cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
stuconz
Explorer
Member since: ‎02-20-2019
‎11-01-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 3
Karma Received 2
Member Since ‎02-20-2019
Activity Feed
View All

Re: Show SSL certs due to expire across windows se...

by in Splunk Search
‎11-01-2020 04:55 PM
‎11-01-2020 04:55 PM
thanks again, your solution has worked. It was just the order of things that I got incorrect. New basic search returns number of days before certificate expiry: index=* tag="certificate" ssl_is_valid!=false ssl_subject!="CN=sa*" | dedup ssl_subject | sort +ssl_end_time | table ssl_end_time host ssl_hash ssl_subject | eval ExpiryInDays=round((ssl_end_time-now())/86400) | convert timeformat="%Y/%m/%d" ctime(ssl_end_time) Thanks you and all the best ~Stu ... View more

Re: Show SSL certs due to expire across windows se...

by in Splunk Search
‎10-29-2020 11:59 AM
1 Karma
‎10-29-2020 11:59 AM
1 Karma
Thanks for that info mate. Over the last few days I have tried variations of that type of search (with the exception of the rounding), but while I can get a list of all the certificates that are expiring from the logs (ssl_is_valid), and I can get it to convert the expiry date to human readable (for dashboard), I then am having trouble trying to calculate from that converted epoch date whether or not it falls into the time frame requested...e,g <30 days (-30d@d) ... View more

Show SSL certs due to expire across windows server...

by in Splunk Search
‎10-28-2020 05:48 PM
1 Karma
‎10-28-2020 05:48 PM
1 Karma
I have a CIM compliant log that includes an ssl_end_time which I am having trouble getting splunk to show me only certificates that are due to expire in the next x days. Below is my query. Any suggestions on how I can get the query to show me only certs that are going to expire based on the ssl_end_time, for example, in the next 30 days? index=* tag="certificate" ssl_is_valid!=false ssl_subject!="CN=sa*" | dedup ssl_subject | convert timeformat="%Y/%m/%d" ctime(ssl_end_time) | sort +ssl_end_time | table ssl_start_time ssl_end_time ssl_subject The log I am getting the data from: {timestamp="2020-10-29T04:02:49+13:00" src_host="" transport="" ssl_end_time="1745081196" ssl_engine="" ssl_hash="sha256RSA" ssl_is_valid="False" ssl_issuer="CN=Company Root Certification Authority, DC=company, DC=xx, DC=xx" ssl_serial="0000000000000000" ssl_start_time="04/19/2018 16:36:36" ssl_subject="CN=Company Enterprise Certification Authority, DC=company, DC=xx, DC=xx" ssl_subject_common_name="CN=Company Enterprise Certification Authority, DC=company, DC=xx, DC=xx" store="" logtype="certificate"} thanks for looking ... View more
Labels

Re: appPool name not showing if it has a space in ...

by in Dashboards & Visualizations
‎02-20-2019 02:00 PM
‎02-20-2019 02:00 PM
perfect. thanks for that ... View more

appPool name not showing if it has a space in it

by in Dashboards & Visualizations
‎02-20-2019 11:20 AM
‎02-20-2019 11:20 AM
Hi, I am new to Splunk and I am setting up a dashboard to show when an application pool was last recycled and why. Most of the app pools I am querying have a space in the name (eg, "Process Tracking Service"), so when the query completes, it only shows app pools without a space in the name (eg, "Enrolment"). My query is below: SourceName="Microsoft-Windows-WAS" host="server" | search recycle | rex field=Message "application pool '(? \S*)'" | eval host=upper(host) | eval reason=case(EventCode=5074, "Worker process reached processing time limit", EventCode=5075, "Worker process reached processing request limit", EventCode=5076, "Scheduled recycle", EventCode=5077, "Worker process reached processing virtual memory limit", EventCode=5079, "Manual recycle", EventCode=5080, "Config changes forced recycle", EventCode=5186, "Worker process was shut down due to inactivity") | rename appPool as "App Pool" | table _time host "App Pool" EventCode reason Message | sort by host ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-01-2020 10:09 PM
Karma from
View All
Karma given to
View All