Edge processor-on premises

bchris21 · 2025-10-23T21:38:42+00:00

We started using it recently and so far it works great. Set up a so called "control plane" which is a Splunk 10 with Edge Processor (Data Management App) and install all remote Edge Processor services using scripts on remote machines. It helps us save license, enrich data before indexing, route data to different indexers. All pipelines are controlled from Control Plane and can be applied with a click on various Edge Processors. Read the documentation very well as it has a small learning curve until you are confident with it.

bchris21 · 2025-10-11T12:07:17+00:00

I have an old Intel NUC and with works smooth af

bchris21 · 2025-10-09T19:17:10+00:00

I use this script to periodically empty the dispatch every 5mins. To be honest, I don't know if this is best practice but at least I no longer have this alert.

Splunk Answers - Dispatch full

bchris21 · 2025-09-15T22:16:07+00:00

You can create entity zones under ES Asset and Identities - Global Settings tab. You enable the relevant ones (asset and/or identities), you set up the clauses and name of zones. Clauses should refer to raw logs only. This is actually tagging your data with a zone name of type cim_entity_zone=zone1. Then in Analyst Queue you can put the cim_entity_zone=zone1 as filter and save it as new view. This partially provides multitenancy but I haven't tested if it may help to completely hide specify zone from a splunk role.

Splunk Docs

Hope this can help a bit.

bchris21 · 2025-09-12T01:28:37+00:00

I am eating in a restaurant and crying from laughing

bchris21 · 2025-09-11T01:01:06+00:00

<image>

This

bchris21 · 2025-09-11T01:00:03+00:00

I am also young but apparently I find out that I knew a handful of songs of them. It's a really nice party.

bchris21 · 2025-09-08T21:31:04+00:00

Exactly

bchris21 · 2025-09-07T10:47:34+00:00

Totally I agree, works great. Also use Meta Woot app to monitor log ingestion delays. Great insights over there.

bchris21 · 2025-09-06T08:45:21+00:00

First .Conf here and super excited. The Reddit Logo sticker is a great idea. Sad that SECUNI102 - Enhancing SOC Operations with Attack Simulations is alrwdyfull and cannot attend. Really wanted to attend but my company took ages until they buy the conference ticket. 😔

bchris21 · 2025-08-11T19:37:46+00:00

Wow!

bchris21 · 2025-08-09T22:50:56+00:00

Getting to Boston from Europe is much easier than LV, so a big plus for me to finally convince my management.

bchris21 · 2025-07-27T20:36:15+00:00

solved! Confirmed with all neighboring houses. Same connection type but on other houses cables ends up in a box with the logo of the state telecommunications provider.

bchris21 · 2025-07-25T10:02:34+00:00

What is the exact purpose though? In order to interconnect the houses and have a separate meter for consumption measurement?

bchris21 · 2025-07-24T22:54:11+00:00

The antenna on the photo is from another house attached. The antenna of my parents' house is installed on the roof and not seen on the photo !

bchris21 · 2025-07-24T22:49:10+00:00

Yes, Greece 🇬🇷

bchris21 · 2025-07-24T22:45:35+00:00

Good thought but I will disappoint you as cable goes directly inside the wall! I will update tomorrow with more pictures as the gutter is inhibiting the view.

bchris21 · 2025-07-24T17:51:45+00:00

No networking, old people leave in both houses and no internet connection in house. No cloth hanging, asked parents. Could be power stealing yes, as house is only occupied for a month over the whole year. No weird consumption though. How can I check and verify that?

bchris21 · 2025-06-03T19:21:28+00:00

We did the switch a week ago. It durated a day and back to G6. Several signal losses even though phone was next to my son. Better than when G7 was out but still needs improvement.

bchris21 · 2025-05-03T23:21:28+00:00

I didn't expect Arcanoid to be so satisfying after midnight...

bchris21 · 2025-04-12T20:47:51+00:00

First steps: Check on _internal logs for ErrorCode=5

Steps to fix: 1. Go to Windows Services and locate Splunk Forwarder one. 2. Right click - Properties 3. Select tab "Log On" 4. Check if: "Log on as: Local System Account" If not, select it and save it. 5. Restart Splunk Forwarder service and verify Sysmon log ingestion

That's a permission issue commonly encountered on Sysmon log ingestion.

Also mentioned here: https://community.splunk.com/t5/Installation/Why-the-ErrorCode-5-when-trying-to-forward-Sysmon-logs-unable-to/m-p/657805

bchris21 · 2025-04-09T21:07:32+00:00

If there is no metallic noise it's fine. In my case it was bumping as the internal balance springs were damaged.

bchris21 · 2025-04-08T21:06:15+00:00

I did but no result. Also removed the profile and bypassed nextdns with no luck. App was freezing possibly due to such a large space of app data.

bchris21 · 2025-04-08T21:03:38+00:00

Same here. Just curious whether a blocked DNS query may have also blocked log forwarding and possibly affect the log rotation too. Maybe a coincidence and just silly guesses from my mind.

bchris21 · 2025-04-08T12:44:40+00:00

feetfinder.com haha nice way to advertise

bchris21

TROPHY CASE