On top of that your use might simply be restricted from using such commands. And your dashboards may not run if powered by risky commands. https://docs.splunk.com/Documentation/Splunk/latest/Securit...
See more...
On top of that your use might simply be restricted from using such commands. And your dashboards may not run if powered by risky commands. https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards
Ugh. This looks almost like a json structure. Unfortunately your keys and values are not enclosed in quotes so it is not a valid json object. If it were a json object you wouldn't have to worry about...
See more...
Ugh. This looks almost like a json structure. Unfortunately your keys and values are not enclosed in quotes so it is not a valid json object. If it were a json object you wouldn't have to worry about regexes because splunk can parse jsons. And it's best to let it do so instead of trying to fiddle with regexes to handle structured data. EDIT: OK, earlier you showed some representation of your event and it did include the quotes. So how is it?
Also the first business question - how do you know that you need to use Smartstore? Not that I'm saying that you don't but what's the rationale for this particular requirement?
This is an error resulting from the python code trying to do somethin it's not supposed to. In this case - it's trying to serialize to json an object which is not serializable (not all classes can be...
See more...
This is an error resulting from the python code trying to do somethin it's not supposed to. In this case - it's trying to serialize to json an object which is not serializable (not all classes can be serialized). Why it happens? We don't know - you should look in your logs for indication where this exception is triggered.
yes you are doing it right. After adding time picker you can click on this icon: and 1) select edit on your query 2) Go to "Time Range" 3) Click on Input and select your Time picker token
splunk list monitor and splunk list inputstatus are your friends here. Also - crcSalt = <SOURCE> is a setting often used by newcomers to Splunk but in reality it's rarely needed (usually raising ...
See more...
splunk list monitor and splunk list inputstatus are your friends here. Also - crcSalt = <SOURCE> is a setting often used by newcomers to Splunk but in reality it's rarely needed (usually raising initCrcLength suffices). alwaysOpenFile is most typically not needed. Leave it at default unless you're doing some weird stuff on Windows. My suspicion would be that since you have many files (almost a hundred files for each day), you're running out of file descriptors.
This looks like looks like filesystem permissions. The splunk paths are normally based on the splunk account user permissions example sudo chown -R splunk:splunk <YOUR DATA PATH> Find out what...
See more...
This looks like looks like filesystem permissions. The splunk paths are normally based on the splunk account user permissions example sudo chown -R splunk:splunk <YOUR DATA PATH> Find out what account Splunk was running under.
Hello Team, I had followed steps mentioned in below page for migration to Splunk Enterprise version 9.2.1: Upgrade to version 9.2 on UNIX - Splunk Documentation I receive below error on running st...
See more...
Hello Team, I had followed steps mentioned in below page for migration to Splunk Enterprise version 9.2.1: Upgrade to version 9.2 on UNIX - Splunk Documentation I receive below error on running start command. Due to this error, I am unable to complete the migration on Splunk indexer machine. Warning: cannot create "/data/splunk/index_data" Creating: /data/splunk/index_data ERROR while running renew-certs migration.
Hi @gcusello No, the new file has a different name ( the name is the time when they are generated ). The content of the files is not the same because they contain. I tried different options of crcS...
See more...
Hi @gcusello No, the new file has a different name ( the name is the time when they are generated ). The content of the files is not the same because they contain. I tried different options of crcSalt but nothing happened. I also checked logs in $SPLUNK_FORWARDER/var/log/splunk/metrics.log but there are no logs about new files
Yes, and here is an example: /Users/yotov/app/.logs/
- 1/
- 2024-05-14/
- 10_00_00.log
- 10_15_00.log
( every 15 minutes a new file is created )
- 15_00_00.log
- 2/
- 2...
See more...
Yes, and here is an example: /Users/yotov/app/.logs/
- 1/
- 2024-05-14/
- 10_00_00.log
- 10_15_00.log
( every 15 minutes a new file is created )
- 15_00_00.log
- 2/
- 2024-05-14/
- 10_00_00.log
- 10_15_00.log
.... About alwaysOpenFile - no, I tried with and without it. but nothing happens
Reference to this: https://github.com/elastic/elasticsearch/issues/57018#issuecomment-1501986185 and adding -Djava.io.tmpdir surely helped in the case of another customer I was working with as well.
Hello there, I also want to render splunk app's dashboard on my website securely, is there any way to render splunk app's dashboard on my web site, i have successfully access an existing dashboard X...
See more...
Hello there, I also want to render splunk app's dashboard on my website securely, is there any way to render splunk app's dashboard on my web site, i have successfully access an existing dashboard XML definition as per follow this guideline data/UI/views/{name}. Thanks for your support.
@scott_l - I would suggest to go to Splunk support get the details. Its very difficult to tell what's the issue without full details about execution and issue details.
Yeah that’s the document I’ve been following. I’ve tried many different combinations and so far nothing has worked. are you able to share the correct api query to use?