Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About aqudoos
aqudoos
Explorer
Member since:
02-01-2018
06-05-2020
Community Statistics
| Posts | 21 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 0 |
| Member Since | 02-01-2018 |
Activity Feed
- Karma Re: How to rename a specific IP subnets appearing in search to some name i.e city network for FrankVl. 06-05-2020 12:49 AM
- Karma Re: How can we send data to 2 different groups of indexers? for lguinn2. 06-05-2020 12:48 AM
- Karma Do I need frozen storage? for rewritex. 06-05-2020 12:48 AM
- Karma Restore archived data for ssingh5. 06-05-2020 12:46 AM
- Karma Incorrect event time in Splunk for brettcave. 06-05-2020 12:46 AM
- Posted Comparison of Splunk enterprise and Splunk enterprise security on Splunk Enterprise Security. 07-30-2018 12:18 PM
- Tagged Comparison of Splunk enterprise and Splunk enterprise security on Splunk Enterprise Security. 07-30-2018 12:18 PM
- Tagged Comparison of Splunk enterprise and Splunk enterprise security on Splunk Enterprise Security. 07-30-2018 12:18 PM
- Posted Compare stats of current day with previous day on Splunk Search. 07-06-2018 04:51 AM
- Tagged Compare stats of current day with previous day on Splunk Search. 07-06-2018 04:51 AM
- Tagged Compare stats of current day with previous day on Splunk Search. 07-06-2018 04:51 AM
- Posted Compare stats of current day with previous day on Splunk Search. 07-06-2018 04:46 AM
- Tagged Compare stats of current day with previous day on Splunk Search. 07-06-2018 04:46 AM
- Posted Re: I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 09:25 PM
- Posted Re: I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 09:24 PM
- Posted I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 01:31 AM
- Tagged I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 01:31 AM
- Tagged I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 01:31 AM
- Posted universal forwarder stops sending logs and splunk enterprise unable to receive windows logs whenever splunk-regmon process initiated on Splunk Enterprise. 04-23-2018 01:38 AM
- Tagged universal forwarder stops sending logs and splunk enterprise unable to receive windows logs whenever splunk-regmon process initiated on Splunk Enterprise. 04-23-2018 01:38 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-30-2018
12:18 PM
HI!
Is Splunk enterprise security contains all the features of Splunk enterprise as well other than its advanced security features?If any body have the comparison between Splunk enterprise & Splunk enterprise security please share it here.
... View more
07-06-2018
04:51 AM
Hi all!
I am currently getting stats of current day as followed
Port Count
25 25
443 75
53 990
I wanted a table like this
Port Count(Previous Day) Count(Current Day)
25 25 30
443 75 40
53 990 50
My query is like this
Index=* | stats count by port
Please confirm is it possible
Please help!
... View more
07-06-2018
04:46 AM
Hi all!
I am currently getting stats of current day as followed
Port Count
25 25
443 75
53 990
I wanted a table like this
Port Count(Previous Day) Count(Current Day)
25 25 30
443 75 40
53 990 50
My query is like this
Index=* | stats count by port
Please confirm is it possible
Please help!
... View more
06-07-2018
09:25 PM
I have tried this as well
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
blacklist =5156
... View more
06-07-2018
09:24 PM
HI Frank!
Thanks for reply.I am still receiving logs with event code 5156.Please review my updated configuration.
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
blacklist = EventCode=5156
... View more
06-07-2018
01:31 AM
I have configure the input file residing under following path.C:\Program Files\SplunkUniversalForwarder\etc\system\local.
Configuration:
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 1
evt_resolve_ad_obj = 1
checkpointInterval = 5
blacklist1 = EventCode="5156" Message="*"
Requirement:
I want all security events logs other than event code 5156........Is my configuration wrong.
... View more
04-23-2018
01:38 AM
New Process Name: D:\SplunkUniversalForwarder\bin\splunk-regmon.exe
Please help!what should I do??
... View more
04-13-2018
05:06 AM
I haven't configured outputs.conf as during installation I enter the deployment server and receiver indexer details.The same purpose will be done in ouput.conf if you didn't enter during installation.Other than input.conf I didn't changed any configuration.
Am I right or missing something.
... View more
04-12-2018
11:42 PM
I am receiveing below mentioned error with high frequency.
ERROR TcpInputProc - Message rejected. Received unexpected message of size=174291836 bytes from src=x.x.x.x:12345 in streaming mode. Maximum message size allowed=63412458. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.
... View more
04-12-2018
11:16 PM
Forwarder was installed on the same server where splunk enterprise was installed for testing purposes.
... View more
04-12-2018
11:13 PM
NO.Internal logs of forwarder are not delayed.
... View more
04-12-2018
10:20 PM
My inputs.conf are mentioned below.
Make sure these get forwarded
[monitor://C:\Windows\System32\winevt\Logs\Security.evtx]
index=windowlogs
Please help.
... View more
04-11-2018
03:46 AM
Any one for help ????
... View more
04-09-2018
10:13 PM
My device logs stopped whenever I received this error in internal logs. How to get rid of this error and why my logs stopped with this error.
ERROR SplunkOptimize - (child_215460__SplunkOptimize) merge failed for path=C:\Indexes\Network_Device\hot\hot_v1_1397 rc=-12 wrc=-12 errno=0 file=dontknow hint=]
Please help.
... View more
04-09-2018
04:48 AM
index=* | stats count by source_ip,dest_port
I got my results against Source_ip,dest_port.Now i want to rename the IP's belonging to specific subnets to some specific name.
Is it possible ?
... View more
