Entries by Caroline Lea

Monitor Splunk Alerts for Errors

Zubair Rauf | Senior Splunk Consultant – Team Lead In the past few years, Splunk has become a very powerful tool to help teams in organizations proactively analyze their log data for reactive and proactive actions in a plethora of use cases. I have observed almost every Splunker monitor Splunk Alerts for errors. Splunk Alerts […]

TekStream Congratulates CareerVillage.org on Mobilizing 100,000 Online Volunteers

TekStream joins the nonprofit organization CareerVillage.org in announcing that it has recruited over 100,000 industry professionals and helped provide career advice to over 6 million online learners. As a proud partner of CareerVillage.org, TekStream is honored that many of its employees have contributed to this important milestone. TekStream is committed to supporting and investing in […]

Format JSON Data at Search Time

By Forrest Lybarger | Splunk Consultant JSON data is a very common format in Splunk and users like to have control of the data. Splunk’s collection of json_* commands help users format JSON data at search time so that it can be presented and used without any permanent changes to the indexed data. This guide […]

How VMware vCenter UUID Duplicate ID Misconfiguration Can Affect the AWS CloudEndure and Elastic Disaster Recovery Solution

By: Brandon Prasnicki, Technical Architect and Gabriel Zabal, Cloud & Cybersecurity Consultant What is CloudEndure and Elastic Disaster Recovery (EDR)? AWS CloudEndure from Amazon Web Services and AWS Elastic Disaster Recovery are both Disaster Recovery solutions that continuously replicate your machines (including operating system, system state configuration, databases, applications, and files) into a low-cost staging […]

Restricting SFTP Access

By: Stuart Arnett  | Principal Architect   SFTP provides a mechanism to authenticate and transfer files securely between servers. It also allows authentication using SSH keys instead of username and password authentication. Using SSH keys is considered a better security practice for authentication because they are more difficult to hack with brute force. SFTP also simplifies […]

Monitoring Windows Event Logs in Splunk

By: Karl Cepull  | Senior Director, Operational Intelligence   Splunk is a widely accepted tool for log aggregation and analysis in both security and IT Ops use cases. Splunk’s add-ons for Microsoft Windows, including Exchange and Active Directory, rely on Windows Event Logs being available and a forwarder used to send those logs into Splunk. Windows logs […]

Back to the Present: Fixing Incorrect Timestamps in Splunk

  By: Jay Young  | Senior Splunk Consultant   It is not uncommon, in large and small Splunk Enterprise environments, to have events with future or past timestamps. With time being a critical component of Splunk, incorrect timestamps can severely impact the hot and warm buckets on the indexers; hot buckets may roll too early, […]

Splunk Deployer Push Modes and How to Use Them Properly

  By: Karl Cepull  | Senior Director, Operational Intelligence What is Deployer Push Mode? A Splunk Deployer is used to send apps and configuration files to search head cluster members. Deployer push mode determines where the Splunk deployer pushes configuration bundles to in search head cluster members. As apps are pushed to any Splunk server, […]

Splunk Deployer Push Modes and How to Use Them Properly

  By: Karl Cepull  | Senior Director, Operational Intelligence What is Deployer Push Mode? A Splunk Deployer is used to send apps and configuration files to search head cluster members. Deployer push mode determines where the Splunk deployer pushes configuration bundles to in search head cluster members. As apps are pushed to any Splunk server, […]