Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About jerrythoms
jerrythoms
Explorer
Member since:
12-19-2017
01-22-2024
Community Statistics
| Posts | 19 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 12-19-2017 |
Activity Feed
- Karma Re: Complete rebuild of Splunk question for richgalloway. 12-01-2022 07:25 AM
- Posted Re: Complete rebuild of Splunk question on Installation. 12-01-2022 07:24 AM
- Posted Complete rebuild of Splunk question on Installation. 11-30-2022 12:39 PM
- Got Karma for Check Point ingest not CIM Compatiable. 06-23-2021 11:53 AM
- Posted Enterprise Security and Search Driven Lookup on Splunk Enterprise Security. 07-10-2020 10:55 AM
- Tagged Enterprise Security and Search Driven Lookup on Splunk Enterprise Security. 07-10-2020 10:55 AM
- Posted Re: Check Point ingest not CIM Compatiable on All Apps and Add-ons. 07-10-2020 10:46 AM
- Tagged Re: Check Point ingest not CIM Compatiable on All Apps and Add-ons. 07-10-2020 10:46 AM
- Posted Re: Check Point ingest not CIM Compatiable on All Apps and Add-ons. 07-03-2020 11:56 AM
- Posted Check Point ingest not CIM Compatiable on All Apps and Add-ons. 07-03-2020 10:46 AM
- Posted Search head looks at cluster and separate index on Getting Data In. 10-08-2019 11:06 AM
- Tagged Search head looks at cluster and separate index on Getting Data In. 10-08-2019 11:06 AM
- Tagged Search head looks at cluster and separate index on Getting Data In. 10-08-2019 11:06 AM
- Tagged Search head looks at cluster and separate index on Getting Data In. 10-08-2019 11:06 AM
- Tagged Search head looks at cluster and separate index on Getting Data In. 10-08-2019 11:06 AM
- Posted Re: field location in log effect search completion time on Splunk Search. 09-19-2019 07:53 AM
- Posted field location in log effect search completion time on Splunk Search. 09-19-2019 06:16 AM
- Tagged field location in log effect search completion time on Splunk Search. 09-19-2019 06:16 AM
- Tagged field location in log effect search completion time on Splunk Search. 09-19-2019 06:16 AM
- Tagged field location in log effect search completion time on Splunk Search. 09-19-2019 06:16 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
12-01-2022
07:24 AM
Thanks so muck. I intend to have the older version turn off before i turn the new one on
... View more
11-30-2022
12:39 PM
We have a perpetual license and are currently running an on prem set up of version 7 (windows) on several servers. We want to create a new splunk environment in our private cloud. Can i download the free trial and then copy my license to that ? Would it be an issue with that being 9 Can i just copy the license file from our License master in our current environment and move it over?
... View more
07-10-2020
10:55 AM
Having an issue with Enterprise Security and Search Driven Lookup. I've created one with manual settings, and enabled it in search, and it is reporting as running. But it does not see to create a lookup. When you use the manual setting, do you have to include the outputlookup command? I was thinking that you did not because you define your lookup name before you get to inputting your search.
... View more
- Tags:
- lookup
Labels
- Labels:
-
using Enterprise Security
07-10-2020
10:46 AM
Thanks for the info, but the developer is not responding to emails
... View more
- Tags:
- thanks
07-03-2020
11:56 AM
check point app for splunk https://splunkbase.splunk.com/app/4293/
... View more
07-03-2020
10:46 AM
1 Karma
I'm ingesting logs from the log exporter and bring them into a test environment which is a fresh install with the checkpoint app installed. The data is not CIM compatiable. For example the action values are different. The log exporter target was set to splunk and semi_unified
... View more
Labels
- Labels:
-
configuration
-
other
-
troubleshooting
10-08-2019
11:06 AM
In the middle of creating a new environment with an index cluster. On our current setup we have just one indexer. Is it possible to configure the new search head to search both the old indexer and new cluster when a search is preformed? without changing any settings on the old indexer as it is still in use.
... View more
09-19-2019
07:53 AM
just noticed a big difference it took to search for an dst ip verses a source ip. Basic query
index=firewall dst="xxx.xxx.xxx.xxx"
vs
index=firewall src="xxx.xxx.xxx.xxx"
It takes a lot longer for the search to complete for the src . I noticed that src was at the end of the log. I was wondering if that is the reason
... View more
09-19-2019
06:16 AM
Noticing a big difference in time it takes to do a search on 2 different fields in a log. Is this just due to the slower one being at the end of the log? Its a firewall log (CIM)
... View more
08-16-2018
09:18 AM
New to DBX Connect and having an issue with rising column. Current the sql retrieves one log with a column called a_date, its value is 2018-05-10 08:53:42.0
I have tried
SELECT * FROM your_table
WHERE a_date > ?
ORDER BY a_date ASC
with a checkpoint value of 5/11/2018 08:54:42.000
But I keep ingesting the log
... View more
04-20-2018
06:39 AM
Thanks. It exactly what i need.
... View more
04-20-2018
05:22 AM
Still not able to get it work, i've added some examples of the logs above.
I would like to create a report that listed all the cves for a hostname with the user
... View more
04-19-2018
08:22 AM
all logs have the field ip in them so for example
Example asset logs:
ip=1.1.1.1 hostname=comp1 user=me vulnerbilites=2 risk=1 other=a
ip=1.1.1.1 hostname=comp1 user=me vulnerbilites=2 risk=2 other=bit
Example vuln logs:
ip=1.1.1.1 cve="cve-2000-9999" category=service
ip=1.1.1.1 cve="cve-2018-1111" category=smb
ip=1.1.1.1 category=netbios
... View more
04-19-2018
06:50 AM
I have two types of logs in an index. Both can have multiple entries for a ip address.
What i need to do is find all the host names and users in one set of logs and get the get the cve(s)for each host from the other logs and list them out.
I know i'm most likely going about this the wrong way, this was my latest attempt by trying to combind the cves into one field
index=a sourcetype-=asset vulnerbilities > 0 | dedup ip | eval Vcve = [search sourcetype=vuln ip | stats list(cve) as cve delim="," | nomv cve] | table ip, host, user, Vcve
... View more
03-26-2018
06:23 AM
Thanks, I did as you said and its working. Cheers
... View more
03-26-2018
04:29 AM
I have a simple dashboard that a user can enter an email address and get results of a search. I was wondering if there is a way each day to report who used the dashboard and what address they searched.
... View more
12-20-2017
04:46 AM
Thanks for your comments. Yes I want to do this in the SQL query that is in the DBX input. I just can't seem to get it to work.
... View more
12-20-2017
04:32 AM
Due to an upgrade the data that is already in the index has the field and all the dashboards use the field. Just thinking it would be easier to do this rather than change all the dashboards. Thanks for your comments.
... View more
12-19-2017
12:03 PM
New to Splunk and dbx connect 3.1. I have it mostly working , just one issue. I have a field, lets call it Name, if its value is Null, I want to have a new field called Name_status given the value "no name" and if it has a value I want to change it to "Has name". I want this to be done as the data is being ingested
been trying the case command and the nonull command but I get parameter #1 has not been set every time . Stuff I have tried
CASE WHEN len(Name)>0 then 'Has Name" as Name_status
CASE WHEN Name is not null then Name_status="Has Name"
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-22-2024
09:27 AM
|
