ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
Splunk CIM (PART-1) : Installation and data setup
ฝัง
- เผยแพร่เมื่อ 5 ก.ค. 2020
- If you want to avail the membership please follow the below link,
/ @splunk_ml
In this video I have discussed about the splunk CIM installation and OSSEC data setup.
OSSEC setup step : blog.rapid7.co....
Setup Syslog for OSSEC : www.ossec.net/d...
Docs can be downloaded from the below repo:
github.com/sid...
Great video!! your channel is the best on splunk ! Thank you for your efforts in sharing the KNOWLEDGE!
Your videos are really helpful. I recently passed the power user exam. Now going for the admin user.
Best of luck!
Hi @Sandipan paul, Can you please tell me what are all the videos or pdf's you have followed for power user exam? it would be really helpful for me as I have exam in dec
@@bhanuayikam6064 th-cam.com/video/gsV3ukSztHc/w-d-xo.html
This video will help you alongwith fundamental 2 document.
@@sandipanpaul7482 Thanks a ton :)
should also include the link to the playlist in every video will increase your number of views
Thanks Sid!
Amazing video, thank you.
Thanks!
Thank you for this video, Where should the CIM application should be installed? is it on the search head or the Indexer?
It is the SH only app.
docs.splunk.com/Documentation/CIM/4.16.0/User/Install
@@splunk_ml Sorry, but what is the SH? tnx
@@dudishosh SH means search head
I am not able to see ossec web ui after restarting. Is there a firewall setting which we have to allow for ossec separately? Fyi I have allowed 514 and 8000. So, I can see splunk UI but not ossec UI. Please advice
not really....did you followed the same instructions to install OSSEC ui?
Thank you!! ... The video is really helpful. But at the Syslog IP address configuration step, we need to provide the IP address of the Splunk server instead of localhost(127.0.0.1).
As I was using the same server as receiver localhost also works.
Great video !! thank you! But I believe you have two copies of this posted to TH-cam. your # 25 and #26 of this playlist are the same. So are #27 and #28, they are duplicates also. Great videos though, thanks
Actually when I added to youtube playlist its displaying like that, I have raised a ticket to youtube support but still they didnt fixed it.
@@splunk_ml Ah ! i should have known how well done your videos are that you wouldn't have missed something like that. Talk about slow support on youtube's part !!!
What if I have data which is not CIM compatible? I have kafka logs how can normalize the data here?
Please check out the second part I posted on 9th July. I hope that will answer your question.
CIM Part 2 is missing in the playlist. The next video of CIM is the duplicate of this one. Can you update with the right one.
I still not posted the part 2. I will do it tomorrow.
If you're running Splunk as non-root user (best practice), then you will not have access to port 514. Just use 5514 instead.