All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Yes, but by developing the add-on from the scratch
@Sudhir.Bobade, got back to me saying that uninstalled and reinstalled and it worked that time around. 
I've managed to toy with the .csv to the point where it lets my apps pass. Let's take, for example, Splunk Security Essentials. Record in the .csv reads: Splunk_Security_Essentials,Splunk Securi... See more...
I've managed to toy with the .csv to the point where it lets my apps pass. Let's take, for example, Splunk Security Essentials. Record in the .csv reads: Splunk_Security_Essentials,Splunk Security Essentials,https://splunkbase.splunk.com/app/3435/,3.6.0#8.2|9.0|9.1|;.......... The latest version is 3.8.0. I neded to add the current version of the app, and assign my Splunk version to it: Splunk_Security_Essentials,Splunk Security Essentials,https://splunkbase.splunk.com/app/3435/,3.8.0#9.1|;3.6.0#8.2|9.0|9.1| Making this change to the .csv under /opt/splunk/etc/apps/python_upgrade_readiness_app/local/splunkbaseapps.csv did not help. However, the upgrade readiness app no longer fails Splunk Security Essentials after moving the edited .csv to these locations: /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/libs_py2/pura_libs_utils/splunkbaseapps.csv /opt/splunk/etc/apps/python_upgrade_readiness_app/bin/libs_py3/pura_libs_utils/splunkbaseapps.csv After rewriting the .csv files, it is of course needed to restart Splunk and Run New Scan in the Upgrade Readiness App. I will be accepting your original answer, as it is very straightforward ; and the way to go for most people who will encounter this issue. Thank you Tejas, and happy Splunking!
HI, were you able to solve this issue?
Hi @Sudhir.Bobade, I found this AppD Documentation that could be helpful:  https://docs.appdynamics.com/appd/4.5.x/en/appdynamics-application-performance-monitoring-platform/planning-your-deplo... See more...
Hi @Sudhir.Bobade, I found this AppD Documentation that could be helpful:  https://docs.appdynamics.com/appd/4.5.x/en/appdynamics-application-performance-monitoring-platform/planning-your-deployment/physical-machine-controller-deployment-guide/prepare-the-controller-host/prepare-windows-for-the-controller https://docs.appdynamics.com/appd/4.5.x/en/appdynamics-application-performance-monitoring-platform/controller-deployment/controller-system-requirements I was not able to find any other additional information that didn't require a bunch of log files to be requested.  You can always try contacting AppD Support for this issue too.  How do I submit a Support ticket? An FAQ 
Hello @SATYENDRA.DAS, Can you please send me a screenshot of what you are seeing? Be sure to either blur out or do not include the URL of your Controller when capturing the screen shot. 
Try something like this "options": { "columnFormat": { "Requester": { "rowBackgroundColors": "> table | seriesByName(\"Requester\") | matchValue(requesterColu... See more...
Try something like this "options": { "columnFormat": { "Requester": { "rowBackgroundColors": "> table | seriesByName(\"Requester\") | matchValue(requesterColumnFormatConfig)" } } }, "context": { "requesterColumnFormatConfig": [ { "match": "DOWN", "value": "#FF0000" }, { "match": "UP", "value": "#00FF00" } ] }
Hello We also got this issue. Did you find any answer or solution? When installing SplunkForwarder.service have enabled boot start But after at reboot it is changed to disabled boot start.  We... See more...
Hello We also got this issue. Did you find any answer or solution? When installing SplunkForwarder.service have enabled boot start But after at reboot it is changed to disabled boot start.  We clearly can not be the only ones experienced this.  This is running on a Red Hat Plow and running UF version 9  
Running the script itself is updating the internal database. If it gives you an option to run the scan forcefully, you can go ahead with that. Otherwise, it should get updated every 24 hours.   Tha... See more...
Running the script itself is updating the internal database. If it gives you an option to run the scan forcefully, you can go ahead with that. Otherwise, it should get updated every 24 hours.   Thanks, Tejas.
As the documentation says, the ReST API that you are using returns information about the search (definition). These are not events and do not have timestamps (per se), so you are getting all the defi... See more...
As the documentation says, the ReST API that you are using returns information about the search (definition). These are not events and do not have timestamps (per se), so you are getting all the definitions already.
Which also explains why the "z" version was not available for download Well, then all is well that ends well I suppose! Thank you for both help and clarification, much appreciated!
https://docs.splunk.com/Documentation/ES/7.3.1/Admin/Listcorrelationsearches Hi, I'm using the searches mentioned in the documentation. There is a field named triggered_alert_count which gives me wh... See more...
https://docs.splunk.com/Documentation/ES/7.3.1/Admin/Listcorrelationsearches Hi, I'm using the searches mentioned in the documentation. There is a field named triggered_alert_count which gives me what I want but it returns the same number of alerts across all time ranges.    | rest splunk_server=local count=0 /services/saved/searches | rename eai:acl.app as app, title as csearch_name, action.correlationsearch.label as csearch_label, action.notable.param.security_domain as security_domain, triggered_alert_count as number_of_alerts | search app="SplunkEnterpriseSecuritySuite" | table number_of_alerts, csearch_label, app, security_domain, description   Ideally I would like to see the total number of alerts as far back as Splunk remembers. Thanks.
Ok, that's what was missing! So I deduced it from the following information: From OpenSSL.Org: **** OpenSSL 1.0.2 is out of support since 1st January 2020 and is no longer receiving updates. Exten... See more...
Ok, that's what was missing! So I deduced it from the following information: From OpenSSL.Org: **** OpenSSL 1.0.2 is out of support since 1st January 2020 and is no longer receiving updates. Extended support is available from OpenSSL Software Services for premium support customers. CVE-2024-0727 - Fixed in OpenSSL 1.0.2zj (premium support) (Affected since 1.0.2) **** Since only premium customers get 1.0.2.zj, and Splunk has it, they are therefore a Premium customer.
Hi, Seems like this link below is no longer working. https://splunk-sizing.appspot.com/   Does Splunk have online splunk sizing that we can use to do capacity planning estimates?
Hi Splunk experts, I have made a dashboard which show my App's service status in Dashboard Studio and I want to display color based on value as show below. This was achieved in Dashboard classic by... See more...
Hi Splunk experts, I have made a dashboard which show my App's service status in Dashboard Studio and I want to display color based on value as show below. This was achieved in Dashboard classic by editing the source and appending the format as below.   </format> <format type="color" field="Requester"> <colorPalette type="expression">case (match(value,"DOWN"), "#E34234",match(value,"NA"), "#F8BE34",match(value,"UP"),"#4F7942")</colorPalette> <format type="color" field="Stripping"> <colorPalette type="expression">case (match(value,"DOWN"), "#E34234",match(value,"NA"), "#F8BE34",match(value,"UP"),"#4F7942")</colorPalette> </format>   Can the same be achieved in Dashboard studio as well ? If so how it can be done. Can you guys please help me out on this.TIA      
@meshorer  The IN operator will only look for the entire entry in the list so won't work as you cant wildcard the entries. You may have to pull in containers within a date/time range and then do s... See more...
@meshorer  The IN operator will only look for the entire entry in the list so won't work as you cant wildcard the entries. You may have to pull in containers within a date/time range and then do some post-processing in custom code to grab what you need from the returned values. 
It looks like you can (not someting I've done as I normally use the default, so worth try it) From what I gather you can edit for savedsearch.conf file and under your named saved search stanza and a... See more...
It looks like you can (not someting I've done as I normally use the default, so worth try it) From what I gather you can edit for savedsearch.conf file and under your named saved search stanza and add the dispatch.ttl setting Example /opt/splunk/etc/my_app/local/savedsaearch.conf [my_saved_search] dispatch.ttl = 604800 Have a look at this link https://docs.splunk.com/Documentation/Splunk/9.2.1/Search/Extendjoblifetimes
Yes and no. I guess my question could have been a bit more concrete and clear. It does list the details regarding premium services ([ Contracts ] - /support/contracts.html (openssl.org)) inkluding L... See more...
Yes and no. I guess my question could have been a bit more concrete and clear. It does list the details regarding premium services ([ Contracts ] - /support/contracts.html (openssl.org)) inkluding LTS for 1.0.2. But it does not list any premium customers. I'm struggling to validate that the LTS versions is what is shipped with Splunk. I have not found  information documenting this as a fact by Splunk representatives yet. If you can point me to the documentation regaring Splunk being a premium customer I'd appreciate it very much. Then I have something to lean on while ignoring the alerts
Thank you for the pointer. I have been doing that at the time I got your response.  On the test server, the apps we are having issues with passed jQuery scan, but still appear as FAILED in Python ... See more...
Thank you for the pointer. I have been doing that at the time I got your response.  On the test server, the apps we are having issues with passed jQuery scan, but still appear as FAILED in Python scan. (Details :This newly installed App has not completed the necessary scan. Required Action: Please check again in 24 hours when the necessary scan is complete.) Is it possible to force the "necessary scan" to run? In another post, I read this means that "the latest version of those apps / addons were not updated in the Upgrade Readiness App database file". Once again, tysm for your help so far.  
Hello, is there a way to use a rest api and search for containers that contain the word  computer or the word process in the container name? I only manage to filter for “contains” or the filter “in”... See more...
Hello, is there a way to use a rest api and search for containers that contain the word  computer or the word process in the container name? I only manage to filter for “contains” or the filter “in”, , but i failed to use both.