Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About joshk2005
joshk2005
Explorer
Member since:
10-30-2014
06-15-2021
Community Statistics
| Posts | 14 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 1 |
| Member Since | 10-30-2014 |
Activity Feed
- Karma Re: After installing the Template for Citrix XenApp app, why are all searches now reporting errors of looking for a "farmHosts" file that doesn't exist? for jconger. 06-05-2020 12:47 AM
- Karma Re: Why am I not seeing any events in Splunk after creating a WinEventLog stanza in inputs.conf? for javiergn. 06-05-2020 12:47 AM
- Got Karma for Does anyone have a group of security audits already in place and can make recommendations on using Splunk to monitor Active Directory?. 06-05-2020 12:47 AM
- Posted Re: Why am I not seeing any events in Splunk after creating a WinEventLog stanza in inputs.conf? on Getting Data In. 02-01-2016 06:58 AM
- Posted Why am I not seeing any events in Splunk after creating a WinEventLog stanza in inputs.conf? on Getting Data In. 02-01-2016 05:21 AM
- Tagged Why am I not seeing any events in Splunk after creating a WinEventLog stanza in inputs.conf? on Getting Data In. 02-01-2016 05:21 AM
- Tagged Why am I not seeing any events in Splunk after creating a WinEventLog stanza in inputs.conf? on Getting Data In. 02-01-2016 05:21 AM
- Tagged Why am I not seeing any events in Splunk after creating a WinEventLog stanza in inputs.conf? on Getting Data In. 02-01-2016 05:21 AM
- Tagged Why am I not seeing any events in Splunk after creating a WinEventLog stanza in inputs.conf? on Getting Data In. 02-01-2016 05:21 AM
- Posted Re: Template for Citrix XenApp: What is the best way to capture user and session data in a read-only only Citrix environment? on All Apps and Add-ons. 09-16-2015 09:01 AM
- Posted Template for Citrix XenApp: What is the best way to capture user and session data in a read-only only Citrix environment? on All Apps and Add-ons. 09-16-2015 07:49 AM
- Tagged Template for Citrix XenApp: What is the best way to capture user and session data in a read-only only Citrix environment? on All Apps and Add-ons. 09-16-2015 07:49 AM
- Posted Re: After installing the Template for Citrix XenApp app, why are all searches now reporting errors of looking for a "farmHosts" file that doesn't exist? on All Apps and Add-ons. 08-31-2015 05:22 AM
- Posted Re: After installing the Template for Citrix XenApp app, why are all searches now reporting errors of looking for a "farmHosts" file that doesn't exist? on All Apps and Add-ons. 08-28-2015 11:47 AM
- Posted After installing the Template for Citrix XenApp app, why are all searches now reporting errors of looking for a "farmHosts" file that doesn't exist? on All Apps and Add-ons. 08-28-2015 07:28 AM
- Tagged After installing the Template for Citrix XenApp app, why are all searches now reporting errors of looking for a "farmHosts" file that doesn't exist? on All Apps and Add-ons. 08-28-2015 07:28 AM
- Tagged After installing the Template for Citrix XenApp app, why are all searches now reporting errors of looking for a "farmHosts" file that doesn't exist? on All Apps and Add-ons. 08-28-2015 07:28 AM
- Posted Re: How to set up an alert when a host doesn't phone home at a threshold on Alerting. 03-13-2015 05:12 AM
- Posted How to set up an alert when a host doesn't phone home at a threshold on Alerting. 03-12-2015 05:22 AM
- Tagged How to set up an alert when a host doesn't phone home at a threshold on Alerting. 03-12-2015 05:22 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 |
02-01-2016
06:58 AM
That is perfect and did the job exactly as I would expect. Thank you!
... View more
02-01-2016
05:21 AM
We have an application that imports its events into the Windows Event Log, and I am trying to forward those into Splunk. I've created the inputs.conf for the log [WinEventLog://RightFax]. The events are not showing up in Splunk. What more do I have to configure to start seeing these specific events?
... View more
09-16-2015
09:01 AM
The issue is that the servers themselves are read-only, not the account access. They use provisioning to deploy the app servers, creating a master then spinning the read-only servers from there. We have 100's of those servers deployed. Wasn't sure if anyone else had deployed widely in a large Citrix environment like that.
... View more
09-16-2015
07:49 AM
I have installed the Template app, and have information coming in from the ZDC, XML, and licensing servers. The issue I have revolves around capturing user and session data. Our Citrix environment from a session server standpoint is almost entirely read-only. What is the best way to capture information in this case, if it is even possible?
... View more
08-31-2015
05:22 AM
I found the source of the issue. The "lookup_host_farm.csv" was actually named "lookup_host_farm_staging.csv" and I'm not sure why the difference. When I looked in the props.conf of course I saw the references but it was actually in the transforms.conf where it was pointing to "lookup_host_farm.csv". Once I changed the name I no longer received the errors.
... View more
08-28-2015
11:47 AM
We upgraded from the legacy Splunk for Citrix XenApp and obviously replaced it with Templates for Citrix XenApp. Was there a change in the TAs from one to the other? Just not sure why I couldn't drop in the upgrade and have things work better. I've had to modify some of the sources for the searches to work in some cases, including the manual build/rebuild. Even after doing that I had still gotten the error messages when running searches (from all apps not just Citrix apps) that it couldn't find "farmHosts" even though there is a file named "lookup_host_farm.csv".
... View more
08-28-2015
07:28 AM
I installed the Template for Citrix XenApp app yesterday and have a few immediate issues. The first thing is that now all of my searches, regardless of what app, were looking for a "farmHosts" file that doesn't exist and spitting out a mess of errors during the searches. I had to comment out most of the props.conf file to resolve the issues, specifically:
[WMI:Services]
REPORT-DisplayName = extra_service_display_name
LOOKUP-WMI:Services Host Farm Lookup = farmHosts host AS host OUTPUTNEW FarmName AS FarmName
LOOKUP-WMI:Services Service Group Lookup = serviceGroups Name as Name OUTPUTNEW ServiceGroup AS ServiceGroup
[(?::){0}PerfmonMk:*]
LOOKUP-PerfmonMK Host Farm Lookup = farmHosts host AS host OUTPUTNEW FarmName AS FarmName
[(?::){0}WinEventLog:*]
LOOKUP-WinEventLog Host Farm Lookup = farmHosts host AS host OUTPUTNEW FarmName AS FarmName
[(?::){0}xenapp:*:installedsoftware]
LOOKUP-Installed Software Host Farm Lookup = farmHosts host AS host OUTPUTNEW FarmName AS FarmName
Can anyone give me some insight on this "farmHosts" that it is trying to reference that seems to not exist?
... View more
03-13-2015
05:12 AM
That is great! Definitely answers the question of what to alert off of. The other part of the question though is a search to find the phonehome time of specific hosts, or any hosts in general. At this point I'm basically starting from scratch on this functionality. I've found a phonehome search but it doesn't distinguish the actual hosts, just when the deployment server/indexers get phonehome'd to.
... View more
03-12-2015
05:22 AM
I understand how to actually set up an alert, but I'm having trouble figuring out how to format a search to alert off of. Basically I want to set up an alert for when our important clients fail to phone home after X amount of time, such as our domain controllers. Anyone give me a hand? We are using Splunk 6.1.
... View more
02-24-2015
04:52 AM
We are currently running Splunk 6.1. We have pooled search heads, dual indexers, a deployment server, syslog server, and a wmi forwarder.
So for #1, by logging into the forwarder I can see how each individual forwarder is set up remotely? That is extremely helpful.
2, One of the questions that has come up is that we want to begin adding more forwarders in our environment, but trying to determine what we already have coming in and even how to add them, it seems via the GUI in Splunk I cannot configure them. As I understand it we actually have to modify the server.conf file directly to configure on the receiving end.
... View more
02-23-2015
07:07 AM
Recently I've been handed the administration of the Splunk application as the person who had architect and deployed our installation left the company. I understand and am functional when searching, dashboards, etc, but when it comes to forwarder configuration and understanding what data is coming in I'm slightly lost. Basically I have two main questions:
1. How do I determine how a forwarder is configured on a unit that is already deployed.
2. How can I understand what data is coming in? It is felt that we are using more of our license than we have expected and want to tone back some of the data that is being captured, but first we need to understand where it is coming from.
Our installation is mostly on Linux, which does nothing to help my understanding, but we are monitoring an almost entirely Windows environment.
If anyone can point me to some good documentation that may answer these questions I would appreciate it.
Also having trouble with the Splunk-On-Splunk application, when I try to access it it tells me to install sideview utils, which are already installed.
... View more
01-19-2015
05:33 AM
We sporadically have had issues where the forwarder service stops working due to the need to clear locks on the client. Is there a good search string that we could use to alert off of when specific forwarders stop working? We are specifically looking to ensure that our domain controllers do not stop forwarding data (for long) due to the forwarder service not running.
... View more
01-14-2015
11:00 AM
We are defining some of our patching requirements for servers that don't have patch definitions and am looking for information on patch recommendations for both Windows Server 2008 R2 and RHEL 6. Just want to make sure we can fully patch without issues or if there are known patch issues.
... View more
I have just been handed the Splunk application for our organization. I've been asked to work with our security team to create some audit ability that can monitor changes to sensitive groups, changes to privileged accounts, changes to GPO's, all servers accessed by specific user in last x days, all changes that a given user has made in AD in x days, etc. We are still defining what we want audited with Splunk, but I just wondered if anyone have a group of security audits already in place that can make some recommendations.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-15-2021
08:26 AM
|
