sourcetype=access_* status>=400 | head 20 | iplocation clientip | table clientip, status, City, Country|where Country !="United States"
Splunk has a builtin iplocation that works great.
... View more
How does telling someone to google search something provide benefit? So I should just post 100 times about searching google for the answer and that is acceptable? Downvoting an answer because it provides no useful information so that others do not waste their time should be acceptable. Otherwise this is just a post for people trying to get karma on the site.
... View more
I did change to keys but I have had the same config working without keys as well.
did you install M2Crypto and loggerglue?
What version of linux are you installing this on?
... View more
I run mine with.
sudo nohup /etc/incapsula/logs/config/LogsDownloader.py &
then I tail the nohup.out and see what it is currently doing.
it works fairly quick so if you look in your process dir you should see log files there to ingest into splunk.
... View more
Where do you have your PROCESS_DIR in Settings.Config?
I have mine going to
PROCESS_DIR=/tmp/processed/
Make sure that you are running it as a user with access to the directory. I created the directory since the script seems to have troubles creating directories for the python script to push to.
... View more
I downvoted this post because not really a helpful answer more degrading than anything. person could have recommended a good tool rather than being a tool.
... View more