Tag Archives: Splunk

Splunk – List REST API users and their IPs

Want to get a list REST API users and their IPs

Run this search

The limitation is if the users are going via a Load Balancer, you will see  Load Balancer’s IP as the clientip

Notes from SplunkLive! Sydney 2019

Notes from SplunkLive! Sydney 2019

I’ve had a chance to got SplunkLive! in Sydney this year.

It was freezing (by Sydney standards) 7.6 with winds which felt like -0.2 according to weatherzone app on my phone and my face.

So I wouldn’t have minded if the event turned out to be a total disaster, as long as they would have served coffee and it was warm inside, but it turned out to be quite interesting.

Continue reading Notes from SplunkLive! Sydney 2019

Configure Splunk SSO with Auth0 as your identity provider

I had to work on Splunk SSO Integration and since had never touched SSO/SAML before, I wanted to play with it a little bit on my machine. I’ve decided to use Oath0 as my IdP

This tutorial is based on SAML SSO with Auth0 as Service Provider and as an Identity Provider, but the steps that are relevant to configuring an Auth0 tenant as the Service Provider (SP) are replaced with Splunk Configuration.

Continue reading Configure Splunk SSO with Auth0 as your identity provider

Manage Splunk KV Store using REST API

I’ve started working with Splunk KV store for one of my recent projects. It is a robust system with an extensive API. since I was learning and documenting my fundings anyway I thought, why not put up a blog post about how to manage Splunk KV Store using REST API.

Continue reading Manage Splunk KV Store using REST API

Splunk HEC SSL Certificate Set up

Here is how to set up Splunk HTTP Event Collector (HEC) SSL with your own certificate

In /opt/splunk/etc/apps/splunk_httpinput/local/inputs.conf edit the [http] stanza with these 4 properties

[http]
enableSSL = 1
sslPassword = $1$IA1A1A1A1
privKeyPath = /opt/splunk/etc/auth/splunkweb/hec.mydomain.com.key
serverCert = /opt/splunk/etc/auth/splunkweb/hec.mydomain.com.pem