Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About aqudoos
aqudoos
Explorer
Member since:
02-01-2018
06-05-2020
Community Statistics
| Posts | 21 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 0 |
| Member Since | 02-01-2018 |
Activity Feed
- Karma Re: How to rename a specific IP subnets appearing in search to some name i.e city network for FrankVl. 06-05-2020 12:49 AM
- Karma Re: How can we send data to 2 different groups of indexers? for lguinn2. 06-05-2020 12:48 AM
- Karma Do I need frozen storage? for rewritex. 06-05-2020 12:48 AM
- Karma Restore archived data for ssingh5. 06-05-2020 12:46 AM
- Karma Incorrect event time in Splunk for brettcave. 06-05-2020 12:46 AM
- Posted Comparison of Splunk enterprise and Splunk enterprise security on Splunk Enterprise Security. 07-30-2018 12:18 PM
- Tagged Comparison of Splunk enterprise and Splunk enterprise security on Splunk Enterprise Security. 07-30-2018 12:18 PM
- Tagged Comparison of Splunk enterprise and Splunk enterprise security on Splunk Enterprise Security. 07-30-2018 12:18 PM
- Posted Compare stats of current day with previous day on Splunk Search. 07-06-2018 04:51 AM
- Tagged Compare stats of current day with previous day on Splunk Search. 07-06-2018 04:51 AM
- Tagged Compare stats of current day with previous day on Splunk Search. 07-06-2018 04:51 AM
- Posted Compare stats of current day with previous day on Splunk Search. 07-06-2018 04:46 AM
- Tagged Compare stats of current day with previous day on Splunk Search. 07-06-2018 04:46 AM
- Posted Re: I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 09:25 PM
- Posted Re: I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 09:24 PM
- Posted I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 01:31 AM
- Tagged I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 01:31 AM
- Tagged I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 01:31 AM
- Tagged I want to filter specific security events logs but my configuration didn't work. on Getting Data In. 06-07-2018 01:31 AM
- Posted Re: I have configured input.conf of splunk universal forwader but logs are receving with a delay of almost one hour.Unable to receive current logs on Getting Data In. 04-13-2018 05:06 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-30-2018
12:18 PM
HI!
Is Splunk enterprise security contains all the features of Splunk enterprise as well other than its advanced security features?If any body have the comparison between Splunk enterprise & Splunk enterprise security please share it here.
... View more
07-06-2018
04:51 AM
Hi all!
I am currently getting stats of current day as followed
Port Count
25 25
443 75
53 990
I wanted a table like this
Port Count(Previous Day) Count(Current Day)
25 25 30
443 75 40
53 990 50
My query is like this
Index=* | stats count by port
Please confirm is it possible
Please help!
... View more
07-06-2018
04:46 AM
Hi all!
I am currently getting stats of current day as followed
Port Count
25 25
443 75
53 990
I wanted a table like this
Port Count(Previous Day) Count(Current Day)
25 25 30
443 75 40
53 990 50
My query is like this
Index=* | stats count by port
Please confirm is it possible
Please help!
... View more
06-07-2018
09:25 PM
I have tried this as well
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
blacklist =5156
... View more
06-07-2018
09:24 PM
HI Frank!
Thanks for reply.I am still receiving logs with event code 5156.Please review my updated configuration.
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
blacklist = EventCode=5156
... View more
06-07-2018
01:31 AM
I have configure the input file residing under following path.C:\Program Files\SplunkUniversalForwarder\etc\system\local.
Configuration:
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 1
evt_resolve_ad_obj = 1
checkpointInterval = 5
blacklist1 = EventCode="5156" Message="*"
Requirement:
I want all security events logs other than event code 5156........Is my configuration wrong.
... View more
04-13-2018
05:06 AM
I haven't configured outputs.conf as during installation I enter the deployment server and receiver indexer details.The same purpose will be done in ouput.conf if you didn't enter during installation.Other than input.conf I didn't changed any configuration.
Am I right or missing something.
... View more
04-12-2018
11:42 PM
I am receiveing below mentioned error with high frequency.
ERROR TcpInputProc - Message rejected. Received unexpected message of size=174291836 bytes from src=x.x.x.x:12345 in streaming mode. Maximum message size allowed=63412458. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.
... View more
04-12-2018
11:16 PM
Forwarder was installed on the same server where splunk enterprise was installed for testing purposes.
... View more
04-12-2018
11:13 PM
NO.Internal logs of forwarder are not delayed.
... View more
04-12-2018
10:20 PM
My inputs.conf are mentioned below.
Make sure these get forwarded
[monitor://C:\Windows\System32\winevt\Logs\Security.evtx]
index=windowlogs
Please help.
... View more
04-11-2018
03:46 AM
Any one for help ????
... View more
04-09-2018
10:13 PM
My device logs stopped whenever I received this error in internal logs. How to get rid of this error and why my logs stopped with this error.
ERROR SplunkOptimize - (child_215460__SplunkOptimize) merge failed for path=C:\Indexes\Network_Device\hot\hot_v1_1397 rc=-12 wrc=-12 errno=0 file=dontknow hint=]
Please help.
... View more
04-09-2018
04:48 AM
index=* | stats count by source_ip,dest_port
I got my results against Source_ip,dest_port.Now i want to rename the IP's belonging to specific subnets to some specific name.
Is it possible ?
... View more
04-06-2018
04:20 AM
I have two different fields in logs coming from the same device. I want to count that stats for both fields by using the OR command but it's not running.
Following is the command:
|stats count by (Source-IP OR source_ip )
Source-ip and source_ip are two different fields
... View more
03-13-2018
04:27 AM
Thanks for answer!
Yes i have restarted service after this and still not success.
One thing i was confused was that after copying my archive db folder in to thawed db residing under var/lib/splunk/defualtdb and then running splunk rebuild command on that db folder under thawed db,how can my archive logs will link to my hot folder of specific index so that it will be serachable again.
Please help.
... View more
03-13-2018
04:14 AM
HI deepashri_123
Thanks for answer!!
I just try another method.
1)I directly copied one of my archive db folder directly to thaweddb.
C:\Program Files\Splunk\var\lib\splunk\defaultdb\thaweddb\db_1513910393_1513952434_5
2)After that I run the splunkrebuild command as shown below.
C:>splunk rebuild programfiles\splunk\var\lib\splunk\defaultdb\thaweddb\db_1513910393_1513952434_5
3)But still i was unable to search the logs.
Please help.
... View more
03-13-2018
12:45 AM
HI!
I am using splunk enterprise 7.0.1 and I have installed it on my C drive.I have archived my logs on following location D:\archive.I have perform following steps to restore my logs but unable to to so.
1)I have run Following command( C:>xcopy D:\archive\db_1513683972_1613682334_0 %SPLUNK_HOME%\var\lib\splunk\defaultdb\thaweddb\/s /e /v) which makes folder named %SPLUNK_HOME% on C drive contaning journal zip file.
2)After that I have run this command( C:\Program Files\Splunk\bin>splunk rebuild %SPLUNK_HOME%\var\lib\splunk\defaultdb\thaweddb\db_1513683972_1613682334_0) that was successfully executed.
3)Then i have run this command by modifiying zero at the end to 1001 as studied somewhere to give it unique bucket id.(C:\%SPLUNK_HOME%\var\lib\splunk\defaultdb\thaweddb>move db_1513683972_1613682334_0 db_1513683972_1613682334_1001)
Please help where i am wrong.I am stuck here from many days but unable to restore logs.
... View more
