Ok. Back up a little. You have a file. It's supposed to be a certificate (possibly with a certificate chain from trusted rootCA). How did you get it? Did you send someone a CSR to obtain a cert? Did...
See more...
Ok. Back up a little. You have a file. It's supposed to be a certificate (possibly with a certificate chain from trusted rootCA). How did you get it? Did you send someone a CSR to obtain a cert? Did you just get a cert because you mailed/called/faxed/whatever someone and told them "hey, we need a cert"? And the most important question here is - do you have a private key corresponding to that cert?
How to fetch the fieldForLabel value using token(option). i have to pass fieldForLabel to query <input type="dropdown" token="option">
<label>Choose from options</label>
<fieldForLabel>TEST</f...
See more...
How to fetch the fieldForLabel value using token(option). i have to pass fieldForLabel to query <input type="dropdown" token="option">
<label>Choose from options</label>
<fieldForLabel>TEST</fieldForLabel>
<fieldForValue>aaa</fieldForValue>
<search>
<query>
| inputlookup keyvalue_pair.csv
| dedup TEST
| sort TEST
| table TEST aaa
</query>
</search>
</input>
Hi @bowesmana Thanks a lot!! You rock!! I did make attempt on using evenstats, but then It didn't work because of if condition didn't work. It turns out I had to use a match command. I ap...
See more...
Hi @bowesmana Thanks a lot!! You rock!! I did make attempt on using evenstats, but then It didn't work because of if condition didn't work. It turns out I had to use a match command. I appreciate your help.
My post can be disregarded, simple misinformation and not checking what/where people were running their field extractions. (App vs Global permissions on Field and Transform extractions). Cheers non...
See more...
My post can be disregarded, simple misinformation and not checking what/where people were running their field extractions. (App vs Global permissions on Field and Transform extractions). Cheers nontheless and thanks for the pointers
Thanks for the information. I tried all the possible ways; SSL is not getting configured. Opened another case with Splunk, they are looking. even if we are trying to configure it from scratch as per ...
See more...
Thanks for the information. I tried all the possible ways; SSL is not getting configured. Opened another case with Splunk, they are looking. even if we are trying to configure it from scratch as per the documentation, its not working. Splunk has asked for the diag file, and we have shared it to them but no response on it yet.
index=_internal source=*splunkd.log* host=<all indexer hosts> bucketreplicator full earliest=-15m | stats count dc(host) as num_indexer_blocked_by_peer by peer | where num_indexer_blocked_by_peer > ...
See more...
index=_internal source=*splunkd.log* host=<all indexer hosts> bucketreplicator full earliest=-15m | stats count dc(host) as num_indexer_blocked_by_peer by peer | where num_indexer_blocked_by_peer > 0 AND count > 0 | join type=left peer [ search index=_introspection host=<all indexer hosts> hostwide earliest=-10m | stats values(data.instance_guid) as peer by host]
Hi, A couple of notes regarding Network Explorer. The networkExplorer data collection was deprecated in the v0.88.0 Splunk helm chart. That said, the interface from the infrastructure navigator is s...
See more...
Hi, A couple of notes regarding Network Explorer. The networkExplorer data collection was deprecated in the v0.88.0 Splunk helm chart. That said, the interface from the infrastructure navigator is still available if you ingest networkExplorer data (e.g., tcp.bytes). To ingest this data, you'll probably want to consider the upstream eBpf helm chart along with the OTel collector running as a gateway. This link may help: https://docs.splunk.com/observability/en/infrastructure/network-explorer/network-explorer-setup.html#migrate-from-networkexplorer-to-ebpf-helm-chart
I was able to check _internal and found "SSLError(MaxRetryError("HTTPSConnectionPool(host='redacted.host.com', port=XXX): Max retries exceeded with url: /rest/token (Caused by SSLError(SSLError(1, '...
See more...
I was able to check _internal and found "SSLError(MaxRetryError("HTTPSConnectionPool(host='redacted.host.com', port=XXX): Max retries exceeded with url: /rest/token (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1106)')))")). I have verify SSL set to false in the tenable_consts.py file so I am not sure if that has bearing ...*update* it does not still getting the same error. Any ideas?
H status at 2024-03-07T01:50:00.000-05:00 X 20240307 2024-03-07T03:40:07.000-05:00 X 20240307 C status at 2024-03-07T08:30:22.000-05:00 C 20240307 2024-03-07T08:...
See more...
H status at 2024-03-07T01:50:00.000-05:00 X 20240307 2024-03-07T03:40:07.000-05:00 X 20240307 C status at 2024-03-07T08:30:22.000-05:00 C 20240307 2024-03-07T08:30:22.000-05:00 C 20240307 So here count 2 One more H status at 2024-03-07T22:40:07.000-05:00 X 20240307 But its not completed within the day 2024-03-08T08:30:22.000-05:00 C 20240308
Hello @williamcclark , Is this a Splunk Cloud or on-premise instance? If it is Splunk Cloud and it is a Classic stack confirm if this app is installed in IDM instead of the SH. Also, I recommend yo...
See more...
Hello @williamcclark , Is this a Splunk Cloud or on-premise instance? If it is Splunk Cloud and it is a Classic stack confirm if this app is installed in IDM instead of the SH. Also, I recommend you the following: 1 - Open the developer tools of your browser and go to the Console to see if there any errors shown when you receive this error message. 2 - Look for internal errors of this TA in Splunk. index=_internal source=*tenable* Thanks.
If the lookup table is small enough, you may be able to update it manually using the Splunk App for Lookup File Editing (https://splunkbase.splunk.com/app/1724). Otherwise, the only way to do it in ...
See more...
If the lookup table is small enough, you may be able to update it manually using the Splunk App for Lookup File Editing (https://splunkbase.splunk.com/app/1724). Otherwise, the only way to do it in SPL is to read the entire lookup table, modify the status field using eval or other commands, and then rewrite the lookup table. | inputlookup Status.csv
| eval status=...
| outputlookup Status.csv