Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About fisk12
fisk12
Path Finder
Member since:
11-05-2010
06-05-2020
Community Statistics
| Posts | 41 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 5 |
| Member Since | 11-05-2010 |
Activity Feed
- Got Karma for dc01 and DC01 different host accoring to splunk. 06-05-2020 12:45 AM
- Got Karma for Juniper SA (ive). 06-05-2020 12:45 AM
- Got Karma for Syslog-ng, filter by ip. 06-05-2020 12:45 AM
- Got Karma for deployment-server question. 06-05-2020 12:45 AM
- Got Karma for dhcp linux. 06-05-2020 12:45 AM
- Posted Re: Monitor dhcp log with a app from a deployment server on Deployment Architecture. 10-04-2015 01:01 PM
- Posted Re: Monitor dhcp log with a app from a deployment server on Deployment Architecture. 10-04-2015 11:48 AM
- Posted Monitor dhcp log with a app from a deployment server on Deployment Architecture. 10-04-2015 10:05 AM
- Posted Re: dc01 and DC01 different host accoring to splunk on Getting Data In. 06-01-2011 10:48 AM
- Posted Re: dc01 and DC01 different host accoring to splunk on Getting Data In. 06-01-2011 09:51 AM
- Posted dc01 and DC01 different host accoring to splunk on Getting Data In. 06-01-2011 03:54 AM
- Posted Re: forward from windows machine problem on Getting Data In. 05-30-2011 12:22 PM
- Posted Re: forward from windows machine problem on Getting Data In. 05-25-2011 05:28 AM
- Posted forward from windows machine problem on Getting Data In. 05-25-2011 04:45 AM
- Tagged forward from windows machine problem on Getting Data In. 05-25-2011 04:45 AM
- Posted Why isn't my Universal Forwarder data making it into the Indexer? on Getting Data In. 05-19-2011 01:32 AM
- Posted dhcp linux on All Apps and Add-ons. 05-18-2011 12:33 PM
- Tagged dhcp linux on All Apps and Add-ons. 05-18-2011 12:33 PM
- Posted Re: Search/alert that is ran after work hour on Splunk Search. 05-16-2011 08:26 AM
- Posted Search/alert that is ran after work hour on Splunk Search. 05-16-2011 07:35 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 1 |
10-04-2015
01:01 PM
Yeah, this is from the windows app:
DHCP
[monitor://$WINDIR\System32\DHCP]
disabled = 1
whitelist = DhcpSrvLog*
crcSalt =
sourcetype = DhcpSrvLog
index = windows
... View more
10-04-2015
11:48 AM
Ok!
Do you think my config is looking alright btw?
... View more
10-04-2015
10:05 AM
What is the bare minumum files on a deployment-app?
In this case i want to monitor the dhcp log files on a windows server (i control the client with a deployment-server)
Right now i only have one file in /opt/splunk/etc/deployment-apps/DHCP/local/inputs.conf
[monitor://$WINDIR\System32\DHCP]
disabled = 1
whitelist = DhcpSrvLog*
crcSalt = <SOURCE>
sourcetype = DhcpSrvLog
host = 192.168.1.1:9997
... View more
06-01-2011
10:48 AM
Maybe you are right 🙂
... View more
06-01-2011
09:51 AM
Yeah i guess its not that big of a deal. Is there any place where you can send a bug repport?
Its a bit more strange that the windows host dont show up in the windows app, just the search upp, you see all the WineventLog:Security etc but just in the search app.
... View more
06-01-2011
03:54 AM
1 Karma
For some reason, splunk is showing one host as two, one as DC01 (example) and dc01. Is there any way to merge them?
... View more
- Tags:
- hosts
05-25-2011
05:28 AM
I may have been à bit unclear. The events are being forwarded. They just dont show up in the windows app.
... View more
05-25-2011
04:45 AM
I have installed a universial forwarder on a windows machine and having it send to my splunk machine.
The problem is that on the windows app that i have installed on the splunk server. I cant see any events, in the search app i see it like this for exampel. Running 4.2 on the server.
WinEventLog:System
WinEventLog:Setup
WinEventLog:Security
WinEventLog:Application
Perfmon:Network Interface
Perfmon:Free Disk Space
Perfmon:CPU Load
Perfmon:Available Memory
ActiveDirectory
... View more
- Tags:
- windows
05-19-2011
01:32 AM
I have tried to set up a universialforwarder (first time from cli) and have it monitor some log files (/var/log/dhcpd.log for example)
The packets is being send and recived (checked with tcpdump on both end) but the host in not showing up in the splunk server. What kind of stuff should i start to check on the forwarder/server?
... View more
05-18-2011
12:33 PM
1 Karma
Those of you that use splunk to monitor the dhcdp server (linux) what files should you monitor? and what settings do you use in the dhcpd config files?
... View more
- Tags:
- dhcpd
- Linux DHCP
- unix
05-16-2011
08:26 AM
Hmm, i mean that i want to have a search that is ran every hour (for example, can be every half an hour aswell) between 18 and 08:00, and sending an alert if its true.
... View more
05-16-2011
07:35 AM
Hello
I want to run a search/alert that is run in a certain timespan (for example between 18:00 and 08:00) and then sends a alert.
... View more
04-28-2011
12:42 AM
Splunk Universal Forwarder 4.2.1 (build 98164)
Am i supposed to run the command on the deployer-server or the client?
... View more
04-27-2011
02:18 PM
1 Karma
in this manual http://www.splunk.com/base/Documentation/latest/Deploy/Extendedexampledeployseveralstandardforwarders
they say that i should run this command as part of configuration.
./splunk enable listen 9997 -auth :
when i do it on the machine that is supposed to work as a deployment server i get this error
./splunk enable listen 9997 -auth :
Command error: The subcommand 'listen' is not valid for command 'enable'.
... View more
04-25-2011
02:57 PM
Cool, so basically i just have to set the servers on Net a to send their stuff to "Box A" and then just set "Box A" as a forwarder and send its stuff to box B?
... View more
04-25-2011
01:41 PM
Yeah well im also doing a big part of the firewall stuff myself so i know about that stuff. What i meant was if its working good to have some servers on Net A send their stuff to a smaller splunk server on net A, that server then sends it stuff to the "real" splunk server on net B. With that i only have the static route between the two splunk servers configured, insted of the hole net A- Net B.
... View more
04-25-2011
01:13 PM
Say for example i have a environment that is being split into two different networks (routed through different firewalls) I have my "main" splunk server on one of the network. Is is possible to use one or more splunk instance as "collectors" on the other net and send it to the main splunk server. I rather don't want to set up routing/firewalls opening more then absolutely necessary.
... View more
01-17-2011
06:02 PM
Is the enterprise apps (ess,pci) included in the cost for enterprise, or do you have to buy them additionaly?
... View more
01-16-2011
01:28 PM
1 Karma
Is anyone having splunk monitoring their juniper secure access machines? And if so, can can you tell me some about how you have done it?
... View more
- Tags:
- syslog
01-15-2011
06:27 PM
According to the task manager it takes up around 51 % cpu constantly (and around 128 mb ram). Not around 95% thats splunk show, but still it seems way to much
... View more
01-14-2011
05:00 PM
I have splunk installad as a lightforwarder on a windows 2k8 machine. This search
source=WMI:localprocesses Name!=Total
| rex field=Name "(?<Name>[^#]+)#\d+$"
| eval CPULoad = PercentProcessorTime
| search host="kebab01"
| stats avg(CPULoad) by Name
Shows that splunkds "avg(CPULoad)" is around 95%, that feels quite much, is it normal? Im running the latest version of splunk on the windows machine.
... View more
- Tags:
- cpu
12-21-2010
03:08 PM
Oh that was nice! My goal is to have a seperate dashboard/app (maybe a bit advanced atm) and there i have a list of "weird" event from the infrastructure. Stuff like multiples status=denied from the firewall, weird behaivior from someone browsing our homepage, denies from ssh etc. How do you that that in a smooth way?, maybe create the events and tag them, and have a search for taged events?
... View more
12-21-2010
12:47 PM
Hello
I have begin try to build up splunk to use as an event handler. Ssh seemed to be a good place to start and learn, so im thinking of how to do it. As of now i was planning to create a custom dashboard that prints custom created events in realtime. Im now trying to create a event that search for a couple (3-4) of failed ssh logins on the same host in like 15 minutes.
How do i count the ammount of res=failed in a event that look like this?
index="os" source=/var/log/audit/audit.log res=failed | transaction host maxspan=15m
Also, is this seem like a good idea to you?
... View more
- Tags:
- correlation
