Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About nilbak88
nilbak88
Explorer
Member since:
02-23-2021
11-06-2023
Community Statistics
| Posts | 13 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 02-23-2021 |
Activity Feed
- Posted Getting extracted_host, extracted_source, extracted_sourcetype fields in interesting fields on Getting Data In. 11-03-2023 12:03 PM
- Got Karma for Why are AWS Cloudtrail logs getting delayed in Splunk?. 09-01-2022 01:38 AM
- Tagged Why are AWS Cloudtrail logs getting delayed in Splunk? on All Apps and Add-ons. 09-01-2022 12:29 AM
- Tagged Why are AWS Cloudtrail logs getting delayed in Splunk? on All Apps and Add-ons. 09-01-2022 12:29 AM
- Tagged Why are AWS Cloudtrail logs getting delayed in Splunk? on All Apps and Add-ons. 09-01-2022 12:29 AM
- Posted Why are AWS Cloudtrail logs getting delayed in Splunk? on All Apps and Add-ons. 09-01-2022 12:28 AM
- Posted Re: Improve efficiency of a splunk search query on Splunk Search. 04-21-2022 05:57 AM
- Posted How to improve efficiency of a Splunk search? on Splunk Search. 04-21-2022 05:12 AM
- Posted Re: How to merge two Splunk Queries ? on Splunk Search. 04-21-2022 05:05 AM
- Posted How to merge two Splunk queries ? on Splunk Search. 04-15-2022 05:29 AM
- Posted Re: Need help in parsing below Azure nsg log on Getting Data In. 12-11-2021 01:46 AM
- Posted Need help in parsing below Azure nsg log on Getting Data In. 12-10-2021 11:58 AM
- Posted Re: Need Help with Splunk Query on Splunk Search. 10-27-2021 07:07 AM
- Posted Re: Need Help with Splunk Query on Splunk Search. 10-26-2021 02:59 AM
- Posted Re: Need Help with Splunk Query on Splunk Search. 10-26-2021 12:27 AM
- Posted Need Help with Splunk Query on Splunk Search. 10-25-2021 08:24 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-03-2023
12:03 PM
I am getting getting extracted_host, extracted_source, extracted_sourcetype fields in interesting fields along with host, source, sourcetype in selected fields while ingesting logs using HEC input in Splunk Cloud. Can someone help why I am gettin extracted_host, extracted_source, extracted_sourcetype fields in the logs even if they are not define in the source end.
... View more
Labels
- Labels:
-
host
-
HTTP Event Collector
-
JSON
-
source
-
sourcetype
09-01-2022
12:28 AM
1 Karma
Hi All,
We are facing issues with AWS cloudtrail logs ingested through SQS-S3 method using AWS Splunk Add-on.
The add-on installed and inputs are configured on Splunk Cloud Search head.
We were getting logs properly in Splunk, however from last we can observe huge latency in logs
The logs are getting delayed in Splunk.
We did not observed any internal errors in Splunk.
Please help us and suggest how we can mitigate this issue.
... View more
- Tags:
- aws
- cloudtrail
- sqs
Labels
- Labels:
-
troubleshooting
04-21-2022
05:57 AM
Thanks @gcusello That was really quick and helpful. Also, is there is any possibility if we can modify time range setting in such a way that is do not overlap the data. Like currently, its running everyday and resulting 30 days of data since time range is set as of 30 days.
... View more
04-21-2022
05:12 AM
Hi All, One of my scheduled report is quite expensive. It runs everyday from Monday to Friday and results in 30 days worth of data. Search Query index=abc_* | stats count by index,host How can I improve its search efficiency? Please suggest .
... View more
Labels
- Labels:
-
stats
04-21-2022
05:05 AM
thanks @gcusello . That's what i was looking for. However, i will get back to you on this again if needed more help
... View more
04-15-2022
05:29 AM
Hi All,
I need help with Splunk Query for below scenario:
Query 1: index =abc | table src, dest_name, severity, action
If it finds dest_name for any high and critical severity, it will look for computerdnsname in index xyz and there if it matches, it will display the result
Query 2:
index=xyz
... View more
Labels
- Labels:
-
join
12-11-2021
01:46 AM
Thanks @richgalloway This add-on is not supported by Splunk and we already tried with this add-on, were not getting desired results. So, tried to get results with Azure Log Analytics Kusto Grabber Splunk addon. So, need help if we can parse above pasted logs. Please suggest
... View more
12-10-2021
11:58 AM
Hi all, This is the sample Azure nsg log ingested from Azure log analytics "aaaedbb3-407b-4d6c-9f11-dc4640e9acf4", "Azure", "", "", "2021-12-10T19:06:17.001Z", "", "", "", "", "", "", "", "", "", "", "2", "2021-12-10T18:00:00Z", "2021-12-10T19:00:00Z", "2021-12-10T18:09:01Z", "2021-12-10T18:36:26Z", "S2S", "", "10.115.1.77", "34.206.244.234", "", 54443, "T", "Unknown", "O", false, "A", "d88af0da-cfee-4f3e-bb50-58341fe4e132/c-hal-it-ss-prod-eus-rg/cap-subnet1-nsg", "0|cap_mgmt_to_hal|O|A|4", "cap_mgmt_to_hal", "UserDefined", "d88af0da-cfee-4f3e-bb50-58341fe4e132", "", "eastus", "", "c-halazops-connectivity-eus-criticalassetprotection-rg/np1caps009v-nic1", "c-halazops-connectivity-eus-criticalassetprotection-rg/np1caps009v-nic1", "", "c-halazops-connectivity-eus-criticalassetprotection-rg/np1caps009v", "c-halazops-connectivity-eus-criticalassetprotection-rg/np1caps009v", "", "c-hal-it-ss-prod-eus-rg/c-hal-it-ss-prod-eus-vnet1/cap-subnet1", "", "", "", "", "", "", "", "", "d88af0da-cfee-4f3e-bb50-58341fe4e132/c-hal-it-ss-prod-scus-rg/c-hal-it-ss-prod-scus-er2", "AzurePrivatePeering", "d88af0da-cfee-4f3e-bb50-58341fe4e132/c-hal-it-ss-prod-eus-rg/c-hal-it-ss-prod-eus-scus-conn2", "", "", "", 0, 0, 4, 0, 4, 39, 34, 26863, 4706, 4, "", "", "", null, "", "", "", "", "", "", "", null, "", "", "", "", "", "", "ExpressRoute", null, "", null, "", "", null, "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "c-hal-it-ss-prod-eus-rg/c-hal-it-ss-prod-eus-vnet1/cap-subnet1", "", "", "", "", "", "", null, null, "", null, "", "", "", "", null, null, "", "", "", null, null, "", "", null, null, "", null, "", "", "", null, "", "", "", "", "eastus", "", "FlowLog", "d88af0da-cfee-4f3e-bb50-58341fe4e132", "", "2021-12-10T19:06:11.622Z", "", "", "", "", "", "", "", null, "", "", "", null, "", "", "", "", "", "", null, "00-0D-3A-1A-C0-F7", "", "", "", "", null, "", "", null, null, null, null, "", "", "AzureNetworkAnalytics_CL", "" Can anybody please help me in parsing and get into meaningful data.
... View more
Labels
- Labels:
-
props.conf
10-27-2021
07:07 AM
Yes, that is the only way I also think so. Anyways thanks for all the help
... View more
10-26-2021
02:59 AM
@ITWhisperer Thanks for looking into it. I tried with the above suggestion but not getting the desired result. Here, I want to keep all of the event details and separate the tuples into events.
... View more
10-25-2021
08:24 AM
Hello Splunkers, I need help with Network Security Group flow logs where each of the tuples should be a single event with other relevant data for an event. Sample.log _raw: {"time":"2021-10-25T16:17:50.8670851Z","systemId":"1c5751f4-8686-4ea5-82ee-173b64d401dd","macAddress":"xxxxxxxxxx","category":"NetworkSecurityGroupFlowEvent","resourceId":"/SUBSCRIPTIONS/A80612A2-33D6-47FF-817A-283E8BC8EDD2/RESOURCEGROUPS/C-SAP-EUS-NONPROD-01-INT-NETWORKING-RG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/DATA-INT-SUBNET-NSG","operationName":"NetworkSecurityGroupFlowEvents","properties":{"Version":2,"flows":[{"rule":"DefaultRule_AllowVnetOutBound","flows":[{"mac":"000D3A57248C","flowTuples":["1635178607,,10.123.2.28,46058,9997,T,O,A,E,1,74,1,60","1635178607,10.115.34.31,10.123.2.18,29128,9997,T,O,A,E,19,7292,16,1227","1635178609,10.115.34.31,10.119.241.5,26540,9997,T,O,A,E,47,54806,64,4395","1635178612,10.115.34.31,13.69.239.72,56024,443,T,O,A,B,,,,","1635178613,10.115.34.31,13.69.239.72,56026,443,T,O,A,B,,,,","1635178614,10.115.34.31,10.192.124.221,56488,80,T,O,A,B,,,,","1635178618,10.115.34.31,13.69.239.72,56024,443,T,O,A,E,8,1158,8,4897"]}]},{"rule":"UserRule_AzAppSubnet_access_toAzDBSubnet_Catch-all","flows":[{"mac":"000D3A57248C","flowTuples":["1635178635,10.115.32.28,10.115.34.31,54322,33015,T,I,A,B,,,,"]}]}]}} Json format category: NetworkSecurityGroupFlowEvent macAddress: xxxxxxxxxx operationName: NetworkSecurityGroupFlowEvents properties: { [-] Version: 2 flows: [ [-] { [-] flows: [ [-] { [-] flowTuples: [ [-] 1635172376,ip1,ip2,58636,443,T,O,A,E,6,1611,1,66 1635172377,ip1,ip2,27910,443,T,O,A,B,,,, 1635172377,ip1,ip2,59136,443,T,O,A,E,0,0,0,0 1635172378,ip1,ip2,56756,9997,T,O,A,B,,,, 1635172378,ip1,ip2,58686,9997,T,O,A,B,,,, 1635172379,ip1,ip2,53684,9997,T,O,A,B,,,, Result: Event 1: category: NetworkSecurityGroupFlowEvent macAddress: xxxxxxxxxx operationName: NetworkSecurityGroupFlowEvents properties: { [-] Version: 2 flows: [ [-] { [-] flows: [ [-] { [-] flowTuples: [ [-] 1635172376,ip1,ip2,58636,443,T,O,A,E,6,1611,1,66 Event2: category: NetworkSecurityGroupFlowEvent macAddress: xxxxxxxxxx operationName: NetworkSecurityGroupFlowEvents properties: { [-] Version: 2 flows: [ [-] { [-] flows: [ [-] { [-] flowTuples: [ [-] 1635172377,ip1,ip2,27910,443,T,O,A,B,,,, Thanks
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-06-2023
01:51 PM
|
