I am getting error "unable to verify SSL certificate" error while AWS / GCP addon is trying to fetch data from AWS / GCP cloud respectively. I need to configure Proxy to access internet from Splunk enterprise servers.
Please let me know how to get it the proxy certificate incorporated into splunk servers.
PS : when I am trying to connect directly to internet without Proxy , I am not facing any issues.
... View more
I see only one difference.
Summary indexes(SI) can be created only based existing reports, whereas we create collect through searches by appending teh command "| collect index=" at the end.
... View more
Yes.. There was some configuration issue when upload on web. Unzipped and copied to apps directory manually and it worked like a charm. I have kept source type as cisco:ios.
... View more
I have installed "Cisco Networks Add-on for Splunk Enterprise" on my splunk enterprise server.
I able to get the data from cisco device on UDP:514 with sourcetype=cisco:ios.
Please help me how to configure this app produce dashboard of that data on this app. Does this app have any default dashboards/reports.
Am not sure if my configuration is wrong or this app/addon itself doesn't have any prebuilt dashboard/reports.
@mikaelbje
Pls help/calrify.
~CKP
... View more
try to map each source (source="udp:514" & source="udp:515") with different index and set the permissions to respective groups. Ensure to update the index field on all the dashboard/reports/alert etc.. on the app.
... View more
your base search | rex "(?[\w\d.-_]+\@[\w\d.-_]+)"
If you feel some other special character would be there on email ID or dmail field, add them along with "\w\d.-_" inside [] in both places
... View more