Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About kymenope
kymenope
Explorer
Member since:
08-16-2022
2 weeks ago
Community Statistics
| Posts | 11 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 08-16-2022 |
Activity Feed
- Posted Trouble Blacklisting Event Codes on Getting Data In. 2 weeks ago
- Posted Re: Monitoring a filepath effectively on Monitoring Splunk. 07-07-2023 02:49 PM
- Posted How can I monitor a filepath effectively? on Monitoring Splunk. 07-07-2023 11:03 AM
- Posted Re: Seeking assistance on configuring the indexer for Linux Logs on Getting Data In. 03-22-2023 07:09 AM
- Posted Re: Seeking assistance on configuring the indexer for Linux Logs on Getting Data In. 03-21-2023 11:52 AM
- Posted How to configure the indexer for Linux Logs? on Getting Data In. 03-21-2023 09:34 AM
- Posted Looking for solutions for Linux/Unix Auditing? on Getting Data In. 03-14-2023 08:50 AM
- Posted Which add-ons to have full visibility over my virtual envirnoment? on Installation. 01-05-2023 12:54 PM
- Tagged Which add-ons to have full visibility over my virtual envirnoment? on Installation. 01-05-2023 12:54 PM
- Got Karma for Are .p12 and .pfx files required to use Splunk after initial install?. 12-20-2022 12:37 PM
- Posted Re: Are .p12 and .pfx files required to use Splunk after initial install? on Installation. 12-19-2022 08:13 AM
- Posted Are .p12 and .pfx files required to use Splunk after initial install? on Installation. 12-16-2022 12:21 PM
- Posted How to build a query to audit file access on specific files? on Splunk Search. 08-16-2022 08:24 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
2 weeks ago
My inputs.conf from the deployment server (confirmed that it is being pushed to all hosts correctly):
{WinEventLog://Security}
index = wineventlog
sourcetype = WinEventLog:Security
disabled = 0
whitelist = EventCode="0-6000"
blacklist = EventCode="1,2,3,4,"
Substituted other values for the blacklisted ones. Despite being explicitly disallowed all host forwarders are still collecting and forwarding these events to the indexer. Am I misconfiguring this?
... View more
Labels
- Labels:
-
universal forwarder
07-07-2023
02:49 PM
once I enable the data input I am unable to use Splunk whatsoever due to this ingestion latency. I have assigned the inputs a sourcetype but querying for said search type always returns no results.
... View more
07-07-2023
11:03 AM
I have been attempting to add a file path in data inputs as well as in the inputs.conf file as a "monitor". Each time I implement this Splunk ingestion latency spikes to over 300ms and the service becomes effectively unusable.
My intention is to monitor file additions, deletions, and modifications within a specific filepath.
Any ideas?
... View more
Labels
- Labels:
-
indexing performance
03-22-2023
07:09 AM
There are several user's who use the search head but I'm the only one making configuration changes to the indexer. As it stands I can see tons of data but am having trouble pulling very specific fields such as filepath, filename, or the names of objects affected by user modification. I'll take a look at auditd and see what I can find. Thanks
... View more
03-21-2023
11:52 AM
That is exactly what I am referencing. In the inputs.conf I am monitoring several /var/log locations on my linux indexer but am still not seeing the results I am hoping to see.
... View more
03-21-2023
09:34 AM
I am attempting to audit the usage of commands such as chown or chomod on my linux environment. Through the below query I am able to see the list of user's, hosts, and the commands that were run but not the files or directories that they were run on. There are no fields in the event viewer that show filepaths or directories of any kind.
index=myindex comm="chmod" | table date , host , AUID , comm , exe , source
Any assistance would be appreciated. Pretty new to Splunk
... View more
- Tags:
- linux logs
Labels
- Labels:
-
Linux
-
universal forwarder
03-14-2023
08:50 AM
Fairly new Splunk user here looking for Linux auditing solutions. I am running a disconnected version of Splunk Enterprise and thus cannot make use of the content pack which replaced the application and add-on according to SplunkBase.
Am I still able to use the archived applications and add-on?
Realistically I am seeking a solution that would allow me to configure the universal forwarders I'm using to send the appropriate data so I can create queries via the linux_secure sourcetype.
... View more
Labels
- Labels:
-
Linux
01-05-2023
12:54 PM
New to Splunk. The addons for VMware and other virtual products seem to be components which were once collective packages. There are 30+ options which perform seperate functions. Which are necessary to have a general overview of my environment and which ones are still receiving support? I'm just overwhelmed by the amount of options and I'm not sure which ones are applicable.
... View more
- Tags:
- add-on
Labels
- Labels:
-
add-on
12-19-2022
08:13 AM
@gcusellooperating system is windows and the files are located in the auth file of the Splunk forwarder.
... View more
12-16-2022
12:21 PM
1 Karma
Are .p12 and .pfx files required to use Splunk after initial install?
... View more
Labels
- Labels:
-
Windows
08-16-2022
08:24 AM
New to Splunk. Have been tasked with finding a query to audit access to specific files. Any ideas?
... View more
Labels
- Labels:
-
other
