Activity Feed
- Got Karma for Re: Splunk App for Microsoft Exchange: Why am I getting error "Mapping for unqualified users not provided" during initial setup?. 06-05-2020 12:47 AM
- Got Karma for Cisco IPS Error [errno="" 8]. 06-05-2020 12:46 AM
- Got Karma for Cisco IPS Error [errno="" 8]. 06-05-2020 12:46 AM
- Got Karma for Cisco IPS Error [errno="" 8]. 06-05-2020 12:46 AM
- Got Karma for Cisco IPS Error [errno="" 8]. 06-05-2020 12:46 AM
- Got Karma for Re: Cisco IPS Error [errno="" 8]. 06-05-2020 12:46 AM
- Posted Web Analytics Site Override on All Apps and Add-ons. 02-21-2020 02:21 PM
- Tagged Web Analytics Site Override on All Apps and Add-ons. 02-21-2020 02:21 PM
- Tagged Web Analytics Site Override on All Apps and Add-ons. 02-21-2020 02:21 PM
- Tagged Web Analytics Site Override on All Apps and Add-ons. 02-21-2020 02:21 PM
- Posted Has anyone tried to use the Splunk Add-on for JBoss - Version 7.1 on Splunk Enterprise 7.1? on All Apps and Add-ons. 02-22-2019 12:02 PM
- Tagged Has anyone tried to use the Splunk Add-on for JBoss - Version 7.1 on Splunk Enterprise 7.1? on All Apps and Add-ons. 02-22-2019 12:02 PM
- Tagged Has anyone tried to use the Splunk Add-on for JBoss - Version 7.1 on Splunk Enterprise 7.1? on All Apps and Add-ons. 02-22-2019 12:02 PM
- Tagged Has anyone tried to use the Splunk Add-on for JBoss - Version 7.1 on Splunk Enterprise 7.1? on All Apps and Add-ons. 02-22-2019 12:02 PM
- Posted Re: Splunk App for Microsoft Exchange: Why am I getting error "Mapping for unqualified users not provided" during initial setup? on All Apps and Add-ons. 02-05-2015 09:40 AM
- Posted Splunk App for Microsoft Exchange: Why am I getting error "Mapping for unqualified users not provided" during initial setup? on All Apps and Add-ons. 02-05-2015 09:37 AM
- Tagged Splunk App for Microsoft Exchange: Why am I getting error "Mapping for unqualified users not provided" during initial setup? on All Apps and Add-ons. 02-05-2015 09:37 AM
- Posted Perfmon Timechart - Multiple Series, Multiple Host on Splunk Search. 05-30-2014 09:56 AM
- Tagged Perfmon Timechart - Multiple Series, Multiple Host on Splunk Search. 05-30-2014 09:56 AM
- Tagged Perfmon Timechart - Multiple Series, Multiple Host on Splunk Search. 05-30-2014 09:56 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 4 | |||
| 0 | |||
| 0 |
02-21-2020
02:21 PM
I am planning on using the Splunk App for Web Analytics to provide information from a multiple webservers with multiple sites. When I exam the logs, it records each the sitename as W3SVC1, for example. In the app, configuring the site (Setup - Websites) using the site as W3SVC1 it works properly. However if I change the Site to the URL mysite.contoso.com, I get the a Reason:
Site in logs and in lookup mismatch. This might be ok if you want to override the default site name in the logs.
Yes, I would like to override this so it makes more sense to end users, instead of multiple W3SVC1 listed. If I move forward with the URL, I can run Generate user sessions, but if I run Generate pages, it returns 0 results. Using W3SVC1 Generate user sessions and Generate pages works properly.
Is there a way to override the Site in step 2 of Setup - Websites for the website configuration?
I am using IIS logs and I did read that I can make one site log and then it will display this, but ideally I would rather have each site have its own logs. Alternatively, if someone knows of another web analytics app, I would be interested.
Thank you!
... View more
02-22-2019
12:02 PM
Has anyone tried to use the Splunk Add-on for JBoss (https://splunkbase.splunk.com/app/2954/) with JBoss version 7.1 on Splunk Enterprise 7.1?
Does anyone know if the app will be updated?
Alternatively, there is a community JBoss app and Add-On (https://splunkbase.splunk.com/app/1805/ and https://splunkbase.splunk.com/app/1804/).
Has anyone tried these using the above versions?
Thank you!
... View more
02-05-2015
09:40 AM
1 Karma
Resolved issue, didn't select default unknown users. Didn't realize it was a drop down.
... View more
02-05-2015
09:37 AM
I am trying to setup the Splunk App for Microsoft Exchange and going through the wizard for initial setup. I get to the Domain Aliases screen to add mappings between domain alias and FQDN.
Currently I have this set to:
mydomain -> mydomain.com
However I get an error stating:
Mapping for unqualified users not provided.
Any advice why I am seeing this message?
... View more
05-30-2014
09:56 AM
I have been struggling to find the proper syntax for this type of timechart. This relates to creating a Windows PerfMon graph for multiple series (in the same counter) and multiple host to be able to easily compare. For example, I can graph Bytes Received/sec and Bytes Sent/sec with a simple search like:
index=MyIndex object="Network Interface" | timechart span=30min avg(Value) by counter
This provides gives the total for both host. Now I want to essentially add by host to the end of by counter. Any thoughts? Is this a multi-valued field???
... View more
05-22-2014
02:24 PM
kdick and dshpritz, thanks for the replies. Unfortunately the only the only way I have gotten this to work is by editing the $SPLUNK_HOME\Python-2.7\Lib\httplib.py library and adding the ssl_version:
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_TLSv1)
I have tried modifying the indents (tabs vs space) and new line character (LF vs CRLF). Could you expand on the issue with indents? Mind sharing the start of the $SPLUNK_HOME\etc\apps\Splunk_CiscoIPS\bin\pysdee\pySDEE.py file? Unfortunately Python is not one of my scripting languages
... View more
05-20-2014
01:58 PM
1 Karma
dshpritz, thank you for the post, however it is not working for me in Splunk 6.0.3. With the added code in pySDEE.py as you describe the sdee_get.log no longer records anything success or failures. Did you get this working with the Cisco IPS app?
... View more
10-24-2013
11:24 AM
You should see the IPS logs are populating the following file:
$SPLUNK_HOME\etc\apps\Splunk_CiscoIPS\var\log\ips_sdee.log.
If you are getting that far, it would be in your forwarder config. You can always re-enable the GUI if you are more comfortable doing that than the .conf files. Possibly look at another forwarder and copy and paste.
... View more
10-24-2013
09:41 AM
$SPLUNK_HOME/etc/system/local/outputs.conf
[tcpout]
defaultGroup = MyIndexer.MyDomain.com_9997
[tcpout:MyIndexer.MyDomain.com_9997]
server = MyIndexer.MyDomain.com:9997
[tcpout-server://MyIndexer.MyDomain.com:9997]
compressed = true
sslCertPath = $SPLUNK_HOME\etc\auth\MyForwarderPrivateKey.pem
sslPassword =
sslRootCAPath = $SPLUNK_HOME\etc\auth\MyRootCAPublicKey.pem
sslVerifyServerCert = true
Your outputs.conf file may appear different if you do not use your own CA certs. Let me know if you have questions.
... View more
10-24-2013
09:41 AM
$SPLUNK_HOME/etc/system/local/inputs.conf (may be found in
$SPLUNK_HOME\etc\apps\Splunk_CiscoIPS\local)
[default]
host = MyHost
[monitor://$SPLUNK_HOME\etc\apps\Splunk_CiscoIPS\var\log\ips_sdee.log.MyIPS_IPAddress]
sourcetype = cisco_ips_syslog
source = SDEE
disabled = false
index=MyIndex
... View more
10-24-2013
09:40 AM
On the server to collect the IPS logs, I downloaded and installed the full version of Splunk 5.0.5 from http://www.splunk.com/page/previous_releases which will be used for the lightweight forwarder.
I then installed the IPS app through the GUI (just easier and encrypted the password)
Under Data inputs » Files & directories I disabled $SPLUNK_HOME/etc/apps/Splunk_CiscoIPS/var/log/ as I do not need to index anything on the local server. At that point I changed it to the lightweight forwarder which disables the GUI. Then configured the inputs and outputs files.
... View more
10-17-2013
11:56 AM
I tried the very hackish replacing of the OpenSSL binary files in the bin directory with 0.9.8y but only got errors.
... View more
10-17-2013
11:34 AM
I had the same issue doing a new install on Splunk 6. I ended up having to install a Splunk 5.0.5 lightweight forwarder on a separate server and forward it to the central server. When I ran
openssl s_client -connect :443
with the version that is included in Splunk 6 but works fine in version 5.0.5. There seems to be an issue with this on Linux, however I experience the same issue with Windows
http://answers.splunk.com/answers/105193/cisco-ips-error-errno-8
... View more
10-16-2013
10:05 AM
Thank you for your responses. In the end I setup a separate server as a Splunk 5.0.5 lightweight forwarder. After reviewing the link Masa sent and my own results running the OpenSSL command, I am unsure as to the exact cause. Perhaps its a combination. Regardless, hopefully the developers of the application will update it soon.
... View more
10-09-2013
08:56 AM
I was starting get to that same conclusion but you are correct dwaddle. I had a co-worker who has OpenSSL 0.9.8y (Windows) run:
openssl s_client -connect
and connects no problem but when I run it using OpenSSL 1.0.1e it fails. I will contact tech support and see what they say.
... View more
10-08-2013
12:31 PM
4 Karma
I have been attempting to setup the Cisco IPS app for Splunk 6. However I am getting the following error in the sdee_get.log :
INFO - Checking for exsisting SubscriptionID on host: <IPADDRESS>
INFO - No exsisting SubscriptionID for host: <IPADDRESS>
INFO - Attempting to connect to sensor: <IPADDRESS>
INFO - Successfully connected to: <IPADDRESS>
ERROR - Connecting to sensor - <IPADDRESS>: URLError: <urlopen error [Errno 8] _ssl.c:521: EOF occurred in violation of protocol>
where is the IP address of the IPS. Does anyone have any thoughts into what the error is? Any help is greatly appreciated
... View more
07-30-2012
09:29 AM
I am trying to configure the FISMA application on a Splunk 4.3 installation using Windows. Specifically I am configuring the Audit Component on the Overview page as all three show No Results Found. When I view the FISMA_SG_audit_event index, it is shows an event count of 0. Does anyone know what audit logs this is coming from? Do I need to add something to the input.conf file or WMI.conf file? I am currently collecting the Application, Security, and System logs on the DCs via the Universal Forwarder.
Thanks
... View more
03-26-2012
11:23 AM
I was wondering if someone could validate an answer for me. I have installed the Universal Forwarder on a domain controller and collecting data. However, there is also the Manager » Data inputs » Active Directory monitoring within Splunk. Do these collect the same data? Can I assume that using the Universal Forwarder is the preferred method to collect AD data?
Thanks!
... View more
- Tags:
- activedirectory
