Re: Top splunk alerts that fired on Dashboards & Visualizations. 09-10-2020 10:46 AM
- Posted Splunk Forwarder issue on Getting Data In. 08-14-2020 10:28 AM
- Posted Re: Idle log on Splunk Search. 06-30-2020 10:58 AM
- Posted Re: Idle log on Splunk Search. 06-29-2020 11:36 AM
- Posted Re: Idle log on Splunk Search. 06-26-2020 08:51 AM
- Posted Splunk processing Language (SPL) on All Apps and Add-ons. 06-25-2020 12:30 PM
- Posted Re: Idle log on Splunk Search. 06-24-2020 12:50 PM
- Posted Idle log on Splunk Search. 06-24-2020 12:44 PM
- Posted Script for idle logger on Splunk Search. 06-23-2020 07:57 AM
- Posted How to learn Search processing language? on Splunk Search. 04-14-2020 11:10 AM
- Tagged How to learn Search processing language? on Splunk Search. 04-14-2020 11:10 AM
- Tagged How to learn Search processing language? on Splunk Search. 04-14-2020 11:10 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-18-2022
02:41 PM
Please, how do I set up Azure nsg logs on Splunk clouds? Please, does anyone have any material on that?
... View more
Labels
- Labels:
-
configuration
-
using Splunk Cloud
12-11-2020
07:11 AM
Does the forwarder have inputs defined and enabled? Has the forwarder written any error messages into its splunkd.log file? Please I'm not too sure what you are asking, I installed the forwarder the normal way via windows, put in the splunk id and PW, put in a deployment server IP with the normal port 8089, the indexer @ 9997 and finished the installation. Not sure what I did wrong. Please help I'm a novice.
... View more
12-10-2020
01:18 PM
After installing the universal forwarder on the forwarding host using windows, the splunk enterprise has been able to detect it but it is not sending any logs. Has 0 deployed apps. Please I need help on how to get it to start forwarding logs. Thanks.
... View more
Labels
- Labels:
-
configuration
10-01-2020
08:19 AM
The output of the query brings the source IP, number of dest port and IPs. So when I dug deeper by search source IP one by one I found each IP address traffic is UDP 514 which is syslog server, hence my intent to add dedup udp514 to the query. Please what do you think?
... View more
10-01-2020
07:27 AM
The query below is what is used to detect scanning on a network: | tstats summariesonly=t allow_old_summaries=t dc(All_Traffic.dest_port) as num_dest_port dc(All_Traffic.dest_ip) as num_dest_ip from datamodel=Network_Traffic by All_Traffic.src_ip | rename "All_Traffic.*" as "*" | where num_dest_port > 100 OR num_dest_ip > 100 | sort - num_dest_ip Unfortunately it detects syslog scanning and causes false positives. Please I need help on how or where to add dedup udp514 to the syntax so it omits the syslog files it detects or an option on how to omit the syslog files. Thanks
... View more
Labels
- Labels:
-
alert action
09-10-2020
10:54 AM
Please I am looking for a query to search for the top alerts that fired within 2 weeks (or within a time frame). I am also looking for a query to show anomalies within a time frame
... View more
Labels
- Labels:
-
using Enterprise Security
08-14-2020
10:28 AM
A forwarder which was working before has stopped for up to a month now. After checking, it is confirmed that the forwarder is correctly configured, the service is running and reporting to the indexer, however there is no data showing on the indexer side or when a search is run on splunk for that forwarder. Can someone please help me in the right direction?
... View more
Labels
- Labels:
-
universal forwarder
06-30-2020
10:58 AM
The query below is what I am using but it doesn't seem to work. Please can you look at it and if possible tweak to the correct one. | rest /services/server/info | eval LastStartupTime=strftime(startuptime, "%Y/%m/%d %H:%M:%S") | eval timenow=now() | eval daysup = round((timenow - startuptime) / 86400,0) | eval Uptime = tostring(daysup) + " Days" | table splunk_server LastStartupTime Uptime I am looking to get an alert when a server or host meant to be feeding Splunk goes down. Thanks
... View more
06-29-2020
11:36 AM
Thanks for your reply, please could help to write the SPL query. I am not good at writing SPL queries.
... View more
06-26-2020
08:51 AM
Hello, The server was turned off to test if the alert would work but t did not work. Please what can I do to get an alert where the forwarder is not getting any data
... View more
06-25-2020
12:30 PM
Please who knows a website where I can get video tutorials on Splunk processing Language (SPL)
... View more
Labels
- Labels:
-
development
06-24-2020
12:44 PM
i need script in SPL to show when there is an idle forwarder or if a forwarder isn't forwarding
... View more
Labels
- Labels:
-
lookup
06-23-2020
07:57 AM
Please i need a script that can give result when there is an idle logger, or when the fowarder isnt feed any information
... View more
Labels
- Labels:
-
search job inspector
04-14-2020
11:10 AM
Please i want to learn search processing language, is there some of video tutorial in?
... View more
