cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ggouillart
Explorer
Member since: ‎11-22-2018
‎02-09-2021
Community Statistics
Posts 5
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎11-22-2018
Activity Feed
View All

Re: One of our users dashboard has disappeared.

by in Dashboards & Visualizations
‎08-21-2019 01:00 AM
‎08-21-2019 01:00 AM
The folders are empty, it must have been erased. Is there any way I can prove to that user that it was removed? I can't seem to find the log. Is my command above correct? Best regards ... View more

One of our users dashboard has disappeared.

by in Dashboards & Visualizations
‎08-20-2019 06:38 AM
‎08-20-2019 06:38 AM
One of the users recently edited a dashboard to change permissions and since then she cannot see it. I've tried the following commands index=_internal sourcetype=splunkd_ui_access editxml OR edit method=post ui/views/ OR method=delete ui/views/ | rex field=referer "/(?<edit_type>editx?m?l?)(\?|$)" | rex field=other "\s*?\-\s*(?<sessionId>[\S]+)\s*" | table _time user clientip sessionId edit_type file useragent | rename file as dashboard On the App, there is nothing on the local folder, only the default dashboard are on the default folder (/splunk/etc/apps/TA-WALLIX_Bastion/default/data/ui/views/) Is there a local folder containing the dashboards of each user? Something must've happened to the dashboard (i've only seen an edit action). Thaks for your help ... View more

Re: Blacklist question

by in Getting Data In
‎08-07-2019 06:08 AM
‎08-07-2019 06:08 AM
Should these settings be made on the universal forwarder or on the indexer? Would these logs considered as indexed? The main point is to lower the daily indexation volume. Thanks for you answer ... View more

Blacklist question

by in Getting Data In
‎08-06-2019 06:56 AM
‎08-06-2019 06:56 AM
Dear all, I would like to blacklist the INFO logs from multiple sources. I have a log that looks like this: Aug 6 15:52:12 SERVERNAMEvpxd[2568] 2019-08-06T15:52:12.394+02:00 info vpxd[7FE257707700] [Originator@6876 sub=vpxLro opID=69ff7094-a352-4198-8d64-745913c1a13c-3376170-ngc-89] [VpxLRO] -- BEGIN lro-1471645 -- ChangeLogCollector -- vim.cdc.ChangeLogCollector.waitForChanges -- 5274327a-9694-a5a6-e539-3c4d97209e25(52f849af-3efe-84e0-c365-6c2a1d5e0cec) I want to blacklist every log that contains "INFO " or "info " (contains a space after info or INFO). My blacklist for each source is blacklist2 = "INFO " (or blacklist5 etc). So far it did not work. I've checked some of the questions and the doc and can't find the answer. Anyone has the answer? By the way, this field is not parsed correctly. When I try to look for the logs without INFO I search index=nameoftheindex NOT "INFO " Thanks in advance for your help. Best regards, ... View more

Do roles only inherit capabilities or also indexes...

by in Security
‎07-15-2019 05:05 AM
‎07-15-2019 05:05 AM
Dear all, I have two roles set for admins, "role A" that should allow all indexes to be searched, and the second (role B) that has the same capabilities except that a user for role B can't look a the proxy indexes. Role B inherits from role A. Does this mean that role B can access the exact same indexes as Role A? Thanks in advance for your help ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-09-2021 03:44 PM
Karma given to