Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About auradk
auradk
Explorer
Member since:
10-22-2012
06-14-2021
Community Statistics
| Posts | 11 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 1 |
| Member Since | 10-22-2012 |
Activity Feed
- Posted Re: Cisco eStreamer latest version installed but the Set-up Action is not displayed. on All Apps and Add-ons. 06-14-2021 02:52 AM
- Karma Splunk App for Jenkins: Does Splunk App for Jenkins work with Splunk 7.x? for rickferrante. 06-05-2020 12:49 AM
- Karma Indexes are not available to select from "Available search indexes" during role creation since upgrade to 7.0.0 for fboeje. 06-05-2020 12:49 AM
- Karma How to configure DMC for heavy forwarder monitoring? for koshyk. 06-05-2020 12:48 AM
- Got Karma for populate posix_identities from several hosts. 06-05-2020 12:48 AM
- Posted Re: Dashboard is blank in v 2.0.0 on Splunk Enterprise V7.3 on All Apps and Add-ons. 09-20-2019 01:10 AM
- Posted Re: Field data from fieldname in variable on Splunk Search. 04-17-2018 02:56 PM
- Posted Field data from fieldname in variable on Splunk Search. 04-17-2018 10:03 AM
- Tagged Field data from fieldname in variable on Splunk Search. 04-17-2018 10:03 AM
- Tagged Field data from fieldname in variable on Splunk Search. 04-17-2018 10:03 AM
- Tagged Field data from fieldname in variable on Splunk Search. 04-17-2018 10:03 AM
- Posted Re: Indexes are not available to select from "Available search indexes" during role creation since upgrade to 7.0.0 on Security. 10-23-2017 09:07 AM
- Posted Re: Indexes are not available to select from "Available search indexes" during role creation since upgrade to 7.0.0 on Security. 10-17-2017 07:10 AM
- Posted populate posix_identities from several hosts on All Apps and Add-ons. 03-29-2016 06:29 AM
- Tagged populate posix_identities from several hosts on All Apps and Add-ons. 03-29-2016 06:29 AM
- Tagged populate posix_identities from several hosts on All Apps and Add-ons. 03-29-2016 06:29 AM
- Posted Re: results not updated when value change with input type dropdown and using basesearch on Dashboards & Visualizations. 05-21-2015 05:25 AM
- Posted Re: results not updated when value change with input type dropdown and using basesearch on Dashboards & Visualizations. 05-08-2015 01:18 AM
- Posted Re: Unknown Unix or Linux operating system in setup on All Apps and Add-ons. 02-18-2014 06:20 AM
- Posted Unknown Unix or Linux operating system in setup on All Apps and Add-ons. 02-18-2014 04:58 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 |
06-14-2021
02:52 AM
They forgot to update the documentation link in the app descriptions. https://www.cisco.com/c/en/us/td/docs/security/firepower/670/api/eStreamer_enCore/eStreamereNcoreSplunkOperationsGuide_409.html?dtid=osscdc000283 I had the same issue and found it in https://community.splunk.com/t5/All-Apps-and-Add-ons/Cisco-eStreamer-eNcore-for-Splunk-Add-On-v4-6-0-Missing-Setup/m-p/552294
... View more
09-20-2019
01:10 AM
Have the exact same issue - thanks for the workaround
... View more
04-17-2018
02:56 PM
Thank you so much - i battled with that all day 🙂
It worked like a charm and even made my other query more simpel.
I see now that i simply did not understand the documentation of foreach. Now i do.
... View more
04-17-2018
10:03 AM
Any way of achieving this:
| makeresults
| eval Column1="MyData"
| eval TestField="Column1"
| eval Result{TestField}=if('{TestField}'="MyData",1,0)
The reason is simple. I want to define a lookup with all the fieldnames (columns) that is required for a specific category of events.
My current search is larger than this, but i have found this example to describe my problem the best. if i solve this i can solve the rest. The result should be that ResultColumn1 = 1
{TestField} works on the left side of = but not on the right side in the eval.
I tried every combination of TestField including (',",$,$$,<<) but i am not able to retrieve the data from the field which is defined in TestField.
If i use {TestField} on the right side of = i get an error. This is why i have put '{TestField}' in my example above.
I am using Enterprise 7.0.1
Any help is appreciated.
... View more
10-17-2017
07:10 AM
I have the exact same issue right after upgrade to 7.0
- 1 Searchhead
- 2 Clustered Indexers
... View more
03-29-2016
06:29 AM
1 Karma
I can not get my head around this. I can see in the documentation that i should install and run the user commands on the search head.
I have a hosting environment with several ldap directories (active directory) and different user setups on each host.
Should i install the TA on each host to populate the posix_identities? I just can not see how the host and uid is resolved to a posix name on each server when the extraction is only installed on the splunk servers.
Please enlighten me.
... View more
- Tags:
- Linux Auditd
- populate
05-21-2015
05:25 AM
Thanks for follow up. I did the same.
... View more
05-08-2015
01:18 AM
Did you ever solve this, i face the same problem.
... View more
02-18-2014
06:20 AM
I have solved this by removing the Add-On and SA-nix app and reinstall them.
... View more
02-18-2014
04:58 AM
I have a splunk installation running on Oracle Linux (2.6.32 64bit).
Removed the old *nix app and add-on, then installed the new version.
But I am not able to get past the setup screen.
When I press "save" i get:
"This server is not running a known Unix or Linux operating system, so there are no configuration options available. Install this add-on on Unix or Linux systems only."
Any suggestions?
... View more
