cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
cygnetix
Path Finder
Member since: ‎06-11-2015
‎06-05-2020
Community Statistics
Posts 12
Solutions 0
Karma Given 4
Karma Received 7
Member Since ‎06-11-2015
Activity Feed
View All

Re: Routing events to null queue active directory ...

by in All Apps and Add-ons
‎06-29-2017 05:53 PM
‎06-29-2017 05:53 PM
Hey splunkranger, Try something like this in your props and transforms config files. props.conf: TRANSFORMS-null-dns1= company_com transforms.conf: [company_com] REGEX = (?i:company\.com\.$) DEST_KEY = queue FORMAT = nullQueue ... View more

Re: Using inputlookup with external_cmd

by in Splunk Dev
‎03-07-2017 06:13 PM
‎03-07-2017 06:13 PM
I've send a comment on the documentation page for inputlookup to query whether the statement that inputlookup will work with scripted lookups is correct or not. I suspect it is incorrect. ... View more

Re: Using inputlookup with external_cmd

by in Splunk Dev
‎03-07-2017 05:05 PM
‎03-07-2017 05:05 PM
I converted my script to work as a search command not long after posting the question. I agree that it looks like a search command or modular input are the way to go, but I believe that Splunk should update their documentation for inputlookup if it's not possible to use scripted lookups with this command (as the documentation currently states). ... View more

Re: Using inputlookup with external_cmd

by in Splunk Dev
‎03-07-2017 04:26 PM
‎03-07-2017 04:26 PM
Search logs show: 03-08-2017 10:20:03.398 WARN SearchOperator:inputcsv - sid:1488932400.14 The lookup table 'testlookup' is invalid. So it looks like, possibly, it's trying to load my scripted lookup using inputcsv? ... View more

Using inputlookup with external_cmd

by in Splunk Dev
‎03-07-2017 03:45 PM
1 Karma
‎03-07-2017 03:45 PM
1 Karma
Hi all, Is it possible to use inputlookup to pull a list of information from a scripted lookup? The documentation for inputlookup seems to suggest this is possible: The lookup table can be configured for any lookup type (CSV, external, or KV store)._ But the documentation for transforms.conf where the scripted input is defined states Your external lookup script must take in a partially empty CSV file and output a filled-in CSV file Which implies that it can't be used with a generating command like inputlookup. I'm trying to pull in a CSV from a threat intel feed but in a way that would allow me to do so using a scheduled search rather than a scripted input or modular input. Any thoughts on how best to do this if using a scripted input with inputlook isn't possible? ... View more

Can the Splunk App for Stream log the ciphers nego...

by in All Apps and Add-ons
‎06-11-2015 03:27 PM
‎06-11-2015 03:27 PM
Anyone know if Splunk Stream can log the ciphers negotiated during a TLS handshake? I'm thinking about using it to detect when a LogJam (CVE-2015-4000) attack has occurred. I can't see anything relevant listed for SSL/ TLS in the doco, but I figure it doesn't hurt to ask: http://docs.splunk.com/Documentation/StreamApp/6.2.2/DeployStreamApp/Whattypeofdatadoesthisappcollect ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All
Karma given to
View All