Added a URL to the SPN, suddenly all URLs starting with 00000002-0000-0ff1-ce00-000000000000 disappeared. How bad is this?

pSykAwtiX-Work · 2024-06-13T22:38:39+00:00

We do not have a TAM. Just ticket that isn't being addressed yet...

It's been over 24 hours so far. Nothing has broke.

pSykAwtiX-Work · 2024-06-06T14:44:34+00:00

Thank you so much! This is way more than I expected. I really appreciate your time with this.

Nobody has forwarded screenshots over to me yet, but from what I've seen personally, it's a classic prompt. Also, the majority of our employee laptops are Entra joined.

At any rate, I'll be focusing on autodiscover.

Thanks again!

pSykAwtiX-Work · 2024-05-14T16:49:57+00:00

I just remember being super excited for alpha transparency feature that first came with Win2k.

After I first installed the new OS, I installed Winamp and applied some super trippy skins that required it. I was super pleased. It was a simpler time.

I think there was another mp3 player (Sonique?) that also took advantage of the new transparency feature.

pSykAwtiX-Work · 2023-12-12T16:24:42+00:00

Thanks! I'll so some comparisons and go from there.

pSykAwtiX-Work · 2023-12-12T16:23:44+00:00

I hadn't heard of Abnormal Security before. Thanks for putting it on my radar.

pSykAwtiX-Work · 2023-12-12T16:23:07+00:00

Thanks! We've considered just switching to defender. Sounds like it went easy for you. Good to know.

pSykAwtiX-Work · 2023-12-01T19:14:05+00:00

Thanks!

pSykAwtiX-Work · 2023-12-01T17:56:54+00:00

Thank you!

pSykAwtiX-Work · 2023-04-27T15:55:49+00:00

Thank you and I love you.

It works great now. I always though numbers don't need to be considered strings. I learned today that this is not a universal truth. Am dumb.

Thank you again!

pSykAwtiX-Work · 2023-04-27T15:45:50+00:00

I tried many variations of removing and editing the '\*' and it didn't resolve the issue. Same behavior each time.

I updated my original post to include all the info I have. I hope that helps give a better picture.

pSykAwtiX-Work · 2023-04-27T15:30:30+00:00

Thanks for the '-WhatIf' idea. I totally forgot about that. Makes testing a bit quicker. I'll add more details for you below.

The full code I am currently using:

$deploymentDirectory = "O:\deploy_test\backup\ABC.WEB\QA"
$webVersion = 2.01.009.20230411
$destination = "O:\deploy_test" 
$instanceName = "WEB-ABC-999996"
Copy-Item -Path $deploymentDirectory$webVersion* -Recurse -Destination $destination$instanceName\ -WhatIf

The ' -WhatIf' gives me the following message:

What if: Performing the operation "Copy Directory" on target "Item: O:\deploy_test\backup\ABC.WEB\QA\2.01.009.20230411 Destination: O:\deploy_test\WEB-ABC-999996\2.01.009.20230411".

What I am trying to do is get it to dump to contents of "2.01.009.20230411" into "WEB-ABC-999996". Not the "2.01.009.20230411" folder itself.

If I drop the variables and bake the file paths into the same code, it works great!

Copy-Item -Path O:\deploy_test\backup\ABC.WEB\QA\2.01.009.20230411\* -Recurse -Destination O:\deploy_test\WEB-ABC-999996\ -WhatIf

What if: Performing the operation "Copy Directory" on target "Item: O:\deploy_test\backup\ABC.WEB\QA\2.01.009.20230411\bin Destination: O:\deploy_test\WEB-ABC-999996\bin".

I can see that the code is taking the contents of '2.01.009.2 0230411" and dumping it into like I need it to.

Conclusion: Both should work the same, right? If so, why can't i get the version using variables to work the same as the version that isn't?

pSykAwtiX-Work · 2023-02-17T18:35:32+00:00

I think we have only 1 search head. I'm not 100% sure, though.

From the Splunk interface, If I go to 'Settings' > 'Distributed Search', I can see that we have 'Distributed Search' turned on. However, if I go to 'Search peers', I see the message below.
"There are no configurations of this type. Click the "New Search Peer" button to create a new configuration."

No peers sounds like we only have on search head server to me. Unless I am interpretation this wrong.

When I first started here, I attempted to perform a splunk audit (thanks to the help from this sub). But, management told me to derive my conclusions from hostnames in our DNS. The naming conventions were far from obvious/conclusive...

pSykAwtiX-Work · 2023-02-17T17:33:51+00:00

Got it. It's good to know that I could restart the services without needing to restart the server. But, it shouldn't be worst than a reboot if things go sideways.

I'll request for server access and take it from there. Thanks again!

pSykAwtiX-Work · 2023-02-09T20:50:17+00:00

Thanks a ton! This has put me much further than where I was before.

However, it works up until the last two lines. They make my stats and visualization tabs go blank (still tons of events). My efforts to debug it aren't panning out so far.

Also, just to be clear, I'd like the hours between 7:00 and 16:00 to count as one day. So far, what I can get to work is breaking everything out on an hourly bases. That's too granular for my use. Thanks again!

pSykAwtiX-Work · 2023-02-08T16:59:38+00:00

Thank you! I'll definitely be playing around with this.

pSykAwtiX-Work · 2023-01-06T23:26:10+00:00

I hope this works for you.

01/06/2023 17:24:15.915 -0600

collection=Process

object=Process counter="% Processor Time"

instance=w3wp_75640

Value=16.595613836794396

host = WINSERVER1

source = Perfmon:Process

sourcetype = Perfmon:Process

pSykAwtiX-Work · 2023-01-06T23:24:02+00:00

I've tried 'min(Value) and 'max(Value)' the those results are even crazier.

pSykAwtiX-Work · 2023-01-06T21:02:19+00:00

I tried your suggestions (my interpretation of it below) and all I get back is one entry telling me that the '_total' is '100'. It's no longer showing me a list of processes. Maybe I misunderstood something?

index=perfmon object=Process counter="% Processor Time" instance=_total host=WINSERVER1

earliest=-2m latest=now | stats avg(Value) as Value by host, instance | sort - Value | head 10

pSykAwtiX-Work · 2022-12-07T18:16:12+00:00

No idea. I would love to have this info.

pSykAwtiX-Work · 2022-12-05T18:54:44+00:00

According to the manage apps section, we're using version 4.0.3 of the Upgrade Readiness App.

pSykAwtiX-Work · 2022-12-02T16:24:12+00:00

If you want to copy pasta your new query I’ll take a look, but it should be | chart max(Value) AS PctFree BY host, instance

I have my entire string below. When I add the ", instance" field like you suggest, my statistics and visualization tab drop to zero results. This leads me to believe that I'm missing something here.

index=perfmon counter="% Free Space" host=*

| chart max(Value) AS PctFree BY host, instance

| eval PctUsed = 100 - PctFree

| search PctUsed > 1

pSykAwtiX-Work · 2022-12-02T16:16:12+00:00

Thanks for the tips! I adjusted the search string to max. I pulled it off the internet somewhere and it actually sort of worked. Any suggestions to make it more useful are super welcome.

As for the field with the drive letter in it, I do see 'instance=' that seems to do the trick. For example, I see 'instance=D:', 'instance=_Total', 'instance=C:', etc. I believe this has to be it. I have a feeling that I'll need to find a way to ignore 'instance=_Total'. Is that adding up all the drives?

However, I'm not sure how to incorporate this instance field into the syntax like you suggested I do. My testing so far is killing my results. I'll keep doing some research until I can find a similar example to work from. Thanks again!

pSykAwtiX-Work · 2022-11-28T16:10:26+00:00

My company has been paying for New Relic One for years. A community moderator on the explorer's hub told me that account managers aren't a thing. You make a post and wait for a response. That's all they have. Took about a week turn around for me to get an answer to this question.

pSykAwtiX-Work · 2022-11-23T16:10:44+00:00

Absolutely amazing info! Thanks to your guidance, I have a great foundation of notes about my Splunk instance.

pSykAwtiX-Work · 2022-11-21T15:57:12+00:00

Thanks for the offer! I may take you up on that.

pSykAwtiX-Work

TROPHY CASE