×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ronerf
Explorer
Member since: ‎12-07-2017
‎06-05-2020
Community Statistics
Posts 8
Solutions 0
Karma Given 6
Karma Received 1
Member Since ‎12-07-2017
Activity Feed
View All

Re: Is there step by step documentation for config...

by in Security
‎09-11-2018 12:38 PM
1 Karma
‎09-11-2018 12:38 PM
1 Karma
Do not use the unofficial Splunk app you'll find on Okta. It does not work. Just make a new plain SAML app ourself as shown in the links above. ... View more

After turning on Okta SAML authentication, saved s...

by in Reporting
‎09-10-2018 03:49 PM
‎09-10-2018 03:49 PM
Since i moved authentication from LDAP to SAML, $SPLUNK_HOME/etc/users has a bunch of new username@our.domain directories (the old username directories are still there). What's the best way (migrating the contents of username to username@our.domain ? or changing a setting so username settings go back to how they were? something else?) to fix this? ... View more

Re: How to mask SSN into our logs going into Splun...

by in Getting Data In
‎07-16-2018 09:23 AM
‎07-16-2018 09:23 AM
Thanks, everyone. ... View more

Re: How to mask SSN into our logs going into Splun...

by in Getting Data In
‎07-12-2018 12:05 PM
‎07-12-2018 12:05 PM
The code that generates the logs has been corrected to filter the SSNs, so the goal is to mask the logs that have already been indexed in splunk. ... View more

Re: How to mask SSN into our logs going into Splun...

by in Getting Data In
‎07-12-2018 12:04 PM
‎07-12-2018 12:04 PM
This is the relevant part of the JSON blob: {"params":{"{\"applicants\":{\"primary\":{\"social_security_number\":\"SSNNUMBER\"}}}":"[FILTERED]"}} SSNNUMBER is a 9-digit number. ... View more

How to mask SSN into our logs going into Splunk?

by in Getting Data In
‎07-11-2018 06:22 PM
‎07-11-2018 06:22 PM
Our code leaked SSNs into our logs and they went into Splunk, so i'm trying to mask it. I tried it two ways (BTW, the regex works when i use it with | regex _raw= 😞 In etc/system/local/props.conf : [source::/var/www/app/shared/log/production.log] SEDCMD-ssn = s/(social_security_number..:..)\d{9}/\1[FILTERED]/g In etc/system/local/props.conf : [source::/var/www/app/shared/log/production.log] TRANSFORMS-ssn = ssn_mask and etc/system/local/transforms.conf : [ssn_mask] DEST_KEY = _raw REGEX = (social_security_number..:..)\d{9} FORMAT = $1[FILTERED] Neither works. What am I missing? This is on 6.5.0. ... View more

Re: need a credentials file instead of --auth user...

by in Security
‎12-07-2017 02:36 PM
‎12-07-2017 02:36 PM
Thanks; your solutions involve leveraging the shell, which has its own problems. I was hoping for a switch in the splunk command itself. ... View more

need a credentials file instead of --auth user:pas...

by in Security
‎12-07-2017 01:02 PM
‎12-07-2017 01:02 PM
I want to script this for backups: splunk _internal call /data/indexes/main/roll-hot-buckets --auth 'username:password' Is there a way to call an external credentials file from the splunk command so the password isn't on the command line? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All
Karma given to