Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About burakcinar
burakcinar
Path Finder
Member since:
05-07-2013
10-14-2021
Community Statistics
| Posts | 25 |
| Solutions | 2 |
| Karma Given | 1 |
| Karma Received | 3 |
| Member Since | 05-07-2013 |
Activity Feed
- Karma Re: How to integrate SA-Investigator with ES for jamesbrock. 06-05-2020 12:50 AM
- Got Karma for Re: Sales contact information request. 06-05-2020 12:50 AM
- Got Karma for Re: loading a Driver for postgresql.. 06-05-2020 12:49 AM
- Got Karma for Splunk DB Connect: Error in 'dbxquery' command: Invalid message received. 06-05-2020 12:49 AM
- Posted Re: The Splunk web interface is not opening on Security. 10-31-2019 02:08 AM
- Posted Re: After Splunk forwarder upgrade to version 7.3.0 from 6.6.x - splunk forwarder is not starting ? on Deployment Architecture. 09-04-2019 11:49 PM
- Posted Re: Office 365 Security & Compliance Logs into Splunk on Getting Data In. 08-28-2019 05:52 AM
- Posted Re: Fortinet FortiGate Add-On for Splunk: How to use only the Fortigate Add-on to parse logs on All Apps and Add-ons. 07-06-2019 04:25 AM
- Posted Re: Sales contact information request on #Random. 06-14-2019 05:46 AM
- Posted Re: No matching visualization found (DB Connect) on All Apps and Add-ons. 05-26-2019 11:56 PM
- Posted Re: Why am I receiving an error in the payment section when registering for a course? on Training + Certification Discussions. 09-04-2018 02:15 AM
- Posted Re: Determining dates older than 90 days on Splunk Search. 05-17-2018 11:42 AM
- Posted Re: Nessus data does not show up in Splunk. on All Apps and Add-ons. 05-03-2018 10:25 PM
- Posted Re: Send email alerts in gz format on Alerting. 04-26-2018 03:27 AM
- Posted Re: How to add color to a specific state in cluster map visualization on All Apps and Add-ons. 04-26-2018 03:16 AM
- Posted Re: aperture problem on All Apps and Add-ons. 04-26-2018 12:04 AM
- Posted Re: Is is possible to add $ in data values of a bar or column graph? on Dashboards & Visualizations. 04-26-2018 12:00 AM
- Posted Re: Is is possible to add $ in data values of a bar or column graph? on Dashboards & Visualizations. 04-25-2018 11:46 PM
- Posted Re: splunk Licensing on Installation. 04-25-2018 10:27 PM
- Posted Re: loading a Driver for postgresql. on Deployment Architecture. 04-25-2018 01:04 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 |
10-31-2019
02:08 AM
hi,
could you share content of /opt/splunk/var/log/splunk/web_service.log ?
... View more
09-04-2019
11:49 PM
hi rakesh_498115,
could you try delete splunkd.pif file and start splunk again? its under "$SPLUNK_HOME/var/run/splunk/"
export SPLUNK_HOME="/opt/splunk"
rm $SPLUNK_HOME/var/run/splunk/splunkd.pid
$SPLUNK_HOME/bin/splunk status
$SPLUNK_HOME/bin/splunk start
another option is check splunk user has right to splunk home.
chown -R splunk:splunk /opt/splunk/
And start splunk with "splunk" user.
if problem stills exists could you share content of install_nix_forwarder.sh file ?
... View more
08-28-2019
05:52 AM
Hi ,
did you try this add-on Microsoft Graph Security API ? it has nice features for ingest all security alerts.
link;
https://splunkbase.splunk.com/app/4564/
... View more
07-06-2019
04:25 AM
hi ,
you can deploy related TA to your indexer and heavy forwarder only, you don't need to deploy APP to search head or any splunk role if you don't want their dashboard.
... View more
06-14-2019
05:46 AM
1 Karma
hi,
did you check this page ?
https://www.splunk.com/en_us/about-splunk/contact-us.html
... View more
05-26-2019
11:56 PM
i have same problem with 3.1.4
... View more
09-04-2018
02:15 AM
Hi @ceger,
make sure that you're not using any js and ad blocker on any splunk pages but its better to contact with education_amer@splunk.com .
... View more
05-17-2018
11:42 AM
hello ajdyer2000,
could you try this one ?
index=xxx
| eval testDate=strptime("Hire Date","%d-%m-%Y %H:%M:%S")
| where testDate < relative_time(now(),"-30d@d")
... View more
05-03-2018
10:25 PM
hello @aaron_oreilly,
did you check this section ?
http://docs.splunk.com/Documentation/AddOns/released/Nessus/Troubleshoot
... View more
04-26-2018
03:27 AM
I'm not sure about exact answer but there's another nice app on splunkbase, it might help you. you can export splunk data to google spreadsheet and create alert..
Google Import/Export
https://splunkbase.splunk.com/app/2630/
... View more
04-26-2018
03:16 AM
hello,
you can do it with Choropleth Map.
example ;
source=my_data_source.csv
| lookup geo_us_states longitude as Longitude, latitude as Latitude
| stats count by featureId
| geom geo_us_states
check this more information..
https://docs.splunk.com/Documentation/Splunk/7.0.3/Viz/ChoroplethFormatting
... View more
04-26-2018
12:00 AM
could you try this ?
...| fieldformat TotalAmount="$".tostring(Total Amount)
... View more
04-25-2018
11:46 PM
hello @katrinamara,
could you try with new eval ? example : .... | eval TotalAmount = "$ "+ "Total Amount"
... View more
04-25-2018
10:27 PM
if you buy additional license it makes 1250gb/day .
if you want to upgrade to 750gb it makes 1250gb/day .
You can split it by index etc, check this url for more detail. http://docs.splunk.com/Documentation/Splunk/7.0.3/Admin/Groups,stacks,pools,andotherterminology
... View more
04-25-2018
01:04 PM
1 Karma
Hello @tyrian_317
download the related postgresql driver from https://jdbc.postgresql.org/
Copy the .JAR driver file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).
and as a filnal step reload the driver under Settings>Drivers.
source :
http://docs.splunk.com/Documentation/DBX/3.1.3/DeployDBX/Installdatabasedrivers#AWS_RedShift.2C_Informix.2C_and_PostgreSQL
... View more
04-25-2018
12:39 PM
Hi @kevinjb,
you have 3 option for logging. i prefer do it with web gateway logging .
1. web gateway log . (create policy on web gateway based on your filetype actions and send related logs via syslog or splunk app.)
2. access log for file servers . (you have use another 3rd party software for fileserver audit . you can alert for create file action but you need to filter events like created via internet browsers.)
3. windows events . (you can use sysmon for endpoint log collection. check Event ID 11: FileCreate for sysmon.)
... View more
04-18-2018
11:49 PM
what's your splunk version ?
it seems there are some known issues for SSL .
http://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/Knownissues
server.conf
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf?
sample server.conf
[sslConfig]
sslVersions = *,-ssl2
sslVersionsForClient = *,-ssl2
cipherSuite = TLSv1+HIGH:TLSv1.2+HIGH:@STRENGTH
... View more
01-04-2018
06:08 AM
which OS are you using for splunk ?
... View more
01-03-2018
12:50 PM
if you cant change self-signed ssl , you need to export your certificate (including the private key) and install it to splunk server.
i assume that code42 is related with crashplan and they have documentation for ssl implementation. ( check: https://support.code42.com/Administrator/6/Configuring/Install_your_own_SSL_certificate_with_OpenSSL )
... View more
01-02-2018
01:26 PM
Im using s3 bucket with awscli tool, it's much better than other tools, you can also remove files after sync to s3 bucket automatically.
sample command usage
aws s3 sync ./folderpath s3://mySplunkBucket/
aws s3 commands ;
https://docs.aws.amazon.com/cli/latest/userguide/using-s3-commands.html
https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html
... View more
11-24-2017
09:48 AM
Hi,
Im trying implement aperture api with paloalto addon. Im using splunk Enterprise v7.
used official doc for implementation but it didnt help. tried with 2 different splunk server.
thanks.
2017-11-24 20:45:01,141 INFO pid=31594 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2017-11-24 20:45:04,110 INFO pid=31594 tid=MainThread file=setup_util.py:log_info:114 | Proxy is not enabled!
2017-11-24 20:45:04,110 DEBUG pid=31594 tid=MainThread file=base_modinput.py:log_debug:286 | Checking if Proxy is enabled
2017-11-24 20:45:04,110 DEBUG pid=31594 tid=MainThread file=base_modinput.py:log_debug:286 | False
2017-11-24 20:45:04,111 DEBUG pid=31594 tid=MainThread file=base_modinput.py:log_debug:286 | Current input type is set to:
2017-11-24 20:45:04,111 DEBUG pid=31594 tid=MainThread file=base_modinput.py:log_debug:286 | friday
2017-11-24 20:45:04,111 DEBUG pid=31594 tid=MainThread file=base_modinput.py:log_debug:286 | Start get_auth_token.
2017-11-24 20:45:04,111 DEBUG pid=31594 tid=MainThread file=retry.py:from_int:191 | Converted retries value: 3 -> Retry(total=3, connect=None, read=None, redirect=None)
2017-11-24 20:45:04,112 DEBUG pid=31594 tid=MainThread file=retry.py:from_int:191 | Converted retries value: 3 -> Retry(total=3, connect=None, read=None, redirect=None)
2017-11-24 20:45:04,117 DEBUG pid=31594 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): api.aperture.paloaltonetworks.com
2017-11-24 20:45:05,036 DEBUG pid=31594 tid=MainThread file=connectionpool.py:_make_request:400 | https://api.aperture.paloaltonetworks.com:443 "POST /oauth/token?scope=api_access&grant_type=client_credentials HTTP/1.1" 401 114
2017-11-24 20:45:05,038 ERROR pid=31594 tid=MainThread file=base_modinput.py:log_error:307 | ERROR: Invalid credentials.
2017-11-24 20:45:05,040 ERROR pid=31594 tid=MainThread file=base_modinput.py:log_error:307 | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/modinput_wrapper/base_modinput.py", line 127, in stream_events
self.collect_events(ew)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/aperture.py", line 64, in collect_events
input_module.collect_events(self, ew)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/input_module_aperture.py", line 75, in collect_events
token = get_auth_token(helper, opt_global_account, proxy_enabled)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/input_module_aperture.py", line 58, in get_auth_token
raise ValueError(r_status)
ValueError: 401
... View more
10-03-2017
11:53 PM
1 Karma
Hello,
I'm getting that error after upgrading Splunk Enterprise v7.0 .. is there anyone that can help me ? : )
Thanks
Error in 'dbxquery' command: Invalid message received from external search command during setup, see search.log.
App Version 3.1.1
App Build 34
output of dbx2.log file
2017-02-23T14:02:30+0300 [INFO] [mi_session.py], line 38 : session updated
2017-02-23T14:22:30+0300 [INFO] [mi_session.py], line 38 : session updated
2017-02-23T14:35:08+0300 [INFO] [rpcstart.py], line 262: action=post_processing_for_rpc_server_termination rpc_start_pid=16840 rpc_server_pid=16987
2017-02-23T14:35:43+0300 [INFO] [rpcstart.py], line 366: action=run_rpc_start rpc_start_pid=3371 args=['/opt/splunk/etc/apps/splunk_app_db_connect/bin/rpcstart.py', '--scheme']
2017-02-23T14:36:03+0300 [INFO] [mi_session.py], line 38 : session updated
2017-02-23T14:36:05+0300 [INFO] [rpcstart.py], line 366: action=run_rpc_start rpc_start_pid=3831 args=['/opt/splunk/etc/apps/splunk_app_db_connect/bin/rpcstart.py']
2017-02-23T14:36:05+0300 [INFO] [rpcstart.py], line 125: action=start_to_run_rpc_server rpc_start_pid=3831
2017-02-23T14:36:08+0300 [INFO] [rpcstart.py], line 198: action=starting_up_rpc_server_with_command command="[u'/usr/java/jdk1.8.0_73/bin/java', u'-XX:+UseConcMarkSweepGC', '-classpath', '/opt/splunk/etc/apps/splunk_app_db_connect/bin/lib/mysql-connector-java-5.1.38-bin.jar:/opt/splunk/etc/apps/splunk_app_db_connect/bin/lib/postgresql-9.4.1208.jar:/opt/splunk/etc/apps/splunk_app_db_connect/bin/lib/ojdbc6.jar:/opt/splunk/etc/apps/splunk_app_db_connect/bin/lib/sqljdbc42.jar:/opt/splunk/etc/apps/splunk_app_db_connect/bin/lib/rpcserver-all.jar', '-DSPLUNK_HOME=/opt/splunk', 'com.splunk.dbx2.rpc.RPCServer', u'127.0.0.1:9998']"
2017-02-23T14:36:08+0300 [INFO] [rpcstart.py], line 243: action=rpc_server_process_is_launched rpc_start_pid=3831 rpc_server_pid=3942
2017-02-23T14:40:32+0300 [INFO] [rpcstart.py], line 262: action=post_processing_for_rpc_server_termination rpc_start_pid=3831 rpc_server_pid=3942
... View more
09-04-2017
01:37 PM
hello,
you need to install splunk server first, than you can install forwarder that which machine data you want to forward.
installation docs ;
https://docs.splunk.com/Documentation/Splunk/latest/Installation/ChoosetheuserSplunkshouldrunas
check forwarder docs ;
https://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/Configuretheuniversalforwarder
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-14-2021
02:09 PM
|
