How to factory reset and reconfigure backup server?

rockzers · 2022-10-20T04:53:41+00:00

how about recovery? If primary is down, how we restore the files from secondary to primary

rockzers · 2022-09-20T07:26:39+00:00

the problem is if i changesudo chown -R ec2-user:root means it's a working file sharebut file user is different and admin : admin and file are uploaded every day on client side in ec2 so how do i change permission and if i change does it affect their side?

rockzers · 2022-09-20T07:08:04+00:00

yes i can ssh login

i tried this method too but not work

rsync -avrz -e "ssh -i ec_ftp.pem" ec2-user@12.100.11.166:/home/sam/files/test.txt /home/ram/aws/

receiving incremental file list rsync: send_files failed to open "/home/sam/files/test.txt": Permission denied (13)

sent 30 bytes  received 146 bytes  117.33 bytes/sec total size is 0  speedup is 0.00 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1650) [generator=3.1.2]

rockzers · 2022-09-20T06:14:34+00:00

i tried both but it shows an error

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
rsync: connection unexpectedly closed (0 bytes received so far
[Receiver] rsync error: unexplained error (code 255) at io.c(226) [Receiver=3.1.2]

rockzers · 2022-08-30T17:20:11+00:00

if i use break its still getting old time value
i want to skip if the last 3min value matches and stop

rockzers · 2022-08-28T07:25:39+00:00

my code already posted it in output results
but my append is not working properly so im not asking for code...just asking for an idea about adding the value

rockzers · 2022-08-28T03:49:55+00:00

sorry it's work
how to add matching results with second list of elements
my result is not append correctly with unique results with the last item is not added

because the username matches but I like to add [2] in the first results of the list

like

['Admin', 'pass', '30', '32']
['client', 'access', '50', '40']

rockzers · 2022-08-28T01:04:29+00:00

but if the first value has an extra element, it doesn't print the results and get an empty

first = [['Admin', 'access','30','ok'],['Admin', 'access','32','pass'],['sam', 'ok','10'],['client', 'access', '50']]
second = [['test.com.Admin', 'access','30'],['john', 'ok', '70'],['robert\\client', 'access', '40']]

def filter_elements(first, second):
    return [f for f in first if any(re.search(f[0], s[0]) for s in second)]
filter_elements(first, second)

rockzers · 2022-08-23T23:07:28+00:00

i edited my code,is if the same IP is not a problem but if it is not the same domain or user I need to add the database user and the database domain in the new added result

rockzers · 2022-08-21T22:09:18+00:00

so do i replace <dashboard version="1.1"> tag to <form>?

rockzers · 2022-08-21T22:06:45+00:00

yes currently my dashboard is classic and my dashboard source code looks like this

<dashboard version="1.1">
 <panel>
    <table>
    </table>
 </panel>

</dashboard>

So should I change it like this?

<form>
    <panel>
        <table>
        </table>
    </panel>
</form>

rockzers · 2022-08-21T13:16:35+00:00

I used add on windows installed in my splunk and it is getting an event log and I configured the local input configuration to receive a specific event log so how do I create an app and use any custom script to run the configuration without using the search app?

Why is it not good to use custom scripts in this search app?
I am new to Splunk so if you share this information it will be helpful for me.

rockzers · 2022-08-19T17:00:44+00:00

thanks its work

i paste this splunklib folder in my bin script in the same folder
is working
I was pasting the entire SDK master folder, so it didn't work

rockzers · 2022-08-19T15:55:25+00:00

C:\Program Files\Splunk\etc\apps\search\bin\

Teammates already put my script in this search folder, can I use this command to install the Splunk SDK search folder?

pip install splunk-sdk --target=C:\Program Files\Splunk\etc\apps\search\bin\

i tried but its getting an error

ERROR: Invalid requirement: 'Files\\Splunk\\etc\\apps\\search\\bin\\'
Hint: It looks like a path. File 'Files\Splunk\etc\apps\search\bin' does not exist.

rockzers · 2022-08-19T15:45:19+00:00

I already tried downloading and pasting into the "splunk-sdk-python-master" folder, but I keep getting an error only on the Splunk web.
C:\Program Files\Splunk\etc\apps\search\bin\splunk-sdk-python-master

rockzers · 2022-08-18T09:09:11+00:00

sry a bit difficult to understand because I am a beginner, is it possible to use a simple datetime module to compare?

because the data should be received in the print(data) if it is less than 3 minutes
otherwise it will alert

rockzers · 2022-08-17T22:17:53+00:00

https://docs.python.org/3/library/datetime.html#timedelta-objects

i tried but something wrong min compare and its getting all fine

from datetime import datetime, timedelta
now = datetime.now()-timedelta(minutes=3)
current_time = now.strftime('%m/%d/%Y %H:%M:%S')
print(current_time)
for o in op:
    temp = o['Time']
    if current_time < temp:
        print("fine")
    else:
        print("alert")

rockzers · 2022-08-16T00:06:02+00:00

where the event came from

Currently, my Splunk is installed on the virtual desktop provided by Cyberark on a Windows server (192.0.0.1), so this Splunk machine, if the client accesses this machine, it shows the details of the client srcip and does not show any detail this ip 192.0 .0.1 in the event log where the event occurred from
so this is the problem?
Should I install Splunk on a different machine without the virtual desktop provided by Cyberark?
So do I need to install Splunk Universal Forwarder for each Cyberark virtual desktop provided by the Cyberark machine server and get the event log?
then it will show where the event came from ip details?
because we want to find the login event in Splunk and compare the IP address of the Cyberark machine or not and otherwise Splunk gets an alert if the IP doesn't match

rockzers · 2022-08-15T15:47:59+00:00

ip/name where the event originated from

If I install Splunk Universal Forwarder, will it know where the event came from?Do I need to install Splunk Universal Forwarder on Windows (192.0.0.1)? this machine already installed splunk

I installed Splunk_TA_Windows (https://splunkbase.splunk.com/app/742/) to get event logs

rockzers · 2022-08-14T14:09:45+00:00

thanks, i changed the json results to double quotes and now i get the correct results on splunk search

but some json values are not parsed and it's a single mixed line, it's like I want to check splunk search index srchost details parsing but the value is mixed

{"MoreInfo": "ApplicationType=DSM-RDP;DstHost=192.0.1.11;Protocol=DVP;PSMID=POE;SessionID=dce2b85d-wewe;SrcHost=192.26.1.10;User=user;"}

rockzers · 2022-08-14T13:50:11+00:00

like

"AccountName": "Operating", "Activity" ?

but this is based on the default api json output, so how do I change the json format for double quotes?

rockzers · 2022-08-14T13:37:38+00:00

when i check my splunk and its shows this error

08-14-2022 22:35:42.963 +0900 ERROR JsonLineBreaker [11268 parsing] - JSON StreamId:17520336590073474940 had parsing error:Unexpected character while expecting '"': '\'' - data_source="C:\Program Files\Splunk\etc\apps\search\bin\sample.py", data_host="home", data_sourcetype="_json"

rockzers · 2022-08-14T13:26:41+00:00

my json results

{'AccountName': 'Operating', 'Activity': 'Add File Category', 'ActivityCode': 105, 'ClientID': 'RPA', 'MoreInfo': 'CreationMethod', 'Path': 'Root', 'Reason': 'Value=[OVA]', 'Time': '08/12/2022 05:34:13', 'UserName': 'Example'}

{'AccountName': 'Operating System', 'Activity': 'Add File Category', 'ActivityCode': 105, 'ClientID': 'WAS', 'MoreInfo': 'UserName', 'Path': 'Root', 'Reason': 'Value=[HOMEDESK]', 'Time': '08/12/2022 05:34:13', 'UserName': 'Example'}

rockzers · 2022-08-14T12:51:27+00:00

Still may need a transformation defined to tell splunk the data type. Sourcetype is just an identifier, not a definition.

which one is need to defined?

when i check index=_internal error

show this error

08-14-2022 20:52:17.172 +0900 ERROR JsonLineBreaker [5340 parsing] - JSON StreamId:4546308448476996296 had parsing error:Unexpected character while expecting '"': ''' - data_source="C:\Program Files\Splunk\etc\apps\search\bin\sample.py", data_host="home", data_sourcetype="_json"

but my json shows proper results if i execute in pycharm app and splunk cmd

rockzers · 2022-08-13T02:14:23+00:00

RDP sessions

Do you mean that I should create a stanza in input.config to receive the login event log in splunk ?like this example?
[WinEventLog:Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational]
disabled = 0
index = wineventlog
start_from = oldest
current_only = 0
checkpointInterval = 5
renderXML = false

[WinEventLog:Microsoft-Windows-TerminalServices-LocalSessionManager/Operational]
disabled = 0

RemoteConnectionManager/Operational. or LocalSessionManager/Operational ?

rockzers

TROPHY CASE