please i need some informations because i have some issues:
1- i'm using udp port to send logs from my antivirus server to splunk server, I noticed that the logs come after a delay of 2 and 3 hours, my question: is it advisable to switch to TCP instead of UDP to guarantee the reception of the logs??
2- I have a problem with sending alert emails, the configuration is correct, well I noticed that the saved password is different to my password (number of stars)
assuming my password is 12345678 then I must have 8 stars (********) but when I check the configuration I find only 6 stars which indicates that it is not my password, I I erased all saved passwords but still the same problem
note that the alert works perfectly (display on the console) but the email is not sent.
This should be two separate post.
1. UDP cannot cause a 2-3 hour delay in packet delivery. Nor will switching to TCP resolve it. How are you detecting the delay? Could a time zone difference look like a delay?
2. I would not assume the number of asterisks accurately represents the number of characters in the stored password. That would not be good for security. Check splunkd.log and python.log to find out why alert emails are not sent. If the logs say the email were sent then contact your email admin to find out what is happening to the messages.
my problem comes from the splunk portal:
after the problem of sending alerts by email, the portal does not accept my splunk account.
I can't access splunkbase through the splunk enterprise portal to download applications, but I can do that through URL
is there a workaround because it is very important to send alert emails?? for app installation; I manage, I download from the site then I install it but I must have a solution for the problem of alert emails.
This is the first time you've mentioned problems installing apps. Please ask a new question about that.
I don't see how the ability to send alert emails is related to splunkbase access.
I see the same problem which is related to the password when I consult index = internal "sendmail" I notice that the problem: bad password although I am sure that I type it correctly the same problem when installing apps via the portal I type my credentials but I can't access splunkbase however when I navigate to the site I can access and do everything so the splunk enterprise portal refuses identification