Videos

  • Add Videos
  • View All

Latest Activity

Profile Icon
Greg Vallenari is now a member of splunkninja Sunday
Welcome Them!
Profile Icon
Mike Hartford commented on Michael Wilde's video
Got it thanks
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 8
Profile Icon
Michael Wilde commented on Michael Wilde's video
Sure...  When you do group mapping, map them to groups that don't have the domain admins in them.  I have a separate OU=Groups that has "Splunk Users, Splunk Admins, Splunk Power Users" as group names, and specific users…
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 8
Profile Icon
Mike Hartford commented on Michael Wilde's video
I want to give LDAP access to my splunk servcie but I don't want the LDAP users to have admin capabilitys in Splunk.  Can I keep the domain admins out of Splunk if I have LDAP authentication???
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 7
Profile Icon
Mike Hartford left a comment for Jonathan Hawes
Helow Jonathan,   Glad to have another Splunker.  I've been useing Splunk for 2 years and am hooked.  I leared how to spell splunk and | transaction too.  you'll learn that one soon.   Go over to Splunk…
Feb 7
Profile Icon
Mike Hartford commented on Mike Hartford's blog post 'tees for the holy day'
  Holy Batskins Ninja, zzzzzwap zgruppp kapow a hidden stash, how great is that!!!!   The team that found them must have special bat senses and highly tooned Splunking skills   I like to wear Extra Lovable…
Feb 7
Profile Icon
Learning, learning, learning . . . Our Splunk "expert" is gone, and the non-programmer gets to learn the task! How do you spell SPLUNK?
Status posted by Jonathan Hawes Feb 7
0 Comments
Profile Icon
Jonathan Hawes is now a member of splunkninja Feb 7
Welcome Them!
Ben Corbett

Upgraded to 4.0

OK so I have finally upgraded to version 4.0 and now I am kicking myself that I didn't do it sooner! I mean I should have known that if someone known as the splunk ninja recommends you to upgrade your Splunk install then you REALLY should listen to him!

It would seem that the event segmentation works much better and now it is behaving how I would expect. I must admit that I was getting a little confused with the field allocation seemingly changing all the time but 4 seems to be solid as a rock.

Views: 1

Michael Wilde Comment by Michael Wilde on September 4, 2009 at 1:13am
Next up.... Make your own app.... I'll do a video on it, and you'll see why :)
Michael Wilde Comment by Michael Wilde on September 4, 2009 at 1:15am
Ben... What do you find confusing about field allocation? Is the "Other Interesting Fields" concept that shows up in the blue sidebar?
Ben Corbett Comment by Ben Corbett on September 4, 2009 at 1:50am
After your comment on pulling out the src_ip I was ripping my hair out trying to find the field. I nthe end I did a sort of mash up with the rhost field that kind of did what I wanted but not exactly. It was confusing me becasue I wasn't exactly sure where the rhost was coming from. e.g. If i looked on one of the servers for the past 3 hours, the rhost field would not be present but then if I changed this to say 24 hours it would then appear.

I'm not going to worry about it too much though because everything is behaving as I would expect in version 4. Woop Woop!

Comment

You need to be a member of splunkninja to add comments!

Join splunkninja

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service