Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About pandacai
pandacai
Engager
Member since:
01-15-2020
01-27-2021
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 01-15-2020 |
Activity Feed
- Posted RWI not recogonizing Authentication logs on Splunk Enterprise. 01-27-2021 03:43 AM
- Tagged RWI not recogonizing Authentication logs on Splunk Enterprise. 01-27-2021 03:43 AM
- Posted Splunk Capabilities needed for Lookup Editor? on All Apps and Add-ons. 11-24-2020 04:06 AM
- Posted Re: Lookup Editor: Won't save edits after update to Splunk (Cloud) 8.0. on All Apps and Add-ons. 11-24-2020 04:02 AM
- Posted PaloAlto App zh-CN locale is not working in Splunk Enterprise 8.1 on All Apps and Add-ons. 11-24-2020 02:24 AM
- Karma Re: Getting duplicate data for flle. 06-05-2020 12:50 AM
- Posted Re: Palo Alto App not doing changing sourcetype properly for GlobalProtect log? on All Apps and Add-ons. 04-01-2020 09:21 PM
- Posted Re: Palo Alto App not doing changing sourcetype properly for GlobalProtect log? on All Apps and Add-ons. 03-20-2020 06:17 AM
- Posted Re: Palo Alto App not doing changing sourcetype properly for GlobalProtect log? on All Apps and Add-ons. 03-11-2020 02:53 AM
- Posted Palo Alto App not doing changing sourcetype properly for GlobalProtect log? on All Apps and Add-ons. 02-27-2020 03:13 AM
- Tagged Palo Alto App not doing changing sourcetype properly for GlobalProtect log? on All Apps and Add-ons. 02-27-2020 03:13 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-27-2021
03:43 AM
Hello there:) I'm pulling Azure data via Splunk Add-on for Microsoft Office 365 Microsoft Azure Add-on for Splunk both add-ons are CIM compliant, yet RWI is not able to recognize Azure AD signin logs - would there be anything else need to be configured? Thanks a lot
... View more
- Tags:
- RWI
Labels
- Labels:
-
using Splunk Enterprise
11-24-2020
04:06 AM
After upgrading to Splunk Enterprise 8.1, I seems to be encountering same issue with https://community.splunk.com/t5/All-Apps-and-Add-ons/Lookup-Editor-Won-t-save-edits-after-update-to-Splunk-Cloud-8-0/m-p/505552 Yet adding 'upload_lookup_files' did resolve my issue. Would anyone happens to know capabilities needed for upload/edit/delete the tables?
... View more
Labels
- Labels:
-
troubleshooting
11-24-2020
04:02 AM
I ran into exactly the same problem after upgrading to Enterprise 8.1 this weekend -> and i see adding upload_lookup_files alone is not resolving my problem:( maybe there are other permissions needed?
... View more
11-24-2020
02:24 AM
It seems that even latest PaloAlto APP is failing zh-CN locale under Enterprise 8.1 environment, though it worked well in Enterprise 7.2. Would anyone know how to workaround this bugger? Search head web page hit HTTP 500 completely... Thanks a lot!:)
... View more
Labels
- Labels:
-
troubleshooting
04-01-2020
09:21 PM
thanks a lot your expression also worked perfect:) meanwhile i'm afraid we have to wait for palo alto's decision when to inject a value in serial number field, or they'll change the the app itself as a future solution lol
... View more
03-20-2020
06:17 AM
neither do we have a solution but to follow panguy's suggestion to manually change sourcetypes - not to be the same as on premise logs but unique ones.
Then we have to save a copy of palo alto app and make modifications in locals to fit Cortex sourcing data...
... View more
03-11-2020
02:53 AM
Thank you! Sourcetype got changed successfully, while following up field extraction for logs seemed still be failing...
Since the Palo Alto App is also supporting our on premise firewall logs, maybe it's not wise to go further customization. Would there be any estimated time for Cortex fixing?
... View more
02-27-2020
03:13 AM
For example, i see Regex to change source type from pan:log to pan:threat as,
REGEX = ^[^,]+,[^,]+,[^,]+,THREAT,
However, the exact piece this regex is seeking for in raw data i am receiving is
,2020/02/21 22:09:08,,TRAFFIC,
With two comma in roll the add on is not doing any sourcetype change then...
I am receiving this logs from Cortex, not sure whether it could do something with it?
Thanks a lot
... View more
