Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About prithvi08
prithvi08
Engager
Member since:
12-04-2017
06-05-2020
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 12-04-2017 |
Activity Feed
- Karma Re: IP Reputation app directory structure error. for mayurr98. 06-05-2020 12:49 AM
- Posted Re: iplocation/geostats to show events from statistics tab. on Splunk Search. 01-17-2018 12:52 PM
- Posted Re: iplocation/geostats to show events from statistics tab. on Splunk Search. 01-16-2018 07:48 PM
- Posted iplocation/geostats to show events from statistics tab. on Splunk Search. 01-16-2018 01:59 PM
- Tagged iplocation/geostats to show events from statistics tab. on Splunk Search. 01-16-2018 01:59 PM
- Tagged iplocation/geostats to show events from statistics tab. on Splunk Search. 01-16-2018 01:59 PM
- Posted Re: IP Reputation threatscore not working. on Installation. 01-11-2018 12:38 PM
- Posted Re: IP Reputation threatscore not working. on Installation. 01-10-2018 02:56 PM
- Posted Re: IP Reputation app directory structure error. on All Apps and Add-ons. 01-10-2018 12:53 PM
- Posted IP Reputation threatscore not working. on Installation. 01-10-2018 12:52 PM
- Tagged IP Reputation threatscore not working. on Installation. 01-10-2018 12:52 PM
- Tagged IP Reputation threatscore not working. on Installation. 01-10-2018 12:52 PM
- Tagged IP Reputation threatscore not working. on Installation. 01-10-2018 12:52 PM
- Posted IP Reputation app directory structure error. on All Apps and Add-ons. 01-09-2018 02:44 PM
- Tagged IP Reputation app directory structure error. on All Apps and Add-ons. 01-09-2018 02:44 PM
- Tagged IP Reputation app directory structure error. on All Apps and Add-ons. 01-09-2018 02:44 PM
- Tagged IP Reputation app directory structure error. on All Apps and Add-ons. 01-09-2018 02:44 PM
- Posted Re: Add-on for Microsoft Forefront Threat Management Gateway: TMG logs not parsed based on tmg sourcetype on All Apps and Add-ons. 12-04-2017 10:05 PM
- Posted Add-on for Microsoft Forefront Threat Management Gateway: TMG logs not parsed based on tmg sourcetype on All Apps and Add-ons. 12-04-2017 07:45 PM
- Tagged Add-on for Microsoft Forefront Threat Management Gateway: TMG logs not parsed based on tmg sourcetype on All Apps and Add-ons. 12-04-2017 07:45 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-17-2018
12:52 PM
Hey..the page gets stuck loading. It doesn't seems be working.i can only see the title and its frozen at loading .
... View more
01-16-2018
07:48 PM
The above search woudnt result in a table and do mean to say selecting country from dropdown list ? how do i do that ? would it eventually let me see the events related to it ?
... View more
01-16-2018
01:59 PM
Hi, I'm trying to view event related to a specific country or city based on the source ip,so i ran the following query.
index=firewalls | iplocation allfields=true src_ip | stats count by Country City
which works fine by giving me a table like:
Country | City | count
Albania | Durres | 5
Argentina | Abel | 7
.
.
.
when i click any of the city or country to view the events related to that specific region, the search extends like
index=firewalls Country=Albania | iplocation allfields=true src_ip |
which return zero results because the filed Country comes before iplocation command. i know i can search it manually by entering it at the end of the search query like.
index=firewalls | iplocation allfields=true src_ip |search Country=Albania
but im running the query on a dsashboard which returns the count for each country ,city and i want to view the event directly by clicking the respective country from the dashboard. How can i do that ? Pls advice
... View more
- Tags:
- geostats
- iplocation
01-11-2018
12:38 PM
Hi
Thank you of the link,since the post was from 4 years ago,i believe the app works different now. It works on tag=network. i use it only on data that is required, i get the threatscore field, but the scores are displayed as zero. i know atleast some ip should have a score > 0. because i checked the same directly on the website which had given me a score more than 0.
... View more
01-10-2018
02:56 PM
The reason i tried to manually search is because i dint get any results in application dashboard, even after applying filters. its basically a manual search that's running behind the visualisation,so it should have worked in manual search as well. the search query in the question was indeed taken from the application's dashboard.Thanks though. but it dint answer my question.
... View more
01-10-2018
12:53 PM
Thank you,seems to have installed fine.
... View more
01-10-2018
12:52 PM
Hi,
I have installed application correctly. but i still don't get the threatscore displayed. I have added the key to file scorelookup.py at /ipreputation/bin/scorelookup.py and restarted splunk. still not working.
sample query tried: index="test" dest_port=80 | stats count by src_ip dst_ip | lookup threatscore clientip AS dst_ip | sort -threatscore
i have even tried with the sample IPs given in scorelookup.py (14.139.155.194) for which i should be getting a score of 35. but its displayed as 0. Pls advice
... View more
01-09-2018
02:44 PM
I recently tried to install the ip reputation application to spunk enterprise. i had downloaded the .tgz file from splunkbase and tried to install by uploading to the file. i received the following error.
"There was an error processing the upload.Invalid app contents: archive contains more than one immediate subdirectory: and ipreputation"
so i extracted the file and checked that there was a another folder called PaxHeader as well as a file ._ipreputation under the ipreputation main directory. when i moved this file and folder into the ipreputation folder,the app seemed to be installed. But the threatscore was not displayed eventhough i had entered the key in the .py file. Please advise. I had re downloaded and checked for the MD5 checksum, it seems to be alright. but the app directory structure seems to have an error.
... View more
12-04-2017
10:05 PM
Thanks a lot .. I guess i might have overlooked that part.
... View more
12-04-2017
07:45 PM
I have installed universal forwarder on TMG server to monitor tmg specific log files. Added the following to inputs.conf under /etc/system/local
[monitor://C:\ISALOG*]
disabled = false
sourcetype = microsoft:forefront:tmg:proxy
index = tmg
I have installed the TMG add on for splunk and have the sourcetypes to parse the data. The forwarded data from universal forwarder are parsed based on default sourcetype. most of the fields are not parsed. i understand universal forwarder are capable of only forwarding the data. In splunk server, how do i set the receiving log files to be parsed based on a specific source-type.? i have many other logs coming in through the same port from different universal forwarders.
... View more
