cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
WollyCGN
Explorer
Member since: ‎02-16-2022
‎12-05-2022
Community Statistics
Posts 4
Solutions 1
Karma Given 0
Karma Received 1
Member Since ‎02-16-2022
Activity Feed
View All

Is anyone using TA-Tomato successfully or other ro...

by in All Apps and Add-ons
‎02-17-2022 08:57 AM
‎02-17-2022 08:57 AM
Hi everyone, I'm new to Splunk and I try to analyse my router (dd-wrt) syslog. So I installed Splunkon ubuntu and, SA-CIM and TA-Tomato (btw. what means SA- and TA- ?). I found that most of the dashboards are showing nothing or very less information. I don't know what else to do to get more than 'no data found'. Mainly I want to analysing incomming attacks, vpn connections and other. Is someone using TA-Tomato or anything else? ... View more
Labels

Re: Configuring TA: Why is Tomato change index not...

by in All Apps and Add-ons
‎02-17-2022 08:38 AM
1 Karma
‎02-17-2022 08:38 AM
1 Karma
found a solution by myself I've added this into the /system/local/inputs.conf [udp://192.168.0.1:514] sourcetype = tomato index = tomato ... View more

Re: TA-Tomato (DD-WRT compatible): Why am I unable...

by in All Apps and Add-ons
‎02-16-2022 05:48 AM
‎02-16-2022 05:48 AM
Good point, but there is no section 'macro' in settings! ... View more

Configuring TA: Why is Tomato change index not wor...

by in All Apps and Add-ons
‎02-16-2022 04:06 AM
‎02-16-2022 04:06 AM
Hello community, first I have to say that I'm very,very new to Splunk. Getting to Splunk is because of a solution I found in the streamboard community about analysis of OSCam logs. So I've installed Splunk on ubuntu and the OSCam-App from 'jotne' - works nice. Now knowing what Splunk does I thought about to analyse my routers syslog as well and came up with the TA-Tomato app. So I configured my router to send the syslog data to the UDP port like OSCam does. Data is stored in index = main; sourcetype = syslog - GREAT! Now I came to the very easy things mentioned in the README: - Please onboard your data as sourcetype=tomato - This app also assumes your data will exist in index=tomato This maybe is no issue for someone who is familiar with Splunk but for me it isn't. After two days of reading, trying to understand and testing, I didn't get this to work. I played around with some configuration I found here: https://community.splunk.com/t5/All-Apps-and-Add-ons/Unable-to-get-working-with-Tomato/m-p/223350 and ended with copy the files app.conf, props.conf, transforms.conf to the local directory. (is it right if a file exists in the local dir the one in default is ignored? - think so but dont know) I insert:   [host::192.168.0.1] TRANSFORMS-tomato = set_index_tomato,set_subtype_tomato   to the top of probs.conf and this:   [set_index_tomato} REGEX = . DEST_KEY = _MetaData:Index FORMAT = tomato [set_subtype_tomato] REGEX = 192.168.0.1 SOURCE_KEY = MetaData:Host FORMAT = sourcetype::tomato DEST_KEY = MetaData:Sourcetype   to the top of transforms.conf Sourcetype will work but index is still 'main'. So, what's wrong with my stupid idea. Thanks ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎12-05-2022 05:11 AM
Karma from
View All