About ckp123

ckp123 · ‎03-28-2022

I am getting error "unable to verify SSL certificate" error while AWS / GCP addon is trying to fetch data from AWS / GCP cloud respectively. I need to configure Proxy to access internet from Splunk enterprise servers. Please let me know how to get it the proxy certificate incorporated into splunk servers. PS : when I am trying to connect directly to internet without Proxy , I am not facing any issues.

ckp123 · ‎09-29-2021

can you try | transpose 0 header_field=msg | sort -send | transpose 0 header_field=msg

ckp123 · ‎09-09-2020

You can try <your search> | search NOT EventCode IN (1234, 2345, 3456, 4567, 5678, 6789, 7890) Hope this help. @jundai

ckp123 · ‎03-03-2020

Please refer below link. It may help. https://answers.splunk.com/answers/518247/how-to-resolve-unable-to-initialize-modular-input.html

ckp123 · ‎11-25-2019

As simple replace would do this job. | replace "," with ", " in john PS : As per my understood on the requirement

ckp123 · ‎11-01-2019

I see only one difference. Summary indexes(SI) can be created only based existing reports, whereas we create collect through searches by appending teh command "| collect index=" at the end.

ckp123 · ‎04-15-2019

Yes.. There was some configuration issue when upload on web. Unzipped and copied to apps directory manually and it worked like a charm. I have kept source type as cisco:ios.

ckp123 · ‎04-09-2019

App is also there. Attaching the snap for your reference. Am I missing any others step apart from mentioned steps.

ckp123 · ‎04-09-2019

App is also there. Attaching the snap for your reference. Am I missing any others step apart from mentioned steps.

ckp123 · ‎04-09-2019

I have installed "Cisco Networks Add-on for Splunk Enterprise" on my splunk enterprise server. I able to get the data from cisco device on UDP:514 with sourcetype=cisco:ios. Please help me how to configure this app produce dashboard of that data on this app. Does this app have any default dashboards/reports. Am not sure if my configuration is wrong or this app/addon itself doesn't have any prebuilt dashboard/reports. @mikaelbje Pls help/calrify. ~CKP

ckp123 · ‎04-08-2019

try to map each source (source="udp:514" & source="udp:515") with different index and set the permissions to respective groups. Ensure to update the index field on all the dashboard/reports/alert etc.. on the app.

ckp123 · ‎04-02-2019

your base search | rex "(?[\w\d.-_]+\@[\w\d.-_]+)" If you feel some other special character would be there on email ID or dmail field, add them along with "\w\d.-_" inside [] in both places

Posts	12
Solutions	1
Karma Given	4
Karma Received	4
Member Since	‎10-31-2018

Online Status	Offline
Date Last Visited	‎03-22-2023 01:21 AM

How to integrate Proxy certificate into Splunk Pyt...

How to configure "Cisco Networks Add-on for Splunk...

How to integrate Proxy certificate into Splunk Pyt...

Re: How to sort a chart horizontally by a field fr...

Re: How to exclude a list of values for a field?

Re: Unable to initialize modular input "server" de...

Re: Use of tokenizer option with makemv

Re: si versus collect

Re: How to configure "Cisco Networks Add-on for Sp...

Re: How to configure "Cisco Networks Add-on for Sp...

Re: How to configure "Cisco Networks Add-on for Sp...

How to configure "Cisco Networks Add-on for Splunk...

Re: In the Cisco Networks App for Splunk Enterpris...

Re: How to generate a regular expression to extrac...