Sunday, January 14, 2018

Happy New Year 2018

Happy New Year 2018, hope it's a better one than last. I have a lot planned but I had a lot planned last year also. Oddly I completed a lot of projects also so I shouldn't look badly on the year.

I've been playing with Splunk and the netflow data from my firewall / router. I missed the expired license period for the trial Enterprise license and ended up with 30 violations before I switched to the free version. The free version fits my needs just fine at the moment. I'm mainly using Splunk for learning. I'm still not sure where to begin. It's very overwhelming. Anyways, once I found the violations, I fixed the license but found I couldn't access my dashboards (my queries). I found I had to let them clear. With 30 violations, had to wait until I had less than 3 violations. But it still didn't work, it complained: "Error in 'litsearch' command: Your Splunk license expired of you have exceeded your license limit too many times'. So despite the fact that I renewed the license to fix the violations, I still had to renew the license to re-enable the search. I did this once the violation count was lower than 3. Actually I waited until it was zero. Now I can see my data again (yeah). So I expect that all the data it pushed during the violation period is still there. Once I figure out how to use Splunk I'll check it.