Fix sudo being slow after changing hostname
Recently I changed the hostname of one of my machines. Ever since I did this there has been a five second pause from when I enter a command and when it actually executes. I was perplexed about this...
View ArticleExtract multiple Active Directory fields in Splunk
I had posted here about how to extract account names with a specific modifier (exclude account names ending in a dollar sign.) That worked for one specific instance, but I found I needed something...
View ArticleGet geolocation info in Splunk with iplocation
Splunk 6 has many awesome new features, one of which is built-in IP geolocation. No longer do you have to manually lookup up city, state, and country when investigating logs – Splunk will do that for...
View ArticleAutomatically delete old data in Splunk
I’ve had Splunk humming along for about two years now. I’ve already increased the storage space for my Splunk VM once. Today I received a notice that I’ve once again run out of space and indexing had...
View ArticleFix Splunk lockout after exceeded quota
Recently I came across a situation with my home install of Splunk (free license) where the 500MB quota was exceeded three days in a row. I hadn’t checked Splunk for a few days so I was completely...
View ArticleDetermine what a Splunk forwarder is forwarding
I recently came across a need to determine exactly what is logging to a forwarder in Splunk. I had a hard time finding out what to search for so I thought I’d share what I found. The key to discovering...
View ArticleMigrate from Sophos UTM to pfSense part 1
I’ve been using a Sophos UTM virtual appliance as my main firewall / threat manager appliance for about two years now. I’ve had some strange issues with this solution off and on but for the most part...
View ArticleInstall Splunk Universal Forwarder on Linux
I do this infrequently enough that I decided I should really write this down. Below is the quick and dirty way to get the Splunk universal forwarder installed on a new Linux system. Thanks to...
View ArticleChange the hostname on a Splunk Indexer
Recently I set about to change the hostname on a Splunk indexer. It should be pretty easy, right? Beware. It can be pretty nasty! Below is my experience. I started with the basics. hostname command...
View ArticleFix erroneous DM Splunk Missing Forwarders alert
For some time now Splunk has been alerting me to “missing” forwarders even though all of those forwarders are working perfectly fine. It turns out to be a glitch in the Deployment Monitor app. After...
View Articlersync create directory tree on remote host
I ran into an issue where I want to use rsync to copy a folder to a remote host into a destination directory that doesn’t yet exist. I was frustrated to find that rsync doesn’t appear to be able to...
View Article
