What does not work and takes +5h?
This: `splunk fsck repair --all-buckets-all-indexes`
What does work and takes few seconds?
That: `zfs rollback -r flash/vm/rocky8-splunk@H-2025-01-30_14.00.01--48h`
Recherches récentes
Options de recherche
#splunk
0 message0 participant0 message aujourd’hui
community.splunk.com · Using Machine Learning Toolkit to detect auth abuseHello, I’m trying to tune Machine Learning Toolkit in order to detect authentication abuse on a web portal (based upon Lemon LDAP-NG). My logs look like this: (time/host/... header) client=(IP address) user=(login) sessionID=(session-id) mail=(user email address) action=(various statuses: connected ...
We’re thrilled to announce that the Investigative Journalism Foundation has been selected as a #Splunk Social Impact grantee helping to bridge the Data Divide!
This opportunity allows us to further our mission of holding power to account by leveraging data for transformative change. Learn more about our journey and other inspiring nonprofits here:
https://www.splunk.com/en_us/blog/splunk-for-good/bridge-data-divide-2024-2025-grantees.html
Hello Mastodon!
I'm Steven Butterworth, aka UKITGURU. I specialise in InfoSec and SIEM technologies (Splunk, Sentinel, Elastic). As a freelancer, I create and deliver SIEM content, working with gov departments and private sectors. Passionate about Data Science, Data Engineering, and data literacy. Avid triathlon enthusiast—never enough bikes! 
Looking forward to connecting!
#InfoSec
#SIEM
#Splunk
#Sentinel
#DataScience
#Triathlon
#Cycling
Got to bring my father into one of the larger caves - a new experience for him.
Most of these caves are off the map. This is to protect the delicate and unique geological features (not to mention the bats)
Here is a large lava stalagmite. Unlike those found in a limestone cave, they form all-at-once… like a drippy castle you naught have built at the beach (but with molten lava)
There are hundred of lava tube caves in southern Washington. Some are a tight squeeze, others offer vast open rooms with 50’ tall ceilings.
I am not a #DataScience person, so I need the wisdom of the #LazyWeb to help me out, please.
(I’m running queries on #Splunk, but I don’t think this question applies to Splunk only.)
I have a report running hourly to calculate metrics and store these to a separate index (in Splunk terms, a “summary metrics index”), for faster querying later. It's a data roll-up. (1/4)
Suite du fil
Along these same lines, I am now a #Splunk rock star, and my dashboards are better than yours.
New from me: Splunk - Cribl lawsuit over #logmanagement heads to trial
Includes info from court filings, blog comments from Clint Sharp and more. #Splunk #Cribl #lawsuit #litigation
TechTarget · Splunk-Cribl lawsuit over log management heads to trial
Because I can, I must.
Running the Linux #Splunk forwarder on #FreeBSD.
https://www.patpro.net/blog/index.php/2024/03/28/3679-running-splunk-forwarder-on-a-freebsd-14-host/
Cognitive Overhead · Running Splunk forwarder on a FreeBSD 14 hostFew months ago I discovered that Splunk did not bother updating its forwarder to support FreeBSD 14. It’s a real PITA for many users, including myself. After asking around for support about that problem and seeing Splunk quietly ignoring the voice of its users, I’ve decided to try and run the Linux
Splunk security advisories for multiple CVEs in various products (no mention of exploitation):
- SVD-2024-0301 Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise CVE-2024-29945 (7.2 high)
- SVD-2024-0302 Risky command safeguards bypass in Dashboard Examples Hub CVE-2024-29946 (8.1 high)
- SVD-2024-0303 Third-Party Package Updates in Splunk Enterprise - March 2024 (multiple CVEs)
- SVD-2024-0304 Third-Party Package Updates in Splunk Universal Forwarder - March 2024 (multiple CVEs)
Splunk Vulnerability DisclosureSplunk Authentication Token Exposure in Debug Log in Splunk EnterpriseIn Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure could happen when either Splunk Enterprise runs in debug mode or the `JsonWebToken` component has been configured to log its activity at the DEBUG logging level. Normally, Splunk Enterprise runs with debug mode and token authentication turned off, as well as the `JsonWebToken` process configured at the INFO logging level. <br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) in the Splunk documentation for more information.
HIRING: Security Operations Center (SOC) Analyst
/ Remote, LATAM
infosec-jobs.comSecurity Operations Center (SOC) AnalystGreetings from GK Cybersecurity, GK Cybersecurity is a hiring partner of choice with the world's leading firms across industries and domains. At GK Cybersecurity Group, we are dedicated to empowering …
Are you a threat hunter, or do you manage threat hunters? My team could use your help with our latest #ThreatHunting project! Please consider taking a couple of minutes to fill out our survey. Thank you!
Hey #splunk users, we need your help getting support for #FreeBSD 14!
Please take 2 min to vote for «FreeBSD 14 support» at https://ideas.splunk.com/ideas/SFXIMMID-I-583 as we are still under point threshold…
Anyone with a splunk user account can vote and you can give more than 1 point :)
Feel free to share & thanks a lot for your help 
