Questions tagged [splunk]
For questions about Splunk, a software product used for searching, monitoring, and analyzing machine-generated data.
12
questions
1
vote
0
answers
502
views
net.core.netdev_max_backlog - what's the impact when set too HIGH?
I'm working on optimizing and right-sizing my EC2 syslog-ng servers and have some carryover settings in our ansible playbook for kernel settings that were used on "in-house" data center ...
- 11
0
votes
1
answer
398
views
splunk and ansi escape sequences?
Is there any way to have ANSI color output on my logs and also consume them in splunk?
either having splunk show the color (ideal but highly unlikely) or apply a filter on splunk to remove the escape ...
- 123
0
votes
1
answer
9k
views
how do I fix this? Ip contains set host bits?
I am setting up a ubuntu server (ver 22.04) so I can place a universal forwarder for Splunk on it and redirect FortiGate traffic to the SIEM (Splunk).
In total there are 6 virtual machines that i am ...
1
vote
1
answer
501
views
One capture group value becomes the field name for the next capture group
I'm using PCRE2 (PHP >=7.3) in Splunk. I have data that is major delimited by carriage returns/new lines and minor delimited by commas as key/value pairs.
key1="value1",key2="value2&...
- 73
0
votes
0
answers
71
views
How can I merge multiple individual worksheets in an Excel workbook that are in the same format (but different lengths)?
I have an inherited (and sometimes still-updated) workbook with many worksheets (currently 50+).
Each of these tabs has a table in the format of:
segment_name | subsegment | subnet | ipaddress
^^...
- 10.2k
1
vote
1
answer
827
views
WinEventLog for monitoring BitLocker
I am a Newbie to Splunk and working on monitoring the BitLocker process. I wondered if I could leverage any Windows Security logs to check whether the BitLocker was enabled by someone to encrypt files ...
- 11
0
votes
0
answers
161
views
How to prevent malicious use of BitLocker
I was wondering if anyone has thought about a scenario in which BitLocker can be used as ransomware.
For example, if the hacker was granted access to the system, and used BitLocker to encrypt the disk....
- 11
2
votes
2
answers
1k
views
How to query events that happened in a specific order?
Say I have the following events in Splunk (ordered chronologically):
operator=zeroPointModule id=123 action=start
operator=foobar id=123 action=start
operator=zeroPointModule id=123 action=stop
...
- 172
0
votes
1
answer
2k
views
Can't access Splunk Enterprise from Web GUI
I installed Splunk Enterprise 8 splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64.rpm but due to low space, I attach new HDD 50GB and created a partition and mounted it on /opt. Then I moved all the data ...
- 729
0
votes
2
answers
1k
views
Dedup is not working on Splunk
Please see picture below. I inserted dedup for job_duration, but it was not showing in the search result. I only need one result to do visualisation.
0
votes
1
answer
59
views
How can I monitor a process being or arguments of a specific utility in my network?
Adversaries may use InstallUtil to proxy execution of code through a trusted Windows utility. It can also be used to bypass process whitelisting through use of attributes within the binary that ...
1
vote
0
answers
113
views
Is it possible to add blank lines in between results when using Spunk CLI search?
I'm using RHEL 6.10 and using the Splunk CLI to find "transactions" (groups of results together). It is searching for rtvscand log lines.
/opt/splunk/bin/splunk search \
'syslog_source=rtvscand
| ...
- 1,276