Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About splunkettes
splunkettes
Path Finder
Member since:
06-22-2020
12-05-2024
Community Statistics
| Posts | 19 |
| Solutions | 1 |
| Karma Given | 9 |
| Karma Received | 4 |
| Member Since | 06-22-2020 |
Activity Feed
- Tagged DA-ITSI-CP-vmware-dashboards Quick Search Not working on All Apps and Add-ons. 12-05-2024 09:43 AM
- Posted Re: How do I get Rapid7 logs into splunk? on All Apps and Add-ons. 11-26-2024 07:06 AM
- Posted DA-ITSI-CP-vmware-dashboards Quick Search Not working on All Apps and Add-ons. 11-13-2024 12:15 PM
- Posted Re: Why does ps eventtype has no 'report' tag? on All Apps and Add-ons. 09-06-2024 08:09 AM
- Karma Why does ps eventtype has no 'report' tag? for alek_cybersec. 09-06-2024 08:08 AM
- Karma Updates to InfoSec App for Splunk? for amartin6. 08-05-2024 02:19 PM
- Karma How to disable Mouse Over on items for thomas_brunner. 05-10-2024 10:19 AM
- Posted ITE duplicate entity aliases found on Installation. 04-15-2024 07:34 AM
- Posted Re: splunk-aws app cannot connect to aws due to aws ssl settings. on All Apps and Add-ons. 04-12-2024 07:20 AM
- Karma splunk-aws app cannot connect to aws due to aws ssl settings. for Jeong_Daewong. 04-12-2024 07:19 AM
- Karma Why are we not getting data of AWS EC2 instances & ELBs in splunk aws app? for nikhilmfwd. 02-13-2024 10:31 AM
- Karma Re: Why are we not getting data of AWS EC2 instances & ELBs in splunk aws app? for nikhilmfwd. 02-13-2024 10:31 AM
- Posted Re: How to troubleshoot and fix the website input 504 Gateway Timeout Error while configuring an input ? on Getting Data In. 01-12-2024 02:45 PM
- Karma How to troubleshoot and fix the website input 504 Gateway Timeout Error while configuring an input ? for Hemnaath. 01-12-2024 02:44 PM
- Posted Re: Custom Alert action shell script on Alerting. 08-03-2023 12:58 PM
- Got Karma for Re: What is N/A in the user field?. 04-10-2023 08:37 AM
- Got Karma for Re: How is the outputlookup command is configured?. 12-26-2022 08:21 AM
- Got Karma for Re: What is N/A in the user field?. 06-30-2022 08:30 AM
- Karma I Re: enable_memory_tracker for Search Head Cluster for gjanders. 12-11-2020 12:54 PM
- Tagged enable_memory_tracker for Search Head Cluster on Splunk Enterprise. 12-04-2020 10:09 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-26-2024
07:06 AM
I am getting ready to attempt the rapid7 Nexpose addon. Did it end up working for you? I am wondering if there is a better approach since the app only has two stars on splunk base and is not a splunk supported app.
... View more
11-13-2024
12:15 PM
Currently running Splunk 9.3.0. IT Essentials Work 4.18.1. VMware Dashboards and Reports content pack 1.2.0 All dashboards in the VMware Dashboards and Reports app where there is a "Quick Search" free text option, is not working. It used to provide as list as you typed of matching hosts/VMs depending on the dashboard. Now I can't get it to do anything. Can anyone provide what the data source is for this input? I think I am probably missing a lookup file but cannot find which one. For example, this shows the radio button that gets you to the text input. The radio button works but the text input does nothing.
... View more
- Tags:
- vmware
Labels
- Labels:
-
troubleshooting
09-06-2024
08:09 AM
Did you end up creating the tag to get the endpoint.processes data model to populate? I am seeing the same issue in Splunk_TA_nix 9.7.0
... View more
04-15-2024
07:34 AM
After configuring content pack for VMware. I repeatedly get "duplicate entity aliases found". We are also collecting for TA-Nix. How can I fix the duplicate entity alias issue. I am running ITE 4.18.1 and Splunk app for content packs 2.10
... View more
Labels
- Labels:
-
Linux
04-12-2024
07:20 AM
Were you able to resolve the issue? I am getting the same error.
... View more
01-12-2024
02:45 PM
did you ever resolve this issue?
... View more
08-03-2023
12:58 PM
I realize this is a dated post but is closely aligned with the issue I am having with my shell script custom alert action.. Please elaborate on how you read in the stdin arguments to the shell script. I copied the sample script in the docs. The alert triggers the script and will print the $0 but the rest of the variables are null. Do I need to list the SPLUNK_ARG_x variables out in the alert_actions.conf?
... View more
12-03-2020
10:49 AM
I have enabled the memory tracker in the limits.conf in an app local directory. System/local does not have this setting. I would like to increase the frequency that this check occurs since some users tend to run fast queries that exceed the memory limit I have set. Does anyone know how to increase the frequency of the memory tracker check? The documentation does not provide this information: https://docs.splunk.com/Documentation/Splunk/8.1.0/Search/Limitsearchprocessmemoryusage
... View more
Labels
- Labels:
-
configuration
09-12-2020
05:11 AM
Via the outputlookup command
... View more
08-17-2020
08:21 AM
2 Karma
Do you know why audittrail shows "N/A" for user when a Splunk user creates a lookup file? For example, I created a lookup file testingLookupCreationAudit.csv using the outputlookup command and the logged event for it showed, Audit:[timestamp=08-17-2020 15:02:32.078, user=n/a, action=add,path="/data/1/splunk/etc/apps/search/lookups/testingLookupCreationAudit.csv", isdir=0, size=117, gid=1001, uid=1001, modtime="Mon Aug 17 14:54:10 2020", mode="rw-------", hash=][n/a] Why didn't Splunk log my user name in this event?
... View more
08-17-2020
08:12 AM
Can someone explain why when I create a lookup file does my windows instance of Splunk provide the user name in the audittrail log but on my linux instance the user name is "N/A"? Is there a way to ensure the user name is captured in audittrail when a user creates a lookup file?
... View more
Labels
- Labels:
-
Other
08-08-2020
12:38 PM
1 Karma
Decided to resolve the issue by creating a custom command to reassign lookup files from nobody to their proper owner based on results of splunk search.
... View more
08-04-2020
03:39 PM
Thanks @richgalloway for your response. I was wondering if there is a way to modify Splunk's built in commands or at least override them with my own process. I have a custom command that I have created that does what I want the outputlookup command to do but it would require all users to use the new command. Ideally, I would allow users to continue with the outputlookup command but change how it functions so that new files are stored in the etc/<user>/<app>/lookups directory instead of the etc/<app>/lookups directory.
... View more
08-04-2020
08:40 AM
Does anyone know how the outputlookup command is configured? commands.conf does not reference a python script for it. I want to change how new files are created so that they are private and assigned to an owner.
... View more
- Tags:
- commands.conf
- python
Labels
- Labels:
-
lookup
07-08-2020
01:59 PM
This is pretty close to what I'm trying to do as well. Curious if you got it to work?
... View more
06-23-2020
09:09 AM
I modified the files how you suggested. Doing so changes the default permissions applied when the user runs the outputlookup command. So now if a user creates a lookup file with the command it creates a lookup owned by nobody and only admins can modify it. I think the lack of ownership is an issue with the command itself rather than the metadata settings because when you go to the lookup files page and select to create a new lookup, that new file is created as a private object under the user's account. I may need to look into limiting who can run the outputlookup command so that we can reduce the number of ad hoc lookups created by nobody. We have a scripted process to reassign these lookups based on the last person who ran an outputlookup to create/updated the file, but I was trying to stop the creation of lookup files without owners at its source. If anyone knows how the outputlookup command is programmed in Splunk, I'd love to see it. It should function like the lookup-table-files.xml (Create new lookup form) in ...\Splunk\etc\apps\search\default\data\ui\manager\data_lookup_table_files.xml but it clearly doesn't. 😞
... View more
06-22-2020
01:34 PM
Thank you for your reply. I changed the app owner and now when a user runs the outputlookup command the lookup is assigned to the owner I specified for the app and not the user. I would like for the lookup ownership to be assigned to the user who created the lookup file via the outputlookup command. For instance, in the search & reporting app, when a user creates a new report, that report is saved by default as private to the user. I would like the same thing to happen in the search & reporting app, when a user creates a lookup file via the outputlookup command.
... View more
06-22-2020
11:19 AM
Years back the outputlookup command would create a csv lookup file in the user's app folder making it Private and owned by the user who ran the command. Now the lookup gets created with "No owner" and inherits the permissions of the app. Allowing users to run the outputlookup command this way can lead to massive number of public lookup files without owners. Additionally, anyone with write permissions to the app can then overwrite another user's lookup file. What conf settings can be modified so that the outputlookup command is set to create the lookup file as a privately owned object (owner being the user who ran the command)
... View more
Labels
- Labels:
-
lookup
06-22-2020
11:06 AM
Did you get an answer for this? I am also looking to change the default behavior of how lookups are created. A few years back I believe the default behavior was to create the lookup as a private object under the user's app directory... which was way better for object management.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-05-2024
02:04 PM
|
Karma given to
