Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About abdallah_hegazy
abdallah_hegazy
Explorer
Member since:
09-15-2014
06-29-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 0 |
| Member Since | 09-15-2014 |
Activity Feed
- Posted Re: ESET endpoint logs on Getting Data In. 06-29-2020 05:15 AM
- Posted ESET endpoint logs on Getting Data In. 06-28-2020 07:16 AM
- Karma Re: Do we need to install a universal forwarder on our MySQL machine, or only install the Splunk Add-on for MySQL on the indexer and enable DB Connect inputs? for hjauch_splunk. 06-05-2020 12:48 AM
- Karma Re: Which add on app's are free and which require payment for ChrisG. 06-05-2020 12:47 AM
- Karma Re: Is there any way to download the Splunk Buttercup Games online sales data? for ChrisG. 06-05-2020 12:47 AM
- Posted Why am I getting an error that my license has expired or have exceeded license violations? on Getting Data In. 05-10-2016 04:21 AM
- Tagged Why am I getting an error that my license has expired or have exceeded license violations? on Getting Data In. 05-10-2016 04:21 AM
- Tagged Why am I getting an error that my license has expired or have exceeded license violations? on Getting Data In. 05-10-2016 04:21 AM
- Tagged Why am I getting an error that my license has expired or have exceeded license violations? on Getting Data In. 05-10-2016 04:21 AM
- Tagged Why am I getting an error that my license has expired or have exceeded license violations? on Getting Data In. 05-10-2016 04:21 AM
- Tagged Why am I getting an error that my license has expired or have exceeded license violations? on Getting Data In. 05-10-2016 04:21 AM
- Posted Re: Do we need to install a universal forwarder on our MySQL machine, or only install the Splunk Add-on for MySQL on the indexer and enable DB Connect inputs? on All Apps and Add-ons. 04-18-2016 01:50 PM
- Posted Re: Do we need to install a universal forwarder on our MySQL machine, or only install the Splunk Add-on for MySQL on the indexer and enable DB Connect inputs? on All Apps and Add-ons. 04-17-2016 01:18 PM
- Posted Re: Do we need to install a universal forwarder on our MySQL machine, or only install the Splunk Add-on for MySQL on the indexer and enable DB Connect inputs? on All Apps and Add-ons. 04-14-2016 04:11 PM
- Posted Do we need to install a universal forwarder on our MySQL machine, or only install the Splunk Add-on for MySQL on the indexer and enable DB Connect inputs? on All Apps and Add-ons. 04-14-2016 06:14 AM
- Tagged Do we need to install a universal forwarder on our MySQL machine, or only install the Splunk Add-on for MySQL on the indexer and enable DB Connect inputs? on All Apps and Add-ons. 04-14-2016 06:14 AM
- Tagged Do we need to install a universal forwarder on our MySQL machine, or only install the Splunk Add-on for MySQL on the indexer and enable DB Connect inputs? on All Apps and Add-ons. 04-14-2016 06:14 AM
- Tagged Do we need to install a universal forwarder on our MySQL machine, or only install the Splunk Add-on for MySQL on the indexer and enable DB Connect inputs? on All Apps and Add-ons. 04-14-2016 06:14 AM
- Tagged Do we need to install a universal forwarder on our MySQL machine, or only install the Splunk Add-on for MySQL on the indexer and enable DB Connect inputs? on All Apps and Add-ons. 04-14-2016 06:14 AM
- Tagged Do we need to install a universal forwarder on our MySQL machine, or only install the Splunk Add-on for MySQL on the indexer and enable DB Connect inputs? on All Apps and Add-ons. 04-14-2016 06:14 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
06-29-2020
05:15 AM
@richgalloway thanks for your swift response .. in the meantime , i changed the logs format from the server to leef and and made extraction at index time rather than search time using propos.conf and transforms.conf
... View more
06-28-2020
07:16 AM
Hi , i am currently integrating logs from ESET endpoint security server , we have configured ESET to send logs in JSON format , but will i have applied _json sourcetype to the logs , it didn't parse correctly .. Any ideas ? <12>1 2020-06-28T13:13:25.32Z eset-esmc ERAServer 1319 - - {"event_type":"EnterpriseInspectorAlert_Event","ipv4":"4.5.6.7","hostname":"desktop123","source_uuid":"b851c1bc-0b62-4ca8-888c-c004e0d002f2","occured":"28-Jun-2020 13:09:06","severity":"Warning","processname":"%PROGRAMFILES(X86)%\\google\\update\\googleupdate.exe","username":"nt authority\\system","rulename":"Potential credential dumping - Generic [F0436a]","count":1,"hash":"842AE39880C3C0BC501007B42949950C3D3B7ED3","eiconsolelink":"https://EABC:443/console/detection/29"}
<14>1 2020-06-28T12:58:55.306Z eset-esmc ERAServer 1319 - - {"event_type":"Audit_Event","ipv4":"1.2.3.4","hostname":"eset","source_uuid":"4b643875-9b90-41b7-a046-cc30f6a331d3","occured":"28-Jun-2020 12:58:55","severity":"Information","domain":"Native user","action":"Logout","target":"Administrator","detail":"Logging out native user 'Administrator'.","user":"Administrator","result":"Success"} Thanks .
... View more
- Tags:
- eset
Labels
- Labels:
-
JSON
05-10-2016
04:21 AM
Hi 🙂
Dears, I am using Splunk 6.4 as a heavy forwarder which send its logs to an indexer (6.3) .
Heavy forwarder has MySQL add-on installed on it. While trying to search indexed data, I got the error below that my license expired or has been violated, despite still having not indexed any data or expiration date hasn't come!
please advise ?
Thanks
... View more
04-18-2016
01:50 PM
my deployment is simple , so i don't have a search head .
i will install MySQL addon on a heavy forwarder , but what about DB connect installed on my indexer ?
... View more
04-17-2016
01:18 PM
@ hjauch
So the architecture shall be as following :
- heavy forwarder on MYSQL server with Splunk MySQL add-on installed on it .
- DB Coonect on the indexer ( Right ?)
... View more
04-14-2016
04:11 PM
Thanks Hjauch , i agree with you .
so i need to install a heavy forwarder and install mysql addon on it .
... View more
04-14-2016
06:14 AM
Hi 🙂
I have read Splunk MySql docs, but I have a question:
Do we have to install a universal forwarder on the MySQL machine to get MySQL general and error logs? or just only install add-on on the indexer and enable DB Connect inputs?
Thanks
... View more
04-03-2016
12:51 PM
@ woodcock Thanks a lot for your kind support 🙂
i will check and follow up soon . Thanks
... View more
04-03-2016
02:40 AM
Hi 🙂
we have McAfee Solidifier (software for real-time change monitoring to software code and servers configuration ) .
Solidifier is installed on users PC's ,but unfortunately users with administrative privileges can stop Solidifier services and hence stop monitoring !!
Using Splunk , we are monitoring McAfee Solidifier service status if it's running or stopped but
when user's PC is going to halt ( shutdown) , windows system will generate a message that McAfee Solidifier service has stopped then another message that system will shutdown .
like this :
Message=The McAfee Solidifier service entered the stopped state.
Then :
Message=The operating system is shutting down at system time 2016-03-30T13:15:00.728125000Z.
i need to get alert only when Solidifier service is stopped but no shutdown event is generated after it (as in normal shutdown process )
i used this query but it's not working as expected :
index="*" EventType=4 | transaction ComputerName startswith="The McAfee Solidifier service entered the stopped state" endswith=search(body!="The operating system is shutting"* ) maxpause=60s
kindly find log events sample below :
04:14:56 PM
LogName=System
SourceName=Microsoft-Windows-Service Control Manager
EventCode=7036
EventType=4
Type=Information
ComputerName=QC2
TaskCategory=The operation completed successfully.
OpCode=The operation completed successfully.
RecordNumber=408853
Keywords=Classic
Message=The McAfee Solidifier service entered the stopped state.
04:15:00 PM
LogName=System
SourceName=Microsoft-Windows-Kernel-General
EventCode=13
EventType=4
Type=Information
ComputerName=QC2
TaskCategory=None
OpCode=Info
RecordNumber=408854
Keywords=None
Message=The operating system is shutting down at system time 2016-03-30T13:15:00.728125000Z
Thanks .
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-29-2020
08:36 AM
|
