All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Thank you @manjunathmeti . But it doesn't function. The result is the same as before. I think your advice helps if splunk doesn't import a whole file, if it is not salted and/or the first character... See more...
Thank you @manjunathmeti . But it doesn't function. The result is the same as before. I think your advice helps if splunk doesn't import a whole file, if it is not salted and/or the first characters in it doesn't have a difference to another file imported before. Further Investigation: I have exported the items from splunk (csv) and compare the original file with the export. I can't see any muster,  which object is imported and which not.  A muster could be like the first 22.256 objects were importet, I see, that object 66 to is not imported, 104, 108, 113, and so on not imported. I think there is a limit to import json-objects. But which is it?
we have created new app registation as per the document and assigned correct permistion as per the docuement.  still not able to pull the logs.  splunk support portal is down for 5 days.  need urgent... See more...
we have created new app registation as per the document and assigned correct permistion as per the docuement.  still not able to pull the logs.  splunk support portal is down for 5 days.  need urgent spport.  invalid_client","error_description":"AADSTS7000216: 'client_assertion', 'client_secret' or 'request' is required for the 'client_credentials' grant type. Trace ID
Hi i still get an error regarding GlusterFS during another fresh install of the latest Splunk SOAR even i already update the wording from mirror to vault in install_common.py and already do an apply... See more...
Hi i still get an error regarding GlusterFS during another fresh install of the latest Splunk SOAR even i already update the wording from mirror to vault in install_common.py and already do an apply to save the changes.     any idea where should i update again for those links that tooks an error? i do already installed manually the packages, but it still check into that links. Please help
As I said - while the connection might be working without properly authenticating the server (verifying server's certificate) the proper way of working with TLS-protected connection is to make sure t... See more...
As I said - while the connection might be working without properly authenticating the server (verifying server's certificate) the proper way of working with TLS-protected connection is to make sure the server is who it claims it is. So you should make sure your python app can properly verify the server's certificate - the server's cert should be issued by CA that your python code trusts. And that is one thing but it's just a general security-related thing not directly causing the server to return 401. 401 means you're not providing correct authentication data. As I said before - if supposedly the same token works with another host or app comparw the requests made by tue working app and the non-working app and check what is different. We can't know what's wrong as so far the only thing we have is "the server says 401".
When I try to login to splunk it give me authentication options. Once user pass is provided. it gives me below error.   Also when i checked web_service.log I see below error 'Error connect... See more...
When I try to login to splunk it give me authentication options. Once user pass is provided. it gives me below error.   Also when i checked web_service.log I see below error 'Error connecting to /services/authentication/users/splunk: timed out',)
Hi @whales , could you better describe your question? because the answer is too simple: when you have to search in data stored in tha index! Ciao. Giuseppe
Hi Team, Hope this message finds you well. I have a new splunk on-premise instance and we are planning to implement Splunk Trackme app on our SHC to monitor any data latency, missing data etc. for ... See more...
Hi Team, Hope this message finds you well. I have a new splunk on-premise instance and we are planning to implement Splunk Trackme app on our SHC to monitor any data latency, missing data etc. for our instance.  I read through few docs (https://trackme.readthedocs.io/en/latest/deployment.html)  that says it is resource consuming. I want to understand if it will impact our license consumption apart from CPU and memory post deployment. Also do we need any separate license for the splunk track-me. What are cons of it. Pls reply soon, thanks in advance
please provide the link to go my license page.  its too deficult to navigate. from 3 days navigating there is no link found
@MK3- I believe its an permission and/or app-context issue. When you create service object, Provide the same username you use to login on Splunk UI Provide the same App name which you use on UI a... See more...
@MK3- I believe its an permission and/or app-context issue. When you create service object, Provide the same username you use to login on Splunk UI Provide the same App name which you use on UI and search works fine service = client.connect(host="<ip/hostname>", username="<username>", password="<user-passwd", app="<same app as you use on UI>")   I hope this helps!!!!
hi @a101755, Try adding below configs in input monitors in inputs.conf. crcSalt = <SOURCE> initCrcLength = 2048
So, what should I do in my program? Do I need to add the ssl certificate? Also how to know properly authenticating to the server? Can I ask for your help about these matters? Thank you for your at... See more...
So, what should I do in my program? Do I need to add the ssl certificate? Also how to know properly authenticating to the server? Can I ask for your help about these matters? Thank you for your attention to this matter, I am waiting for your response
I have a json-File with with 23.904 objects in it. They are all like: { "1.Entry": "1.Data", ... "44.Entry": "44.Data" }, ... 23.902 similiar entries... { "1.Entry": "1.Data", ... "4... See more...
I have a json-File with with 23.904 objects in it. They are all like: { "1.Entry": "1.Data", ... "44.Entry": "44.Data" }, ... 23.902 similiar entries... { "1.Entry": "1.Data", ... "44.Entry": "44.Data" } But forwarding the json-file leaded to the count of 22.256 events (presents 22.256 json-objects) My props.conf [json_test] DATETIME_CONFIG = TIMESTAMP_FIELDS = test.sys_created_on INDEXED_EXTRACTIONS = json KV_MODE = none LINE_BREAKER = ([\r\n]+) NO_BINARY_CHECK = true category = Structured description = test json disabled = false pulldown_type = true   The problem so is not that a single event is truncated, but the json-file is.  
Hi,  I'm trying to instrument my .NET application for Splunk Observability Cloud. I'm using this package for that and it's working. I can see traces coming in. However in the Database Query Performa... See more...
Hi,  I'm trying to instrument my .NET application for Splunk Observability Cloud. I'm using this package for that and it's working. I can see traces coming in. However in the Database Query Performance section, I can only see the queries executed by hangfire (which we use to manage background jobs) in the application. Other DB queries are not captured. We are using a PostgreSQL database hosted in Amazon RDS which is compatible. The SQL Database MetricSets is also active. How can I make sure all the DB queries are captured? .
how do i determine when to use index=botsv1 ?  
"Name or service not known" means that you've typed in some address that your SH cannot properly resolve. Either you've made some typo or you have problems with DNS.
Your issue may be to do with what you do if the user has not selected a value for either token. A dashboard would normal wait for the user to make a selection. Handling tokens is easier in Classic Si... See more...
Your issue may be to do with what you do if the user has not selected a value for either token. A dashboard would normal wait for the user to make a selection. Handling tokens is easier in Classic SimpleXML dashboards than currently available in Studio. Is this an option for you?
Hello @Easwar.C  Could you please confirm whether the tools.jar is in the correct path which should be your JAVA_HOME in the OS? I tested with JDK8 and tomcat and I could see object instance trac... See more...
Hello @Easwar.C  Could you please confirm whether the tools.jar is in the correct path which should be your JAVA_HOME in the OS? I tested with JDK8 and tomcat and I could see object instance tracking in my controller normally. I attached the screenshots of my configuration and result as references. On a side note, you can open a case with AppD support, please kindly look through the article to raise a case if necessary. https://community.appdynamics.com/t5/Knowledge-Base/AppDynamics-is-migrating-our-Support-case-handling-system-to/ta-p/53966/redirect_from_archived_page/true How do I open a case with AppDynamics Support?   First, make sure that you have access to Cisco SCM by having a valid Cisco.com account. If you were part of the migration this should have been done automatically for you. If still you need to request a Cisco.com account, please refer to the earlier communication about User Identity changes found here.  Make your way to the AppDynamics portal on appdynamics.com/support. When you log in to the AppDynamics portal you will be automatically redirected to Cisco SCM.  Hope this helps. Best regards, Xiangning
Hi Folks, I was working on Splunk  webhook however I'm getting below error while sending payload though Webhook also the webhook url has been allowed aleardy. action=webhook STDERR - Error sending ... See more...
Hi Folks, I was working on Splunk  webhook however I'm getting below error while sending payload though Webhook also the webhook url has been allowed aleardy. action=webhook STDERR - Error sending webhook request: <urlopen error [Errno -2] Name or service not known> Does anyone have any ideas on how to resolve this issue?  
Hi @rammeduru  Currently There is no app available for Dashboards in Splunk Base.   you might try creating dashboards for yourself  
Hi @sgro777 , did you tried with: eventtype=builder (user_id IN ($id$) OR user_mail in $email$) | eval ..... ? Ciao. Giuseppe