All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hi @Sarath Kumar.Sarepaka, I was trying to find more information for you, but could not. Since the Community did not jump in, you can contact AppDynamics Support, or you can reach out to your AppD ... See more...
Hi @Sarath Kumar.Sarepaka, I was trying to find more information for you, but could not. Since the Community did not jump in, you can contact AppDynamics Support, or you can reach out to your AppD Rep/CSM AppDynamics is migrating our Support case handling system to Cisco Support Case Manager (SCM). Read on to learn how to manage your cases. 
I have asked ChatGPT. The answer is as below. So I don't think there is easy way like modify conf file can reslove this issue. As of the latest available information, there are no widely recognized ... See more...
I have asked ChatGPT. The answer is as below. So I don't think there is easy way like modify conf file can reslove this issue. As of the latest available information, there are no widely recognized third-party solutions or community-contributed add-ons specifically tailored for Splunk to collect logs from Azure China. Most existing add-ons, including the official *Splunk Add-on for Microsoft Cloud Services*, are designed for the global Azure environment and may require customization to work with Azure China. ### Options and Workarounds: 1. **Customization of Existing Add-ons**: - You can manually modify the Splunk Add-on for Microsoft Cloud Services to point to the Azure China endpoints by editing the configuration files directly. This is the most common workaround but requires technical know-how to ensure compatibility and proper data collection. 2. **Custom Scripts**: - If modifying existing add-ons is too complex or not feasible, you can create custom scripts using Azure SDKs (like Python SDK) to pull data from Azure China and forward it to Splunk using the HTTP Event Collector (HEC). 3. **Using REST API**: - Another approach is to use the Splunk Add-on for REST APIs to interact directly with Azure China's API endpoints. This method gives you the flexibility to collect any data available via the Azure China REST API. 4. **Community Forums and Contributions**: - While specific tailored add-ons for Azure China are not available, you may find discussions or shared configurations on the [Splunk Community Forums](https://community.splunk.com/) or other community-driven platforms like GitHub, where users may have shared their custom solutions. ### Keeping Up-to-Date: It's recommended to regularly check Splunkbase and participate in community discussions to stay updated on any new add-ons or tools that might become available for Azure China. For more details, you can visit [Splunkbase](https://splunkbase.splunk.com/) and the [Splunk Community](https://community.splunk.com/)【17†source】【18†source】.
https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-the-Splunk-Add-on-for-Microsoft-Cloud-Services-or-Splunk-Add/m-p/646898 I have tried and failed. When asking for support, they replied no offi... See more...
https://community.splunk.com/t5/All-Apps-and-Add-ons/Is-the-Splunk-Add-on-for-Microsoft-Cloud-Services-or-Splunk-Add/m-p/646898 I have tried and failed. When asking for support, they replied no official support for Azure China. So this issue has not been resolved yet.  
I have tried and failed. When asking for support, they replied no official support for Azure China. So this issue has not been resolved yet.
What do we use for the Base URL when configuring the App's Add-on Settings? Should this be left to slack.com/api as default?
Authentication datamodel
Hi @vid1 , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
Authentication datamodel that macro is not there in my macros list
identifying the correct sourcetype removed only one part of the header, still however it does not remove the priority and the other part of the header... I had already tried that. I thank you, do y... See more...
identifying the correct sourcetype removed only one part of the header, still however it does not remove the priority and the other part of the header... I had already tried that. I thank you, do you have any other solutions? Thank you, Giulia 
Hi @vid1 , usually in DataModel's there's a macro to reduce the indexes to use in the population activity. You can check this macro in the DataModel constrains. Now this macro isn't present in you... See more...
Hi @vid1 , usually in DataModel's there's a macro to reduce the indexes to use in the population activity. You can check this macro in the DataModel constrains. Now this macro isn't present in your environment or you haven't the permissions to use it. Search for this macro: if present check the permissions, if not present create it or remove t from the dataModel Constrains. Which DataModel are you speaking of? Ciao. Giuseppe
IMO, the best version of Python to use is the one that comes with Splunk.  That's either 3.7 or 3.9, depending on your Splunk version. Use the Splunk-provided interpreter with the command splunk cmd... See more...
IMO, the best version of Python to use is the one that comes with Splunk.  That's either 3.7 or 3.9, depending on your Splunk version. Use the Splunk-provided interpreter with the command splunk cmd python
i am facing error while running datamodel below The search job has failed due to err='Error in 'SearchParser': The search specifies a macro 'isilon_index' that cannot be found.    l
Hi @Hiroshi , if you have an urgent issue, youcan call a phone number to open a case, youcan find it at  https://www.splunk.com/en_us/about-splunk/contact-us.html?_gl=1*ysdmn5*_gcl_au*MTM2NjY2NTEyN... See more...
Hi @Hiroshi , if you have an urgent issue, youcan call a phone number to open a case, youcan find it at  https://www.splunk.com/en_us/about-splunk/contact-us.html?_gl=1*ysdmn5*_gcl_au*MTM2NjY2NTEyNS4xNzI0MDcxMTI0*FPAU*MTM2NjY2NTEyNS4xNzI0MDcxMTI0*_ga*MjEwNTAzMDU0Ni4xNzI0MDcxMTI0*_ga_5EPM2P39FV*MTcyNDQxMDYwNS4yNS4xLjE3MjQ0MTEwNTQuMC4wLjE4NjU0NjUxNTE.#sp-tabs--customer-support-tab_1 let me know if I can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated  
Hi @gcusello , Thank you very much. It is very troubling that I can't inquire, but I'll wait a little longer.
Hi @Hiroshi , there's a similat issue on the Partner Portal, I suppose that they are in maintenance. Ciao. Giuseppe
Why can't I open the Support Portal page? I am having trouble referencing a case.
Please check the syslogSourceType and reconfigure it syslogSourceType = <string> * Specifies an additional rule for handling data, in addition to that provided by the 'syslog' source type. * This ... See more...
Please check the syslogSourceType and reconfigure it syslogSourceType = <string> * Specifies an additional rule for handling data, in addition to that provided by the 'syslog' source type. * This string is used as a substring match against the sourcetype key. For example, if the string is set to "syslog", then all sourcetypes containing the string 'syslog' receive this special treatment. * To match a sourcetype explicitly, use the pattern "sourcetype::sourcetype_name". * Example: syslogSourceType = sourcetype::apache_common * Data that is "syslog" or matches this setting is assumed to already be in syslog format. * Data that does not match the rules has a header, optionally a timestamp (if defined in 'timestampformat'), and a hostname added to the front of the event. This is how Splunk software causes arbitrary log data to match syslog expectations. * No default. outputs.conf - Splunk Documentation  
Hi @kvm  More details needed pls: 1) Splunk version, 2) Cloud or on-prim, 3) Dynatrace version, 4) UF (and HF) version? 5) Splunk's own SSL Certificate(Linux's SSL certificate) or third party S... See more...
Hi @kvm  More details needed pls: 1) Splunk version, 2) Cloud or on-prim, 3) Dynatrace version, 4) UF (and HF) version? 5) Splunk's own SSL Certificate(Linux's SSL certificate) or third party SSL certificate?
Hi Team, We could see latency in logs Log ingestion via - syslog Network devices --> Syslog server --> splunk  Using below query, we could see minimum 10 mins to maxminum 60 mins log la... See more...
Hi Team, We could see latency in logs Log ingestion via - syslog Network devices --> Syslog server --> splunk  Using below query, we could see minimum 10 mins to maxminum 60 mins log latency index="ABC" sourcetype="syslog" source="/syslog*" | eval indextime=strftime(_indextime,"%c") | table _raw _time indextime What should be our next steps to check where the latency is and how to fix it?
hello  , this is the current example of the outputs.conf, but still the header is not gone: [tcpout-server://xxxx..xxx:9997][tcpout-server://yyy.yyy.yyy:9997] [tcpout-server://zz.zzz.zzz:9997]... See more...
hello  , this is the current example of the outputs.conf, but still the header is not gone: [tcpout-server://xxxx..xxx:9997][tcpout-server://yyy.yyy.yyy:9997] [tcpout-server://zz.zzz.zzz:9997] [tcpout:default-autolb-group] server = xx.xxx.xxx:9997,yyy.yyy.yyy:9997,zz.zzz.zzz:9997 disabled = false [syslog] #defaultGroup = syslogGroup2 [syslog:syslogGroup1] server = aa.aaa.aa.a.:514 type = udp syslogSourceType = fortigate [syslog:syslogGroup2] server = bb.bbb.bbb:517 type = udp syslogSourceType = fortigate can you give me an example of how i could fix it? Thank you very much Giulia