Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About risgupta
risgupta
Path Finder
Member since:
12-18-2017
03-01-2024
Community Statistics
| Posts | 23 |
| Solutions | 2 |
| Karma Given | 4 |
| Karma Received | 8 |
| Member Since | 12-18-2017 |
Activity Feed
- Got Karma for Re: Is it possible to forward events from search head (not installing addon on indexers)?. 06-05-2020 12:49 AM
- Got Karma for Re: A threat intelligence download has failed...status="threat list download failed after multiple retries". How can I resolve this?. 06-05-2020 12:49 AM
- Got Karma for Re: A threat intelligence download has failed...status="threat list download failed after multiple retries". How can I resolve this?. 06-05-2020 12:49 AM
- Got Karma for Re: A threat intelligence download has failed...status="threat list download failed after multiple retries". How can I resolve this?. 06-05-2020 12:49 AM
- Got Karma for Re: How to delete 'DONE' jobs in a Search Head Cluster. 06-05-2020 12:49 AM
- Got Karma for Re: How to install and configure Amazon GuardDuty Add-on for Splunk. 06-05-2020 12:49 AM
- Got Karma for Re: How to install and configure Amazon GuardDuty Add-on for Splunk. 06-05-2020 12:49 AM
- Got Karma for Re: How to create a new index in an index cluster?. 06-05-2020 12:49 AM
- Karma Re: Setting up a SH-Cluster with deployer and DMC for ddrillic. 06-05-2020 12:48 AM
- Karma Re: Search Head Cluster - default.old directories for risgupta_splunk. 06-05-2020 12:47 AM
- Karma Re: Delete existing Splunk Light events/logs from web-interface for acharlieh. 06-05-2020 12:47 AM
- Karma Re: Is the directory for the splunkd.pid configurable for yannK. 06-05-2020 12:46 AM
- Posted Re: How to pull data from Sharepoint to Splunk? on Getting Data In. 07-23-2019 06:30 PM
- Posted Re: How do I send AWS GuardDuty Logs to Splunk? on Splunk Enterprise Security. 06-14-2019 12:41 AM
- Posted Re: How to install and configure Amazon GuardDuty Add-on for Splunk on All Apps and Add-ons. 05-25-2019 12:40 AM
- Posted Re: How to create a new index in an index cluster? on Deployment Architecture. 05-21-2019 03:23 AM
- Posted Re: REST API Modular Input: Why does a Splunk restart trigger rest_ta call, regardless of the polling interval setting? on All Apps and Add-ons. 04-18-2018 11:46 AM
- Posted Re: Breaking up syslog sourcetype on Splunk Dev. 01-07-2018 12:22 AM
- Posted Re: SA-ldapsearch for Windows App - Need to turn off SSL on All Apps and Add-ons. 01-04-2018 02:11 AM
- Posted Re: SPLUNK Search if word form file appears in logs on Splunk Search. 01-04-2018 02:09 AM
Topics I've Started
No posts to display.
07-23-2019
06:30 PM
Yes, please. What are the details to make this done. I would really appreciate if you could share some more details on the same.
... View more
06-14-2019
12:41 AM
Follow the steps mentioned in this blog for getting Guardduty logs to Splunk :
https://www.crestdatasys.com/blogs/how-to-onboard-aws-guardduty-data-into-splunk/
... View more
05-25-2019
12:40 AM
2 Karma
Use my recent blog to see the integration step by step.
https://www.crestdatasys.com/blogs/how-to-onboard-aws-guardduty-data-into-splunk/
... View more
05-21-2019
03:23 AM
1 Karma
No it is not required to push the indexes config to search heads
... View more
04-18-2018
11:46 AM
./splunk _internal call /services/apps/local/your_application_name/_reload -auth admin:$ADMINPWD
use above setting and let me know how it goes.
... View more
01-07-2018
12:22 AM
Could you please check your inputs.conf, where you have mentioned your TCP/UDP method to collect data. Make sure you have defined
sourcetype = nokia
for your monitored data.
... View more
01-04-2018
02:11 AM
have you added any thing for the ssl.conf file for the SA-Ldapsearch add-on?
... View more
01-04-2018
02:09 AM
Hi ,
Let's say it is "abc.csv" file for your data. Then you can upload your file to a lookups, after navigating it to
Settings--> Lookups--> Add new
then browse your file and add to splunk and name it like "abc.csv" once it is done, then you can go to splunk search and type like:
|inputlookup abc.csv |search "Your keyword in your file"
Let me know how it goes.
... View more
01-03-2018
09:55 PM
Always welcome !!
... View more
01-03-2018
10:13 AM
Try
state\s:\s(?P[A-Z_-]+)|[^|]+|$
and also you can use
https://regex101.com
This is very good site to learn and test your regex.
... View more
01-03-2018
10:12 AM
You can use
https://regex101.com
This is very good site to learn and test your regex.
... View more
01-03-2018
06:41 AM
I think this answer can help your query
https://answers.splunk.com/answers/478795/how-to-append-columns-based-on-searches-and-row-va.html
Please check the same.
... View more
01-03-2018
05:11 AM
you can try
| addtotals col=t row=f
Let me know if that helps you.
... View more
01-02-2018
11:52 PM
Could you please help with Splunkd.log files for the Zimbra mail server where splunk is installed.
... View more
01-02-2018
11:50 PM
https://answers.splunk.com/answers/606997/a-threat-intelligence-download-has-failedstatusthr-1.html?childToView=608146#answer-608146
... View more
01-02-2018
11:45 PM
3 Karma
This is a known issue for the version 4.7.0 of ES app. The issue is now fixed in 4.7.2 and higher
As a workaround, you can edit :
/opt/splunk/etc/apps/DA-ESS-ThreatIntelligence/bin/configuration_checks/confcheck_failed_threat_download.py as below
Change:
job = splunk.search.dispatch(search_string, sessionKey=session_key, earliest=earliest)
To:
job = splunk.search.dispatch(search_string, sessionKey=session_key, earliest_time=earliest)
The difference on that last line is the earliest_time= setting....once I did that the warnings went away.
Let me know how it goes.
... View more
01-02-2018
10:59 PM
So for that, there is a specific command which is
./splunk clean dispatch
which will clean the jobs for you and there you can apply a cron schedule to run this command to run after evey 10 to 15 minutes (what ever is best for you).
Along with that you can set the dispatch.ttl limit for the limits.conf
For more details you can check this
https://www.splunk.com/blog/2012/09/12/how-long-does-my-search-live-default-search-ttl.html
Let me know how it goes.
... View more
01-02-2018
10:50 PM
Try to check if the PID file is existing for the splunk at the location $SPLUNK_HOME/var/run/splunk/.
if there it is, then you can remove that file and then you can delete the entire splunk. If this still does not help you, then you might need to remove the registry settings for the splunk from HKEY_LOCAL for the windows machine.
Let me know how it goes.
... View more
01-02-2018
10:43 PM
You can use chart to do the same as timechart:
... | eval Time = strftime(_time, "%m/%d %H:%M") | chart count as Total by Time
... View more
01-02-2018
10:43 AM
1 Karma
Yes you can. What you need to do is to use
indexAndForward=true in the outputs.conf for your searchhead.
... View more
01-02-2018
08:22 AM
It is not yet confirmed, however it is not yet updated for Splunk 7.0
... View more
01-02-2018
05:41 AM
1 Karma
You might need to check the dispatch jobs for your Splunk servers. You can manually remove that to clean the disk space.
... View more
12-26-2017
12:18 AM
/code
| makeresults
| eval prevWeekDate=strftime((now(),"-7d"),"%Y/%m/%d")
| table prevWeekDate
1
$result.prevWeekDate$
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-01-2024
09:18 AM
|
Karma from
