Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About dauren_akilbeko
dauren_akilbeko
Communicator
Member since:
10-25-2017
04-19-2022
Community Statistics
| Posts | 47 |
| Solutions | 8 |
| Karma Given | 442 |
| Karma Received | 21 |
| Member Since | 25-10-2017 |
Activity Feed
- Posted Re: How to run/optimize long ad-hoc searches with lookup on Splunk Search. 07-08-2021 06:08 AM
- Posted How to run/optimize long ad-hoc searches with lookup on Splunk Search. 07-08-2021 01:03 AM
- Karma Re: Subtotal percentage with stats for ITWhisperer. 06-17-2021 04:01 AM
- Karma Re: Subtotal percentage with stats for ITWhisperer. 06-17-2021 04:01 AM
- Posted Re: Subtotal percentage with stats on Splunk Search. 06-17-2021 02:22 AM
- Karma Re: splunk entreprise for scelikok. 06-16-2021 03:08 AM
- Posted Subtotal percentage with stats on Splunk Search. 06-16-2021 03:06 AM
- Got Karma for Re: splunk entreprise. 03-18-2021 05:34 AM
- Posted Re: splunk entreprise on Training + Certification. 03-18-2021 02:35 AM
- Karma Re: splunk entreprise for richgalloway. 03-18-2021 02:35 AM
- Posted Re: Exclude words from subject on Getting Data In. 11-05-2020 04:50 AM
- Karma Why is the Windows TA broken out of the box? for merch_sf. 06-16-2020 02:46 AM
- Karma Re: Group by repeating value at value change for kamlesh_vaghela. 06-16-2020 02:45 AM
- Posted Account improvements on Feedback. 06-11-2020 01:17 AM
- Got Karma for Re: Update Universal Forwarder. 06-10-2020 12:46 PM
- Got Karma for Re: Update Universal Forwarder. 06-10-2020 11:57 AM
- Posted Re: Update Universal Forwarder on Deployment Architecture. 06-10-2020 09:02 AM
- Karma Update Universal Forwarder for edgarsilva01. 06-10-2020 08:57 AM
- Karma Re: Why does adding head (1==1) fix this strange lookup error? for manjunathmeti. 06-05-2020 12:51 AM
- Karma How to calculate percentage increase/decrease for indexes per day? for jwalzerpitt. 06-05-2020 12:51 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-08-2021
06:08 AM
It times out or DAG errors.
... View more
07-08-2021
01:03 AM
I'm trying to see if there are hits with Kaseya related domains in my Web datamodel. As I understand we need to use wildcard lookup or trim Web.url to match domains in the lookup Splunk-REvil-Kaseya-IOCs/domains.csv at main · davisshannon/Splunk-REvil-Kaseya-IOCs (github.com). What I've tried so far: | tstats summariesonly=true latest("_time") values("Web.src") values("Web.dest") from datamodel="Web"."Web" by "Web.url" "Web.user"
| eval list="*"
| `ut_parse(Web.url, list)`
| lookup kaseya_domains domain AS ut_domain OUTPUT domain
| where isnotnull('domain') It works, but not for a longer period of times (7 days or more). What are my options?
... View more
06-17-2021
02:22 AM
Thank you, so simple! 🙄 Changed list to values though, as it hit the limit.
... View more
06-16-2021
03:06 AM
I'm working with Windows events, and want to make following report/search: process1 Total XX XX% command_line1 XX% command_line2 XX% … process4 Total XX XX% command_line1 XX% command_line2 XX% What I come up with: `index_windows` EventCode=4688
| fields Process_Command_Line, New_Process_Name
| stats count(Process_Command_Line) as totalCount by New_Process_Name, Process_Command_Line
| eventstats sum(totalCount) as _total
| eventstats sum(totalCount) as _totalPerProcess by New_Process_Name
| eval percentageTotal=round((totalCount/_total)*100,2)
| eval precentagePerProcess=round((totalCount/_totalPerProcess)*100,2)
| sort - totalCount The only thing is that I can't figure out how to merge fields by New_Process_Name
... View more
03-18-2021
02:35 AM
1 Karma
I would recommend first pass Splunk Fundamentals 1, which is free. Then check Splunk Lantern and Splunk Developer Program.
... View more
11-05-2020
04:50 AM
You probably meant to filter by event content, if so check here https://docs.splunk.com/Documentation/Splunk/8.1.0/Forwarding/Routeandfilterdatad#Filter_event_data_and_send_to_queues and here https://community.splunk.com/t5/Getting-Data-In/How-do-i-exclude-some-events-from-being-indexed-by-Splunk/m-p/9213
... View more
06-11-2020
01:17 AM
1. After the update my username got truncated, so instead of dauren_akilbekov, I now have dauren_akilbeko. It would be nice to have an option to change my username. 2. Every time I return to the site I'm logged out, please add option "Remember me".
... View more
06-10-2020
09:02 AM
2 Karma
I would recommend using some kind of configuration management system to do this on scale. If you those are Linux (should work on Windows too) I think Ansible is a good solution for this task. https://underdefense.com/effortless-splunk-universal-forwarders-update-with-ansible/
... View more
03-13-2020
12:16 AM
What you could do is enable Heavy Forwarder on the customer indexer and then use selective indexing/forwarding to forward and store needed indexes. Don't forget to backup config.
... View more
10-21-2019
01:33 AM
Use whitelist/blacklist functionality in inputs.
Docs - https://docs.splunk.com/Documentation/Splunk/7.3.2/Data/Whitelistorblacklistspecificincomingdata
Similar question - https://answers.splunk.com/answers/152131/filter-windows-eventcode-using-blacklist-and-whitelist.html
You can also clean up events - https://docs.splunk.com/Documentation/WindowsAddOn/6.0.0/User/Configuration#Configure_event_cleanup_best_practices_in_props.conf
... View more
04-24-2019
12:52 AM
Thanks for the follow up.
By the way, do you add domain name to the login in the add-on?
... View more
04-16-2019
11:05 PM
Any updates on this?
... View more
11-26-2018
03:34 AM
Did you check permissions on th script file?
Also can you run some other arbitrary script (Echo something), to see if it also fails.
... View more
11-25-2018
06:01 PM
Is there a way to launch such script
using Splunk command like it can be
done for Python using "splunk cmd
python script.py" ?
splunk cmd script.sh
... View more
11-23-2018
07:44 PM
Did you add winfra-admin role to your user?
... View more
11-22-2018
10:10 PM
Can you share your Universal Forwarder local\inputs.conf.
... View more
11-22-2018
10:02 PM
Does the name of MIB in the directory match the name of MIB in the modular input? Also this might be a problem with the converted MIB.
... View more
11-21-2018
02:06 AM
You could blacklist them.
... View more
11-19-2018
02:28 AM
You can use this extension AMQP Messaging, follow instruction in the description.
... View more
11-19-2018
12:17 AM
Good luck with exams!
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-19-2022
05:15 AM
|
Karma given to
