All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hey all,  I recently upgraded our Splunk server to 9.1.3.  I have a single UF running 8.2 which connects, however my newly deployed 9.1.3 forwarder on server 2 (Windows Server) doesn't connect.  This... See more...
Hey all,  I recently upgraded our Splunk server to 9.1.3.  I have a single UF running 8.2 which connects, however my newly deployed 9.1.3 forwarder on server 2 (Windows Server) doesn't connect.  This is net new and has never connected.  I am seeing mixed info on whether or not SSL certs need to be configured on the forwarder.  I see the UF talking to our Enterprise server on port 9997.  I am using CA signed certs on the Slunk server and default certificates on the server which uses the UF.   Can anyone point me in the right direction to get this working?  The output.conf is as follows:   [tcpout] defaultGroup=default-autolb-group [tcpout:default-autolb-group] server=<SPLUNK_IP_SERVER>:9997 useSSL=false [tcpout-server://<SPLUNK_IP_SERVER>:9997]
Hi , Sorry if any confusion on my comments, i am not asking that app should be archived. We have this app installed on our SH since long now and all of sudden app stopped working, post we raised a... See more...
Hi , Sorry if any confusion on my comments, i am not asking that app should be archived. We have this app installed on our SH since long now and all of sudden app stopped working, post we raised a case with SPlunk ,  they mentioned app got deprecated. Now i am checking if there is any alternate option to onboard the CAS(cloud app security) logs. As per your comments,If  App is still active , then why the console is  not opening?
Hi @tej57 , thank you for sharing the code for country and site. But here i have 8 hosts 4 belongs to India hosts and other 4 belongs to China. So i tried using below code for hosts in dashboard dr... See more...
Hi @tej57 , thank you for sharing the code for country and site. But here i have 8 hosts 4 belongs to India hosts and other 4 belongs to China. So i tried using below code for hosts in dashboard drop down it is showing correctly, but when i open in search under selected fields the host name is not showing which i mentioned in drop down list, showing different host which is not mentioned in the drop down. we want to show data in dashboard only with these 8 hosts <input type="dropdown" token="host"> <label>Hosts</label> <choice value="*">All</choice> <prefix>host="</prefix> <suffix>"</suffix> <default>*</default> <fieldForLabel>host</fieldForLabel> <fieldForValue>host</fieldForValue> <search> <query> | makeresults | eval site="BDC", host="jboss.cloud.com" | fields site host | append [ | makeresults | eval site="BDC", host="ulkoy.cloud.com" | fields site host] | append [ | makeresults | eval site="BDC", host="ualki.cloud.com" | fields site host] | append [ | makeresults | eval site="BDC", host="hyjki.cloud.com" | fields site host] | append [ | makeresults | eval site="SOC", host="uiy67.cloud.com" | fields site host] | append [ | makeresults | eval site="SOC", host="7hy56.cloud.com" | fields site host] | append [ | makeresults | eval site="SOC", host="ju5e.cloud.com" | fields site host] | append [ | makeresults | eval site="SOC", host="mjut.cloud.com" | fields site host] |seach $site$ |dedup host | sort host | table host </query> </search> </input>  
   
Try replacing the last stats command with timechart. | timechart count by protocol  
Try | chart count by _time protocol
trying to get 2 different lines one for HDX and the other for RDP, can anyone help please?    
Please share the failing SPL
What do you mean by "distribute license"?  Licenses are not distributed.  They're installed on the LM and the other instances contact the LM. What exactly are you trying to do and how exactly are yo... See more...
What do you mean by "distribute license"?  Licenses are not distributed.  They're installed on the LM and the other instances contact the LM. What exactly are you trying to do and how exactly are you trying to do it?
Hi Team, I have a active Servcenow ticket and email notification integration setup already for splunk alerts.  I am trying to add tokens which show me query result in serviceNow ticket descriptio... See more...
Hi Team, I have a active Servcenow ticket and email notification integration setup already for splunk alerts.  I am trying to add tokens which show me query result in serviceNow ticket description as same as we are getting in email notification when we check  Inline Table fields. can you help me to add same in serviceNow ticket as well. so that I can get query result in ticket as well. right now its showing me only title of the alerts. due to which I need to go to splunk every time when alert trigger  and need to run alerts search to validate alerts manually.      
pls can you elaborate 
HI everyone, I need to check my logs to see if a user has MFA enabled or not. I've already configured Microsoft Azure App for Splunk, as all the other data is coming through. Additionally, I can see... See more...
HI everyone, I need to check my logs to see if a user has MFA enabled or not. I've already configured Microsoft Azure App for Splunk, as all the other data is coming through. Additionally, I can see 'azure:monitor:aad' logs. Can someone help me understand what changes need to be made on the Azure side to be able to view these logs? Thank you in advance.
I keep getting an error when trying to distribute the license from the license manager. Won't allow me to distribute license, session either times out or get error code different each time. Any hel... See more...
I keep getting an error when trying to distribute the license from the license manager. Won't allow me to distribute license, session either times out or get error code different each time. Any help would be greatly appreciated.   Thanks -David 
Hi @whitecat001, open the Monitoring Console and go in the Search section: [Settings > Monitoring Console > Search] to find what you need. Ciao. Giuseppe
Hi @triva79 , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by all the contributors
Hi @dude49, open a case to Splunk Support! remember to prepare a diag of your SH to send them. Ciao. Giuseppe
Pls can i get a query that shows statistics on search activity in splunk 
Search Head GUI is not working. Found error in the splunk.d logs, not sure if it pertains to why gui is down. Anyone have experience with this happening? SH GUI is not responding, looked into the log... See more...
Search Head GUI is not working. Found error in the splunk.d logs, not sure if it pertains to why gui is down. Anyone have experience with this happening? SH GUI is not responding, looked into the logs and found this error. Anyone have an experience with this or know of any fix? TsidxStats - sid:summarize_1591771322.7666 Failed to contact the server endpoint https://127.0.0.1:8089 from touchSummary()
still its not working
thanks so much only my 2nd day using Splunk