Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About waJesu
waJesu
Path Finder
Member since:
10-02-2020
12-20-2023
Community Statistics
| Posts | 52 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 2 |
| Member Since | 10-02-2020 |
Activity Feed
- Posted Re: Importing lookup table to Splunk lookup table file editor on Getting Data In. 10-27-2023 06:35 AM
- Posted Re: Importing lookup table to Splunk lookup table file editor on Getting Data In. 10-24-2023 08:36 AM
- Posted Importing lookup table to Splunk lookup table file editor on Getting Data In. 10-23-2023 09:18 AM
- Tagged Importing lookup table to Splunk lookup table file editor on Getting Data In. 10-23-2023 09:18 AM
- Posted Filtering events using a lookup table on Splunk Search. 10-19-2023 12:14 PM
- Tagged Filtering events using a lookup table on Splunk Search. 10-19-2023 12:14 PM
- Posted How do I resolve the error: The lookup file could not be saved on Getting Data In. 10-18-2023 07:49 AM
- Tagged How do I resolve the error: The lookup file could not be saved on Getting Data In. 10-18-2023 07:49 AM
- Tagged How do I resolve the error: The lookup file could not be saved on Getting Data In. 10-18-2023 07:49 AM
- Posted Query that lists systems that are using default passwords. on Getting Data In. 10-13-2023 10:23 AM
- Tagged Query that lists systems that are using default passwords. on Getting Data In. 10-13-2023 10:23 AM
- Tagged Query that lists systems that are using default passwords. on Getting Data In. 10-13-2023 10:23 AM
- Posted Re: Extracting Top Level Domains from events on Splunk Search. 09-22-2023 04:51 AM
- Posted How to extract Top Level Domains from events? on Splunk Search. 09-22-2023 04:43 AM
- Tagged How to extract Top Level Domains from events? on Splunk Search. 09-22-2023 04:43 AM
- Karma Re: How to use Lookup table to analyze events? for ITWhisperer. 09-05-2023 03:51 AM
- Posted Re: How to use Lookup table to analyze events? on Getting Data In. 09-05-2023 03:50 AM
- Posted Re: How to use Lookup table to analyze events? on Getting Data In. 09-01-2023 04:06 AM
- Karma Re: How to use Lookup table to analyze events? for ITWhisperer. 09-01-2023 04:04 AM
- Posted Re: How to use Lookup table to analyze events? on Getting Data In. 08-31-2023 03:56 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-27-2023
06:35 AM
I am not sure why I don't have the import button on my instance.
... View more
10-24-2023
08:36 AM
Hi Giuseppe I already have a lookup table created. My question is if it is possible to import that into the Splunk Lookup file editor and not create a new one from there.
... View more
10-23-2023
09:18 AM
Is it possible to import an already created lookup table into the Splunk lookup file editor without having to create a new one in the editor? If it is possible, how do I do it?
... View more
- Tags:
- Lookup Editor
Labels
- Labels:
-
other
10-19-2023
12:14 PM
How do I use a lookup table to filter events based on a list of known malicious IP addresses (in CIDR format), or to exclude events from known internal IP ranges.
... View more
- Tags:
- Lookup table
Labels
- Labels:
-
lookup
10-18-2023
07:49 AM
I am trying to save a lookup file in the Splunk App for lookup file editing and I get the error: The lookup file could not be saved. How do I resolve this?
... View more
Labels
- Labels:
-
other
10-13-2023
10:23 AM
I am looking for a query that can help me list or audit systems that are using default passwords or any other method you think I can use to audit my environment for default passwords.
... View more
Labels
- Labels:
-
other
09-22-2023
04:51 AM
I tried to use sourcetype=<sourcetypename> |rex field=_raw "(?<TLD>\.\w+?)(?:$|\/)" | table TLD It returned TLDs but included values I think maybe part of IPs e.g. .33, .136, .74 etc.
... View more
09-22-2023
04:43 AM
I need a query that extracts TLDs from events and compares the results with a lookup table with blocklisted TLDs
... View more
- Tags:
- splunk search
- TLD
Labels
- Labels:
-
field extraction
09-01-2023
04:06 AM
It worked. Thank you very much. May you please explain to me what each part of the query does so that next time I can create personal queries of the same kind.
... View more
08-31-2023
03:51 AM
The lookup table has a single field "DNS" with all the blocklisted dns requests e.g. bliss.com, sugar.plux.net etc.. The corresponding field in the events could be dns_queries
... View more
08-30-2023
09:42 AM
I created a lookup table for blacklisted DNS queries. I need a query that uses the lookup table to see if domains in the lookup table are present in events in my environment.
... View more
- Tags:
- Lookup table
Labels
- Labels:
-
blacklist
06-13-2023
03:12 AM
Yes it returns the whole table. What I need now is the query that returns results if any of the contains of the lookup table is present in the logs.
... View more
06-12-2023
08:52 AM
I have created a lookup table for the blocked dns/url. I want to see if there are anywhere in my logs or in my environment. May you help with a query. For example if I have example.net on my lookup table what query can I use that returns all logs with example.net?
... View more
Labels
- Labels:
-
other
06-02-2023
07:52 AM
Good morning. Any new thoughts as to why my results are showing "Missing" only even for devices/servers I know to be reporting? Anything to tweak the query somehow?
... View more
06-02-2023
03:46 AM
Good morning. Any new thoughts as to why my results are showing "Missing" only even for devices/servers I know to be reporting? Anything to tweak the query somehow?
... View more
06-01-2023
08:28 AM
I think it does. We want the query to return devices sending logs as Good, those not reporting as Missing and those missing yet have a heartbeat as Heartbeat. That's what the case function is saying. I am actually surprised I am not getting expected results.
... View more
06-01-2023
06:29 AM
Maybe I am missing something. It's still returning "Missing" for everything.
... View more
06-01-2023
05:47 AM
I am not sure why it's returning "Missing only even on devices that are reporting. Maybe the query needs a tweak?
... View more
06-01-2023
04:10 AM
Thank you. I think you forgot to attach the corrected query.
... View more
05-31-2023
10:02 AM
This is the error I am getting after running the query:
... View more
05-31-2023
05:56 AM
I have two queries I want to merge and I need expert help. The first one returns reporting devices as good and non-reporting devices as missing. The second one returns the missing devices with a heartbeat but not sending logs. Help me come up with one query that would show results for Good, Heartbeat and Missing:
| tstats latest(_time) as latest where index="*" earliest=-5d by host
| eval recent = if(latest > relative_time(now(),"-15m"),"Good","Missing"), realLatest = strftime(latest,"%c")
| tstats latest(_time) as latest where index="_*" earliest=-5d by host
| eval recent = if(latest > relative_time(now(),"-15m"),"Heartbeat","Missing"), realLatest = strftime(latest,"%c")
... View more
- Tags:
- reporting
Labels
- Labels:
-
data
03-20-2023
04:11 AM
@tscroggins Thank you for the assistance. I tried index=main | lookup blocklist.csv Domain as url_domain output suspicious | search suspicious=1 It says "the destination suspicious was not found in the blocklist.csv. My table looks like this: I am not sure where I missed it.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-20-2023
12:15 PM
|
