About calebra05

calebra05 · ‎09-12-2016

It's a pity, but thank you for the answer.

calebra05 · ‎09-09-2016

Dear Splunkers, I would like to install Splunk on my Raspberry Pi 3 just to monitor some (network) devices (one NAS, one router and a PC at first) at home. Does Pi3 has enough hardware resource to run Splunk (and maybe other services)? Here are the specifications: SoC: Broadcom BCM2837 CPU: 4× ARM Cortex-A53, 1.2GHz GPU: Broadcom VideoCore IV RAM: 1GB LPDDR2 (900 MHz) Thank you in advance!

calebra05 · ‎09-01-2016

Dear sowings, I really appreciate the solution you provided. I copied just the SA-Utils directory to the apps folder and restarted Splunk and now Enterprise Security is working perfectly, no errors, and the same old dashboards appeared. Thank you very much! Best Wishes.

calebra05 · ‎08-31-2016

Dear All, With the deletion of App for Vmware from CLI, somehow I managed to ruin our Enterprise Security. The app (and every menu of it) starts with a message "Timelines could not be loaded" and some dashboards are missing (Unable to load results and "Error in 'SearchParser': The search specifies a macro 'stats2chart'/'allow_old_summaries_bool'/etc that cannot be found. Reasons include: the macro name is misspelled, you do not have "read" permission for the macro, or the macro has not been shared with this application. Click Settings, Advanced search, Search Macros to view macro information."), so I reached to the point that I would like to purge Enterprise Security and then reinstall it. I've already tried to update the app but nothing happened. I cannot find any documentation how to remove the app and I don't know which directories to delete from /opt/splunk/etc/apps. Could you please help me with this?

calebra05 · ‎07-26-2016

Dear All, I'm totally new to the business, I've never dealt with regex, logs or Splunk, etc. Some answers can be found on this page to the question (I know) and Splunk has really good documentations as I've seen, but I don't understand exactly what to do. In my test environment I have a Check Point firewall (OPSec LEA is not an option now) [192.168.10.1] and an Aruba controller [192.168.10.9], both sends syslog only throught port UDP 514 (default and cannot be changed). In (SplunkWeb) Search & Reporting I see the logs which are being sent to one index (as I configured UDP 514 to write into 'test' index). My goal is: the firewall's logs go to 'test' index and the controller's logs go to 'test2' index. /opt/splunk/etc/system/local contains an inputs.conf, which contains: " [default] host = splunk-office [splunktcp://9997] connection_host = ip " What exactly should I add these lines to inputs.conf (or any other .conf files)? I don't understand where can I setup that the logs of 192.168.10.1 go to 'test' and the other IP address go to 'test2'. I would be very pleased if someone could help me step by step.

calebra05 · ‎07-20-2016

Dear All, Could you share me some best practices how to send Watchguard firewall logs into Splunk and how to monitor its events in SplunkWeb?

Posts	6
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎07-20-2016

Online Status	Offline
Date Last Visited	‎06-05-2020 02:04 AM

Running Splunk on Raspberry Pi 3

Removing Enterprise Security

How to split incomming traffic through UDP 514 ?

How to log Watchguard into Splunk?

Re: Running Splunk on Raspberry Pi 3

Running Splunk on Raspberry Pi 3

Re: Removing Enterprise Security

Removing Enterprise Security

How to split incomming traffic through UDP 514 ?

How to log Watchguard into Splunk?