Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Maheshparsi
Maheshparsi
Explorer
Member since:
07-06-2015
06-05-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 1 |
| Member Since | 07-06-2015 |
Activity Feed
- Karma Re: How to combine my two searches in Splunk? for jacobwilkins. 06-05-2020 12:47 AM
- Karma Re: How to combine my two searches in Splunk? for sanjay_shrestha. 06-05-2020 12:47 AM
- Got Karma for How to detect APT (Advanced persistent threat) attack ?. 06-05-2020 12:47 AM
- Posted How to detect APT (Advanced persistent threat) attack ? on Security. 11-18-2015 02:55 AM
- Tagged How to detect APT (Advanced persistent threat) attack ? on Security. 11-18-2015 02:55 AM
- Tagged How to detect APT (Advanced persistent threat) attack ? on Security. 11-18-2015 02:55 AM
- Posted How to find failed Logons by IP Address and by Username? on Splunk Search. 09-15-2015 10:43 PM
- Tagged How to find failed Logons by IP Address and by Username? on Splunk Search. 09-15-2015 10:43 PM
- Tagged How to find failed Logons by IP Address and by Username? on Splunk Search. 09-15-2015 10:43 PM
- Tagged How to find failed Logons by IP Address and by Username? on Splunk Search. 09-15-2015 10:43 PM
- Tagged How to find failed Logons by IP Address and by Username? on Splunk Search. 09-15-2015 10:43 PM
- Tagged How to find failed Logons by IP Address and by Username? on Splunk Search. 09-15-2015 10:43 PM
- Posted Re: What features are available in these apps that are not available in the Splunk App for Enterprise Security? on Splunk Enterprise Security. 09-08-2015 12:36 AM
- Posted What features are available in these apps that are not available in the Splunk App for Enterprise Security? on Splunk Enterprise Security. 09-07-2015 10:54 PM
- Tagged What features are available in these apps that are not available in the Splunk App for Enterprise Security? on Splunk Enterprise Security. 09-07-2015 10:54 PM
- Tagged What features are available in these apps that are not available in the Splunk App for Enterprise Security? on Splunk Enterprise Security. 09-07-2015 10:54 PM
- Tagged What features are available in these apps that are not available in the Splunk App for Enterprise Security? on Splunk Enterprise Security. 09-07-2015 10:54 PM
- Tagged What features are available in these apps that are not available in the Splunk App for Enterprise Security? on Splunk Enterprise Security. 09-07-2015 10:54 PM
- Posted How to get the data from remote server through universal forwarder? on Getting Data In. 09-04-2015 05:01 AM
- Tagged How to get the data from remote server through universal forwarder? on Getting Data In. 09-04-2015 05:01 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-18-2015
02:55 AM
1 Karma
How to detect APT (Advanced persistent threat) attack ?
... View more
09-15-2015
10:43 PM
Hi all,
I have some dashboard requirements to be created in "search & reporting app":
failed logons by IPAddress
failed logons by Username
Users Failing to Logon from Multiple IPs
I tried this search, but it is not working:
index=_audit action=failure | stats count by _time,user,action
Can you please help me in finding out the solution?
Thanks in Advance,
Regards,
Mahesh P.
... View more
09-08-2015
12:36 AM
Hi mdessus,
We have a requirement, where in our client is already using Enterprise Security app in splunk. Our client require new features that are not available in Enterprise Security app. so that is why I need to know the features. Features means not in terms of capability.
For suppose, we have Threat Security dashboards in Enterprise Security app, In Cisco security Suite we have Firewall related dashboards.In same way there will be some different features between Enterprise Security app and Cisco Security Suite,McAfee Web Gateway,Splunk for Bluecoat,Splunk for F5 networks.
Thanks in advance,
Mahesh P.
... View more
09-07-2015
10:54 PM
Hi All,
I need to know the features that are not available in the Splunk App for Enterprise Security that are available in Cisco Security Suite, McAfee Web Gateway, Splunk for Bluecoat, Splunk for F5 networks.
Can anyone help me in finding this?
Thanks in advance,
Thanks & Regards,
Mahesh P.
... View more
09-04-2015
05:01 AM
Hi All,
We dont have splunk enterprise installed on windows 2008 R2 server. We have installed the Splunk Universal forwarder(6.2.3 version) on windows 2008 R2 server(64-bit). After installing, we configured input.config file and output.config file as,
input.config:
[default]
host = WIN-NR8HN3JRK2V
[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
[splunktcp://8000]
disabled = 0
output.config file:
[tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = 192.168.0.175:8000
[tcpout-server://192.168.0.175:8000]
Now, how can I get the log data from windows 2008 R2 server to my splunk server(192.168.0.175:8000) ? where it will be stored in my server?
Can anyone help me to get out of this?
Thanks in advance,
Mahesh P.
... View more
08-24-2015
10:08 PM
Hi skawasaki,
please find the code below:
9.1_Top Web Users Clone
<panel>
<title>Top Web Users by Hits and Received Bytes</title>
<table>
<search>
<query>source="F:\\Splunk_Log Files\\*" | stats count(dst_ip) as Hits,sum(recv_bytes) as Bytes by src_ip | sort -Hits |head 10| eval Bytes=Bytes." MB"</query>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">true</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="count">10</option>
</table>
</panel>
Regards,
Mahesh.
... View more
08-24-2015
09:52 PM
Hi ALL,
In the "custom visualizations" app, I need to plot custom Tag cloud chart. But when I have changed the query in the XML, the chart is showing different chart(other than Tag cloud chart as expected). Can any one please help me to get out of this?
Thanks for the solution in advance,
Regards,
Mahesh.
... View more
07-14-2015
04:19 AM
I need values of "File_Transfer" and "Infrastructure" in multiple columns by "src_ip".
src_ip,dst_ip,recv_bytes,status are columns in my log file.
These are my sample values:
src_ip=192.0.0.0
dst_ip=223.255.255.255
recv_bytes=12432
status=Allow
For File_Transfer, I need sum(recv_bytes ) by src_ip
For Infrastructure, I need sum(recv_bytes) by src_ip where src_ip ranges from 192.0.0.0 to 223.255.255.255
the output table should contain columns as File_Transfer,Infrastructure,src_ip.
Thanks,
Mahesh.
... View more
07-14-2015
03:18 AM
Hi All,
I have 2 searches of a log file to be merged as one. When I execute them separately, it is working. Please find below:
For File_Transfer:
source="F:\\Splunk_Log Files\\*" status="Allow" | eval bytes=round(((recv_bytes)/1024),2) | stats sum(bytes) as File_Transfer by src_ip | eval File_Transfer=File_Transfer." MB"
For Infrastructure:
source="F:\\Splunk_Log Files\\*" status="Allow" | eval bytes=round(((recv_bytes)/1024),2) | eval Start=substr(dst_ip, 1, 3)| eval End=substr(dst_ip, 1, 3 )|where Start>=1 and End<=85| stats sum(bytes) as Infrastructure by src_ip| eval Infrastructure =Infrastructure ." MB"
Can you please suggest a solution for this.
Thanks in Advance.
Regards,
Mahesh.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
