The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by kholleran

Topics 1–15 of 15

Topic	Author	Replies	Latest Post
Alert not Emailing In: SplunkAdministration (Not tagged) Hello, I have an SMTP server that is unauthenticated. I have the server IP set up in Splunk Manager. ...	kholleran Posts	–	19 months ago...
Alert based on subset of search In: SplunkSearchAndAlert (Not tagged) Hello, I am running a search that returns all the failed logins across all servers that occurred ...	kholleran Posts	1	19 months ago...
Create new Field and Assign existing field in transforms.conf In: SplunkGeneral (Not tagged) Thanks very much! I think this is what I am after! Hello, I am running into an issue where I want to report on the number of logins by server and user. ...	kholleran Posts	2	19 months ago...
Search Help: Syslog and Matching Security Event Log In: SplunkSearchAndAlert (Not tagged) Hello, I am hoping to be able to right a search that does the following: searches syslog data ...	kholleran Posts	–	19 months ago...
Nessus v1 Scan In: SplunkAdministration (Not tagged) Sounds good! Good luck! I am using the CLI for some scheduled scans, and since the CLI is deprecated, ... Hello, Does anyone know or have you implemented a parser to parse Nessus V1 report files for indexing ...	kholleran Posts	2	19 months ago...
List of Splunk logins In: SplunkAdministration (Not tagged) Hello, I am generating a list of Splunk logins with: index=_audit action="login attempt" info="succeeded" but ...	kholleran Posts	–	20 months ago...
Searching WIndows Eventlog Data In: SplunkSearchAndAlert (Not tagged) Hello, I have a two-part question. First, is it possible to glean privelege level from the Windows ...	kholleran Posts	–	20 months ago...
Search Help In: SplunkGeneral (Not tagged) I am relatively new to Splunk and need help with the search lingo. What I want to do is return results ...	kholleran Posts	2	20 months ago...
DeploymentServer/Client In: SplunkAdministration (Not tagged) I also logged into the web interface on the forwarder and checked out the Deployment Client section, ... Hello, I have a remote forwarder Server1 and my central Splunk server, Server2. Server2 has the ...	kholleran Posts	1	21 months ago...
PDF Server In: SplunkApplications (Not tagged) Hello, I have a central splunk server, a splunk server specifically for the PDF Server application, ...	kholleran Posts	1	21 months ago...
Parse Windows Event log In: SplunkGeneral (Not tagged) Thanks for the tip. I will check this out. Figured out! Didn't realize it did not care about this in Light Forwarder. Changed to regular Forwarder ... Further testing shows that when I do this, I am also still getting everything (instead of nothin): Props.conf [source::WinEventLog:Security] TRANSFORMS-null= ... Actually I did not get what I wanted. The above regex matches in the search but when I put it in my ... I got what I needed with: regex Message=".\bLogon\s+Type:\s+(3\|5)." to isolate Logon Types 3 ... Hello, I need to parse out the message field in a windows event log. For example: Message=Successful ...	kholleran Posts	6	21 months ago...
Lookup Tables In: SplunkAdministration (Not tagged) Hello, I am new to Splunk and have a question about lookup tables. What is the purpose of these? ...	kholleran Posts	1	23 months ago...
Searching Windows Event Log In: SplunkSearchAndAlert (Not tagged) Hello, I need to search windows security event logs and create a report based on the number of privileged ...	kholleran Posts	–	23 months ago...
Host Substitution In: SplunkAdministration (Not tagged) You are officially my hero for the day... Thanks! Thank you very much for the response. I made that change and it does not seem to have changed the assignment ... Hello, I have a host substitution set up within transforms.conf & props.conf tranforms.conf [transform_Host_IP] DEST_KEY ...	kholleran Posts	4	23 months ago...
Pointing Splunk to a SQL Server In: SplunkAdministration (Not tagged) Hi, We are attempting to evaluate the 30 day trial version of Splunk to see if we can deploy it in ...	kholleran Posts	1	44 months ago...

Forums: Posted by kholleran

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Videos

Download