thanks for the channel life saver, i'm already a member, but my biggest problem is with apps i know how to install them and where in order to deploy them but the real problem is for example enterprise security on which server shall i install it on the master console , on the search heads ... Please guide us
Enterprise security is just on the search head. IT service intelligence is on search head as well. It has specific files that need to go on other systems. Hit me up on discord if you want further guidance.
Excellent, Keep doing good work. is there any way to create APP which will consist these alert. My requirement is I have REST API which give me event details. I want to pull those event and generate the alert if specific condition meets Thanks a lot
absolutely, I won't say you will or you won't find an app on Splunkbase or git. but you can totally make your own app. write a rest api in SPL and put it in a Enterprise Security Correlation Search or write it to a summary index or take another action on it. I have a video that shows rest APIs releasing next week (it's already available to my members) and it shows how to write rest apis, just turn that into the correlation search or saved search. If you want more guidance, dm me on Discord and I can help you out. Rest APIs th-cam.com/video/7GFwqpdVmz0/w-d-xo.html Saved Searches And Summary Indexing th-cam.com/video/elyOotImqgc/w-d-xo.html
That is an excellent idea. I actually created a data set for these videos (or it was a similar presentation, I get them mixed up). After .conf I will work to get them on my git site so you can see the same data.
You have no idea how much your channel is helping me with Splunk! THANK YOU SO MUCH!!🙏
Happy to hear that!
thise help alot understand who make alerts
glad it helped
thanks for the channel life saver, i'm already a member, but my biggest problem is with apps
i know how to install them and where in order to deploy them
but the real problem is for example enterprise security on which server shall i install it on the master console , on the search heads ...
Please guide us
Enterprise security is just on the search head. IT service intelligence is on search head as well. It has specific files that need to go on other systems. Hit me up on discord if you want further guidance.
Excellent, Keep doing good work.
is there any way to create APP which will consist these alert.
My requirement is I have REST API which give me event details. I want to pull those event and generate the alert if specific condition meets
Thanks a lot
absolutely, I won't say you will or you won't find an app on Splunkbase or git. but you can totally make your own app. write a rest api in SPL and put it in a Enterprise Security Correlation Search or write it to a summary index or take another action on it.
I have a video that shows rest APIs releasing next week (it's already available to my members) and it shows how to write rest apis, just turn that into the correlation search or saved search. If you want more guidance, dm me on Discord and I can help you out.
Rest APIs
th-cam.com/video/7GFwqpdVmz0/w-d-xo.html
Saved Searches And Summary Indexing
th-cam.com/video/elyOotImqgc/w-d-xo.html
sir better if you can export and share the logs so we can follow also
That is an excellent idea. I actually created a data set for these videos (or it was a similar presentation, I get them mixed up). After .conf I will work to get them on my git site so you can see the same data.