Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About ehudb
ehudb
Contributor
Member since:
09-16-2014
12-14-2022
Community Statistics
| Posts | 85 |
| Solutions | 17 |
| Karma Given | 26 |
| Karma Received | 23 |
| Member Since | 09-16-2014 |
Activity Feed
- Posted Re: trace and span in enterprise splunk on Splunk Search. 12-14-2022 07:36 AM
- Posted Re: trace and span in enterprise splunk on Splunk Search. 12-14-2022 12:05 AM
- Posted AWS S3 Input- Ingest .csv files that are not actually csv formatted- Is there a way to turn off CSV parsing ability? on Getting Data In. 11-30-2022 03:29 AM
- Tagged AWS S3 Input- Ingest .csv files that are not actually csv formatted- Is there a way to turn off CSV parsing ability? on Getting Data In. 11-30-2022 03:29 AM
- Tagged AWS S3 Input- Ingest .csv files that are not actually csv formatted- Is there a way to turn off CSV parsing ability? on Getting Data In. 11-30-2022 03:29 AM
- Posted Re: What is the best way to monitor webservice is up or down on Getting Data In. 08-14-2022 11:21 AM
- Got Karma for Re: How can I enable both Splunk server and Splunk Universal Forwarder at boot time?. 08-12-2022 03:00 AM
- Got Karma for Re: Why are Javascript files not loading after update to Splunk 6.5.0?. 03-16-2022 10:14 AM
- Got Karma for Re: I am able to extract a field with rex in a search, but why does it not appear in Interesting Fields when I save it as a field extraction?. 10-26-2020 07:20 PM
- Karma Re: Splunkweb referrer missing since 6.5.5 for niketn. 06-05-2020 12:49 AM
- Karma Re: Excel Export is not working for user role for lsw6875. 06-05-2020 12:49 AM
- Karma Re: get session key for included javascript app with logged in user for docwalter. 06-05-2020 12:48 AM
- Karma Request to port 8089 from 8000 for thibault28. 06-05-2020 12:48 AM
- Karma BUG WORKAROUND: can I reset a table to page 1 when populating search is (re)run? for gabriel_vasseur. 06-05-2020 12:48 AM
- Got Karma for Re: system uptime calculation. 06-05-2020 12:48 AM
- Got Karma for Re: Splunk DB Connect V3 - Automated / Programmatic creation of connections and inputs. 06-05-2020 12:48 AM
- Got Karma for Re: Splunk DB Connect V3 - Automated / Programmatic creation of connections and inputs. 06-05-2020 12:48 AM
- Got Karma for Re: Splunk DB Connect V3 - Automated / Programmatic creation of connections and inputs. 06-05-2020 12:48 AM
- Got Karma for Re: Splunk DB Connect V3 - Automated / Programmatic creation of connections and inputs. 06-05-2020 12:48 AM
- Got Karma for Re: Can Splunk IT Service Intelligence (ITSI) send email alerts?. 06-05-2020 12:48 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
12-14-2022
07:36 AM
There isn't currently any out of the box dashboards, but you can always create a dashboard using searches on the data.
... View more
12-14-2022
12:05 AM
Splunk OpenTelemetry Collector for Kubernetes enables to collect data from OpenTelemetry to Splunk Enterprise\Cloud HEC. https://github.com/signalfx/splunk-otel-collector-chart Splunk Cloud or Splunk Enterprise via the splunk_hec exporter.
... View more
11-30-2022
03:29 AM
We have a new Splunk Cloud environment
We are using AWS TA Add On to ingest files from S3
The files have extension of ".csv" but they are not really CSV, they are TSV (tab separated values).
The Add-On has built-in functionality to inspect CSV files and tried to convert them to json, therefore it fails to ingest them correctly.
Is there any way to turn-off the CSV parsing ability of the S3 input?
Source: https://docs.splunk.com/Documentation/AddOns/released/AWS/S3 "The Generic S3 custom data types input processes .csv files according to their suffixes"
... View more
- Tags:
- add-on for AWS
- csv
- s3
Labels
- Labels:
-
CSV
08-14-2022
11:21 AM
Maybe you want to check "Website Monitoring app" https://splunkbase.splunk.com/app/1493/
... View more
10-18-2019
06:06 AM
Adding list_settings to the role is the correct solution for Excel export tool.
Works for me as well
Thanks!
... View more
12-18-2018
04:58 AM
We are trying to use Splunk stream on a webserver with IIS, using https based site.
Web server is listening on port 8443. DiffieHelman is disabled on that IIS server.
We ran the following:
Install universal forwarder on IIS server
Install Splunk_Stream_TA on the uf
Install the private key on streamfwd
Configure from Stream UI on the search head to capture the following:
HTTP src_port 8443 OR dest_port 8443
TCP src_port 8443 OR dest_port 8443
Restart splunkfwd
As a results we do not get HTTP events, just TCP events with unreadable content.
We also see in streamfwd.log the following:
stream.SSL - SSL decryption error (cannot decrypt ephemeral session)
stream.packetProcessor - SSL record decryption error (corrupted data?) (ssl) [c=10.0.0.1:45674,s=10.0.0.2:8443]
To investiage and eliminiate networking and promiscous mode issues. we used the openssl guide to simulate the same scenario without IIS:
https://superhero.ninja/2015/07/22/create-a-simple-https-server-with-openssl-s_server/
Using openssl as a webserver on the same UF, Stream was able to successfuly decrypt the data.
We received both TCP and HTTP events.
Any idea what could be the issue?
... View more
- Tags:
- iis
- Splunk Stream
12-06-2018
06:51 AM
According to the official guide, it does support universal forwarder:
https://docs.splunk.com/Documentation/StreamApp/7.1.2/DeployStreamApp/InstallSplunkAppforStream#Manually_install_Splunk_TA_stream_on_remote_universal_forwarders
... View more
06-29-2018
08:40 AM
You can try the Angular Examples app, for demonstrations of using Angular within Splunk HTML dashboard:
https://splunkbase.splunk.com/app/4045/
... View more
05-16-2018
06:53 AM
Ok I eventually used javascript to extract that data, so that's a decent workaround.
Can you make your comment as an answer so I can mark that as correct answer?
BTW, I used your User talk on splunk wiki a lot, thanks for that!
... View more
05-14-2018
11:22 PM
@niketnitay , window.location.href shows the current url, while document.referrer shows the previous url (the one that linked to this site)
... View more
05-14-2018
07:42 AM
In Splunk 6.5.3, We've been using document.referrer to get the url when linking from Splunk dashboard to external web server.
We've been using that referrer to get the previous sid and use that within our external web app.
After upgrading to Splunk 7.0.2, we found out Splunk no longer exposure the referrer, therefor we cannot use it to get the sid after navigating to external link.
I have also installed 6.5.5 and 6.5.0 and found out the referrer feature exists on 6.50 but do not exists anymore on 6.5.5, so it must have been stopped somewhere in the middle.
Is there any way to return the referrer attribute after navigating out from Splunk dashboard?
Example of achieving the referrer attribute:
1. Open browser console
2. Write 'document.referrer'
3. Result on Splunk 6.5.0:
"https://splunksh:8000/en-GB/app/search/search"
Results on Splunk 6.5.5+:
""
... View more
- Tags:
- splunkweb
03-19-2018
01:57 AM
4 Karma
You can add new Identities with encryption in DB Connect 3.x:
Use the REST endpoint:
https://splunkserver:8089/servicesNS/nobody/splunk_app_db_connect/db_connect/dbxproxy/identities
Example:
curl -k -X POST -u admin:password https://splunkserver:8089/servicesNS/nobody/splunk_app_db_connect/db_connect/dbxproxy/identities -d "{\"name\":\"myuser\",\"username\":\"myuser\",\"password\":\"mypassword\"}"
... View more
03-07-2018
01:25 AM
The fix is to add to collections.conf under [agents]
[agents]
replicate = true
The reason is coming from this requirement for KV-Store automatic lookups:
You can make all lookup types automatic. However, KV Store lookups have an additional setup step that you must complete before you configure them as automatic lookups in props.conf. See Enable replication for a KV Store collection.
http://docs.splunk.com/Documentation/Splunk/7.0.2/Knowledge/Makeyourlookupautomatic#The_automatic_lookup_format_in_props.conf
I would notify the app creator, but couldn't find a way to contact him.
... View more
03-07-2018
01:20 AM
The TA ships with automatic lookup on sourcetype 'threat'.
This automatic lookup is based on KV_Store lookup.
After installing the TA, we get on every search the following warning from indexers:
"The lookup table 'agents_list' does not exist. It is referenced by configuration 'threat'"
... View more
10-18-2017
04:36 AM
Hi
I can easily find all groups that the user is member of in LDAP.
But lets say he has hundreds of them, and multiple groups can participate in the mapping process,
How can I tell which of them used in the mapping process?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-14-2022
11:56 AM
|
Karma from
Karma given to
