×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jbv
Engager
Member since: ‎12-21-2023
‎11-25-2024
Community Statistics
Posts 9
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-21-2023
Activity Feed
View All

Splunk Cloud time zone

by in Splunk Cloud Platform
‎09-26-2024 09:49 PM
‎09-26-2024 09:49 PM
Hi, Is there a way to check the Splunk cloud timezone? I know by documentation its at GMT+0 and displays the data based on your configured timezone My user account is configured at GMT+8, however when I check the triggered alerts page. the Alerts have a CST timezone Also, in our ES incident review checking the time difference from the triggering event from the triggered alerts, it almost at 2 hrs. For reference see below.    Triggered alert in Incident review Highlighted refers to the timestamp in the triggering event from the drill down search     ... View more

How to get current time and convert to epoch

by in Splunk Search
‎06-05-2024 11:06 PM
‎06-05-2024 11:06 PM
Hi, Is there a way to get current time on Splunk and then convert it to epoch? Im trying to create a dashboard to show inactivity from my data sources and plan to use info from | metadata command. ... View more

Re: Splunk ePO integration

by in Getting Data In
‎01-31-2024 11:22 PM
‎01-31-2024 11:22 PM
Its not binary, more like hex-encoded, see below: \x00}\x00\x00ye\xBBE\x9A9\xEA!\xBE<\x8F$W\xBB\xC9EP\xA3\x8Ff\xECn_\x9D\xEB\xE8\xF8i\xDE\xD7\x00\x00,\x00\x9F\x00k\x00\xA3\x00j\x009\x008\x00\x9D\x00=\x005\x00\xA2\x00@\x002\x00\x9E\x00g\x003\x00\x9C\x00<\x00/\x00\x00\x00  1. yes, out input.conf attached above. after every change we restart splunk services 2. Were trying to get approval from ePO admin to run wireshark on the server, if not well just generate MER logs and send them back to ePO support ... View more

Splunk ePO integration

by in Getting Data In
‎01-31-2024 10:18 PM
‎01-31-2024 10:18 PM
Hi, Were trying to connect ePO via syslog to splunk, weve followed the steps provided in the ePO add-on documentation and were able to capture logs from ePO. However the logs are encrypted, raising this concern to our ePO support he suggested 2 things: 1. Enable the supported TLS/cipher suites by ePO on the splunk side 2. Add the splunk as a registered server and make sure test Syslog is successful From the Splunk documentation we followed, were always getting failed test syslog and scouring around different docs and community posts on other SIEM brands, most seem to have had success (on connecting to ePO) once they have verified the supported cipher suite of the ePO exists and is enforced on their collector. Going from this, is there a way to check/verify which cipher suites are used by Splunk. Ive seen the document regarding Splunk TLS, and it seems that the supported cipher suites for ePO are included in the default however is there a way to verify this?  Our setup is as follows: - Configured HF on a Win server - Configured inputs.conf as below:   ... View more

Data Summary

by in Deployment Architecture
‎01-08-2024 01:21 AM
‎01-08-2024 01:21 AM
Hi, Were currently deploying our internal Splunk instance and were looking for a way to monitoring the data sources that have logged in our instance. I saw that previously there was a Data Summary button on the Search and Reporting app but for some reason its not showing up on our instance. Does anyone know if it got removed or moved to somewhere else. Thank you ... View more

Re: Syslog Connect

by in Deployment Architecture
‎12-26-2023 04:35 PM
‎12-26-2023 04:35 PM
Hi, Does that also apply for direct syslog to a Heavy forwarder? Meaning if we configure a listening port on a splunk instance ... View more

Re: Syslog Connect

by in Deployment Architecture
‎12-21-2023 11:21 PM
‎12-21-2023 11:21 PM
Thanks for response, however were using Splunk ES app, per the representative were talking with we need the SC4S so that the events will be mapped correctly in the app else we need to manually do adjust the mapping  We want to minimize the configurations we need to manually do since were just starting with our deployment  ... View more

Syslog Connect

by in Deployment Architecture
‎12-21-2023 08:15 PM
‎12-21-2023 08:15 PM
Hi, We initially deployed a heavy forwarder on-prem to collect data from our passive devices (syslogs, security devices, etc) however per talking with a splunk represent he recommended to have a splunk connect for syslog to collect the data. Per him Syslog connect is the recommended method of collection for passive devices and also helps with parsing/normalization of the data when it goes to our Enterprise Security. Can both HF and SC4S be in the server ? If yes how will that work? Can SC4S direct data to the cloud indexer? And for future, do we just go for SC4S instead on the HF on-prem for the passive devices?  Thank you ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-25-2024 06:21 AM