The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: Posted by CerielTjuh
| Topic | Author | Replies | Latest Post |
|---|---|---|---|
|
How to filter WinEventLogs to be collected via forwarders?
In: SplunkAdministration
(Not tagged)
Hi remy,
see my post, the filtering works like that.
I am able to delete the unwanted, just the ...
|
2
|
22 months ago... | |
|
WinEventLog filtering with LightForwarder and Indexer
In: SplunkAdministration
(Not tagged)
Hello there,
I have currently deployed Splunk in our network using SplunkLightForwarders and one ...
|
1
|
22 months ago... | |
|
Search documentation : where is it (really) ?
In: SplunkGeneral
(Not tagged)
If i remember correctly there is a topic on the lack of documentation about Splunk, but they are improving ...
|
2
|
27 months ago... | |
|
Enterprise license has expired, how to change to free license?
In: SplunkGeneral
(Not tagged)
I guess installing 4.0.5.
|
1
|
28 months ago... | |
|
Newbie question. How do I continue ?
In: SplunkAdministration
(Not tagged)
You could extract values from the log files if it is always the same structure, example:
mode=EAc...
|
1
|
28 months ago... | |
|
Controlling Exported Results Field Order
In: SplunkGeneral
(Not tagged)
No solution but can report I am having the same issues, I have created a saved search for failed logons ...
|
1
|
28 months ago... | |
|
How to use ftp as data input
In: SplunkGeneral
(Not tagged)
Hey csoh,
We do the same here, we have a central ftp server where all the loggings will be placed ...
|
2
|
28 months ago... | |
|
Splunk database
In: SplunkAdministration
(Not tagged)
Just for a little information (sorry if I'm not minding my own business), Splunk can be used for auditing ...
|
13
|
28 months ago... | |
|
Search Operator: OR ??
In: SplunkGeneral
(Not tagged)
Well there is a cheatsheet (http://www.splunk.com/base/images/a/a3/Splunk_4.x_cheatsheet.pdf) this will ...
EventCode=624 OR EventCode=632 will return both error codes EventCode=624 User_Name=Admin will only ... |
4
|
28 months ago... | |
|
Windows 2008 Event Descriptions not displayed
In: SplunkAdministration
(Not tagged)
Thank you ledio!!!
This was really becoming an issue here, thank you for the solution!
anyone? Hi Araitz, Just tried a few things: http://www.splunk.com/support/forum:SplunkAdministration/2886 ... Hmm i tried to search online for it, but somehow cant seem to find anything about this, is this a Splunk ... Somehow i can't see the event descriptions on Splunk from Windows 2008 servers: {{ 10/14/09 03:56:06 ... |
11
|
28 months ago... | |
|
Comparing two files
In: SplunkAdministration
(Not tagged)
Thnx worked like a charm!
Hi araitz, Let me explain the situation, Novell reports all trustees every night in a txt file: "TRUSTEE","SYS:\Icon","LONG","[Root]","RF" "TRUSTEE","SYS:\JAVA","LONG","SRV.AZL","RF" "TRUSTEE","SYS:\LOGIN","LONG","[Public]","RF" I ... Is there a possibility to compare two files? :) Hi there, After trying some time, I was not able to compare two files: {{ | file E:\test\3.log ... |
6
|
29 months ago... | |
|
Changes to active directory
In: SplunkAdministration
(Not tagged)
Check here, Splunk analyses EventCodes, use the encyclopedia to find usefull Windows events:
http...
|
3
|
29 months ago... | |
|
Windows install
In: SplunkAdministration
(Not tagged)
Hi spellanems@state.gov
The Splunk instance knows what the deployment server is trough a configuration ...
|
3
|
29 months ago... | |
|
installing internal certificate for splunkweb ssl
In: SplunkAdministration
(Not tagged)
Yeah, generate a signing certificate without a key installed and copy the certificate to the directory. ...
Your Splunkweb needs to be SSL enabled in the Manager and if so the port to use is still 8000 so: https://yoursplunkinstance.local8000. Hope ... |
4
|
29 months ago... | |
|
Set rolling base on time
In: SplunkAdministration
(Not tagged)
Yeah, that's the same reason I am doing it, we backup every sunday and I want to backup all the data.
I ...
I did it with a scheduled search task trough windows using the manual command: {{ | debug cmd=roll ... |
10
|
29 months ago... | |
|
Reverse name lookup in 4.x.
In: SplunkApplications
(Not tagged)
@gumshoes,
Yes, that did the trick for me
I use the first one, works like a charm in 4.0.3. But i did manually add the app by copying the cod... |
6
|
29 months ago... | |
|
| delete not deleting anything
In: SplunkAdministration
(Not tagged)
Keep in mind that deleting the data will not free any disk space, it just configures Splunk to ignore ...
Your user must have delete powers, check the user properties in the Manager. |
7
|
29 months ago... | |
|
SSL problem between forwarder and receiver
In: SplunkAdministration
(Not tagged)
Just for my thinkingpad, there are 2 ways to do SSL, authentication and encryption. Encryption encrypts ...
Hey mate, Tried it like you said with this config: {{ [tcpout-server:XXXXXXX:9998] sslRootCAPath=C:\Program ... Hi there, I have been strugling for the past days to get the SSL encryption working with my own certificates. ... |
3
|
30 months ago... | |
|
splunk and fortigate firewall / how to fetch data from hardware firewall syslogs
In: SplunkAdministration
(Not tagged)
If Wireshark isn't picking up the UDP traffic then its not being send to the Splunk server.
Perhaps ...
@prinzzardos Same here, i have UDP ports open but Splunk doesn't show it in CLI. Try sniffing ... |
13
|
30 months ago... | |
|
Please tell me "How to use Forwarder and Receiver with SSL"
In: SplunkAdministration
(Not tagged)
Hi mate could you explain me how you created your own keys?
I created a signing request with openSSL ...
|
6
|
30 months ago... |