About pkiselevs

pkiselevs · ‎08-30-2022

after adding also Global reader as mention @diogofgm and complete reinstall of addon, logs started to flow. Lets see how stable will be input

pkiselevs · ‎08-12-2022

Go to AZDS "roles and administrator" Find Exchange administrator enter full name of your app registration example: Splunk_siem add to role. This fix error 403, but i did not get any mail log through this method. There is message no mail log returned

pkiselevs · ‎12-11-2018

this helped me. Started with custom admin name and lookups did not worked, than created user "admin" and fixed issue Thanks

pkiselevs · ‎02-05-2018

return Error in 'eval' command: The expression is malformed. return only first row in search, but is very fast Thanks for advice

pkiselevs · ‎02-05-2018

I have added to csv like this nr,group_name,desc 1,("Domain Admins"),super 2,("Domain Users"),standard and quates are in search normalizedSearch litsearch (index= sourcetype="WinEventLog:Security" ("Domain Admins" OR "Domain Users")) | fields keepcolorder=t "" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server" Events returns exactly as from index=* sourcetype="WinEventLog:Security" (("Domain Admins") OR ("Domain Users")) only one moment that search is going long, but for start it is OK. Thank you for advice! Final search looks: index=* sourcetype="WinEventLog:Security" [| inputlookup group_list.csv | return 10 $group_name] CSV nr,group_name,desc 1,("Domain Admins"),super 2,("Domain Users"),standard

pkiselevs · ‎02-04-2018

You show me tip. I have added to csv like this nr,group_name,desc 1,("Domain Admins"),super 2,("Domain Users"),standard and quates are in search normalizedSearch litsearch (index=* sourcetype="WinEventLog:Security" ("Domain Admins" OR "Domain Users")) | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server" Events returns exactly as from index=* sourcetype="WinEventLog:Security" (("Domain Admins") OR ("Domain Users")) only one moment that search is going long, but for start it is OK. Thank you for advice! Final search looks: index=* sourcetype="WinEventLog:Security" [| inputlookup group_list.csv | return 10 $group_name] CSV nr,group_name,desc 1,("Domain Admins"),super 2,("Domain Users"),standard

pkiselevs · ‎02-04-2018

This option does not help, search return no hits. litsearch (index=* sourcetype="WinEventLog:Security" (('Domain Admins') OR ('Domain Users'))) | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server" I think it perform 'Domain AND Admin' search not "Domain Admin"

pkiselevs · ‎02-04-2018

I have some trouble with search from csv list. If in column is two words divided with space, searching done separately for both Example: sourcetype="WinEventLog:Security" ("Domain Admins") - gives correct result litsearch (index=* sourcetype="WinEventLog:Security" "Domain Admins") | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server" if i try to do like this with list sourcetype="WinEventLog:Security" [| inputlookup group_list.csv | return 10 $group_name] normalizedSearch litsearch (index=* sourcetype="WinEventLog:Security" ((Domain Admins) OR (Domain Users))) | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server" group_list.csv group_name Domain Admins Domain Users this search return result where is domain , users, admin found, but not "Domain Admins". Tried adding quotes and delimiters, but this do not help nr,group_name,desc 1,"Domain Admins",super 2,Domain Users,standard

Posts	8
Solutions	1
Karma Given	9
Karma Received	1
Member Since	‎02-02-2018

Online Status	Offline
Date Last Visited	‎03-25-2024 10:34 AM

Search text list from inputlookup ignore quates

Re: Splunk Add-on for Microsoft Office 365 Reporti...

Re: Splunk Add-on for Microsoft Office 365 Reporti...

Re: Why is the Splunk App for Windows Infrastructu...

Re: Search text list from inputlookup ignore quate...

Re: Search text list from inputlookup ignore quate...

Re: Search text list from inputlookup ignore quate...

Re: Search text list from inputlookup ignore quate...

Search text list from inputlookup ignore quates