All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hi gcusello , My indexer hosts less than 50 hosts.  Environment is rather small. Format of the date is American (mm/dd/yyyy).  I can also see that when I do an ausearch -i from the audit.log.  The ... See more...
Hi gcusello , My indexer hosts less than 50 hosts.  Environment is rather small. Format of the date is American (mm/dd/yyyy).  I can also see that when I do an ausearch -i from the audit.log.  The date is the format I'd expect as indicated above. In terms of the _internal index, dates are correct.  Yesterday's _internal index showed 06/05/2024 and the logs themselves were the same.  I'm not sure I'm answering your question, however.  Let me know if you needed other information about _*indexes. I will try setting props.conf on this one particular host and reply back with the results tomorrow.  
It looks like the last version of this add-on isn't compatiable with due to the add-on builder used, and the app version 1.0.2 has to  be used wih SC vs. the latest release of 1.1.1.   Can anyone co... See more...
It looks like the last version of this add-on isn't compatiable with due to the add-on builder used, and the app version 1.0.2 has to  be used wih SC vs. the latest release of 1.1.1.   Can anyone confirm if there are plans to re-compile the add-on with the latest add-on builder and if the latest app is support on Splunk Cloud? 
I have the same problem, but when I go to change the file $SPLUNK_HOME/etc/apss/TA-openai-api\local\passwords.conf as is describe in de github repository there is not passwords.conf file in  $SPLUNK_... See more...
I have the same problem, but when I go to change the file $SPLUNK_HOME/etc/apss/TA-openai-api\local\passwords.conf as is describe in de github repository there is not passwords.conf file in  $SPLUNK_HOME/etc/apss/TA-openai-api\local\ I hope ypu can help me. Thanks in advance
@richgalloway Rename the passwrd file under /etc/system and change the password under user-seed.conf file for admin user.
Hi all, I am attempting to create an add-on with the Add-On Builder that queries a REST API for stats and saves them to a metrics index. A requirement is that it needs to be smart during outages & re... See more...
Hi all, I am attempting to create an add-on with the Add-On Builder that queries a REST API for stats and saves them to a metrics index. A requirement is that it needs to be smart during outages & recovery. I thought I could just add checkpointing to the add-on. As a test, I stopped Splunk for a few minutes, then started it up and got this: The spike is where Splunk was restarted. What appears to be happening is that the checkpoint is starting where it left off but just doing 1 query from where it left off to the current time and returning the sum. What I want it to do is basically a backfill - start at the saved checkpoint & run the REST query every 30 seconds and save those values. Is that possible to do in the Add-On builder or does that require additional coding?
Yes I did and put in the Object ID of the Application created on Azure as the Group Name. I'm trying to figure out how is it not working. Did I put the correct Object ID?
Yes, SPL has a join command, but it should be avoided because it doesn't perform well.  See https://docs.splunk.com/Documentation/Splunk/9.2.1/SearchReference/Join  
Hi @Pranaychandra.Ravi, Awesome, thanks for sharing! 
@Ryan.Paredez  This issue is solved with the support help, they enabled the debug and got me the exact error . I removed the section of the request that are causing the issues  #set($summaryMe... See more...
@Ryan.Paredez  This issue is solved with the support help, they enabled the debug and got me the exact error . I removed the section of the request that are causing the issues  #set($summaryMessageParts = $latestEvent.summaryMessage.split("Properties")) #set($summaryMessageFirstPart = $summaryMessageParts[0].trim())
How did you reset the admin password?
Hi @Kim.Frazier, Thanks for following up and letting us know. If you wish, you can submit this as a feature request on the Community Idea Exchange here: https://community.appdynamics.com/t5/Idea-Ex... See more...
Hi @Kim.Frazier, Thanks for following up and letting us know. If you wish, you can submit this as a feature request on the Community Idea Exchange here: https://community.appdynamics.com/t5/Idea-Exchange/idb-p/ideas
Hi! From version 3.17, Mongo DB and Atlas are supported by DB Connect. If you are interested in learning about requirements, please check documentation:   https://docs.splunk.com/Documentation/DBX/3... See more...
Hi! From version 3.17, Mongo DB and Atlas are supported by DB Connect. If you are interested in learning about requirements, please check documentation:   https://docs.splunk.com/Documentation/DBX/3.17.1/JDBCMONGODB/About 
Hi @Pranaychandra.Ravi, Given how old this post is, it may not get a reply from the Community. You can always reach out to Cisco AppDynamics Support - How do I submit a Support ticket? An FAQ 
Hi @Shane.Tembo, In case you don't hear back, I found this documentation that may help.  https://docs.appdynamics.com/observability/cisco-cloud-observability/en/cloud-and-infrastructure-monitorin... See more...
Hi @Shane.Tembo, In case you don't hear back, I found this documentation that may help.  https://docs.appdynamics.com/observability/cisco-cloud-observability/en/cloud-and-infrastructure-monitoring/aws-cloud-observability/configure-aws-cloud-connections/set-up-the-cisco-appdynamics-infrastructure-collector-to-monitor-aws/deploy-the-cisco-appdynamics-infrastructure-collector-in-ecs-fargate
By Default when you install Splunk it installs default certs that can be used, but these should be changed as per your organisations TLS cert process alongside the TLS requirements as per the Splunk ... See more...
By Default when you install Splunk it installs default certs that can be used, but these should be changed as per your organisations TLS cert process alongside the TLS requirements as per the Splunk docs. The default ones are only used for testing, POC etc.  If you look at the table from this document link, it shows the various components and TLS cert scenarios for Splunk enterprise and cloud and default status. https://docs.splunk.com/Documentation/Splunk/9.2.1/Security/AboutsecuringyourSplunkconfigurationwithSSL  So, in your case. (Between Search Heads and Indexers) You would need to create TLS cert for Web Browser Access, not use the default ones, unless just testing - this will give you config and search data. Note the SH should be connected to the Indexers via the Cluster Manager. Between Indexers (Index Clustering) - If you configure indexers in a cluster, they should also use TLS certificate - this will be for replication data, again its best to create your TLS certs for all the indexers. Side note: You typically also use the UF's with the indexers certs for UF to Indexer TLS data encryption. Here's a good link for Splunk TLS certs process and understanding https://lantern.splunk.com/Splunk_Platform/Product_Tips/Administration/Securing_the_Splunk_platform_with_TLS 
I am having an issue in Advanced hunting for Defender app in Splunk https://splunkbase.splunk.com/app/5518 My original KQL query in azure contains | JOIN KIND INNER. Is such syntax... See more...
I am having an issue in Advanced hunting for Defender app in Splunk https://splunkbase.splunk.com/app/5518 My original KQL query in azure contains | JOIN KIND INNER. Is such syntax also possible in SPL?            
Hi @Naruto7431 , what do you mean? you can normally search on raw logs using Splunk and get the desidered output. Could you better describe your request? Ciao. Giuseppe
Hi, I'll try to more specific, I have text files (one data type for example) those *.txt files contain geographic data that i would like to query using Splunk. The size and for format  of those file... See more...
Hi, I'll try to more specific, I have text files (one data type for example) those *.txt files contain geographic data that i would like to query using Splunk. The size and for format  of those files are varies, it could be txt, xml, json.... 1kb-10mb
Hello Splunkers!! After resetting my admin password, the users' accounts are gone and they are not visible in the UI. How can I restore all those user login accounts? In the above picture fro... See more...
Hello Splunkers!! After resetting my admin password, the users' accounts are gone and they are not visible in the UI. How can I restore all those user login accounts? In the above picture from the backend I can see the users. but from the UI no user account is visible.
From normal splunk search can i also search inside the show source raw log and get the desired o/p