Category: Splunk

  • Filtering in rsyslog

    If you use rsyslog as a syslog collector in front of your Splunk indexers, I will show you a way to filter out data in rsyslog, to avoid spending valuable indexer or forwarder resources.

  • Add trusted root certificate to python running under Splunk context [DRAFT]

    Create a .py file with the following content: Run the script in the context of Splunk: Then add your certificate in base64-format to this file to let Splunk trust your SSL-inspecting proxy. Bear in mind that this file is write-protected, so you might need to chmod u+w /exp/splunk/lib/python2.7/site-packages/certifi/cacert.pem and then chmod u-w after changing the […]