Splunk Enterprise

Should I switch to TCP instead of UDP? And, how do I send email alerts?

hichem_khalfi
Path Finder

please i need some informations because i have some issues:

1- i'm using udp port to send logs from my antivirus server to splunk server, I noticed that the logs come after a delay of 2 and 3 hours, my question: is it advisable to switch to TCP instead of UDP to guarantee the reception of the logs??

 

2- I have a problem with sending alert emails, the configuration is correct, well I noticed that the saved password is different to my password (number of stars)
assuming my password is 12345678 then I must have 8 stars (********) but when I check the configuration I find only 6 stars which indicates that it is not my password, I I erased all saved passwords but still the same problem
note that the alert works perfectly (display on the console) but the email is not sent.

 

 

Labels (2)
Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

This should be two separate post.

1. UDP cannot cause a 2-3 hour delay in packet delivery.  Nor will switching to TCP resolve it.  How are you detecting the delay?  Could a time zone difference look like a delay?

2. I would not assume the number of asterisks accurately represents the number of characters in the stored password.  That would not be good for security.  Check splunkd.log and python.log to find out why alert emails are not sent.  If the logs say the email were sent then contact your email admin to find out what is happening to the messages.

---
If this reply helps you, Karma would be appreciated.

hichem_khalfi
Path Finder

hi @richgalloway 

my problem comes from the splunk portal:
after the problem of sending alerts by email, the portal does not accept my splunk account.
I can't access splunkbase through the splunk enterprise portal to download applications, but I can do that through URL

is there a workaround because it is very important to send alert emails?? for app installation; I manage, I download from the site then I install it but I must have a solution for the problem of alert emails.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

This is the first time you've mentioned problems installing apps.  Please ask a new question about that.

I don't see how the ability to send alert emails is related to splunkbase access.

---
If this reply helps you, Karma would be appreciated.
0 Karma

hichem_khalfi
Path Finder

Hi @richgalloway 

I see the same problem which is related to the password when I consult index = internal "sendmail" I notice that the problem: bad password although I am sure that I type it correctly the same problem when installing apps via the portal I type my credentials but I can't access splunkbase however when I navigate to the site I can access and do everything so the splunk enterprise portal refuses identification

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...