We have done the all configuration agent is up but after Dr drill activity agent is not starting facing above issue agent jar loaded but fail to intialize
There are different REST endpoints for Splunk to start or retrieve searches. Some will start a search and return a search ID, others will retrieve results from a previous search job. Probably the mo...
See more...
There are different REST endpoints for Splunk to start or retrieve searches. Some will start a search and return a search ID, others will retrieve results from a previous search job. Probably the most straightforward is the /jobs/export one, which starts a job and returns results, though this will take time for the started search to complete. An example request for this endpoint would be: curl -k -u <user_in_splunk> https://<yoursplunkhost>:8089/services/search/v2/jobs/export -d search="<yoursplsearch>" E.g. curl -k -u svc_aas -d search="search index=aas sourcetype=syslog" https://splunk-prod-api.internal.xxxx.com:8089/services/search/v2/jobs/export Note that this curl request will request a password for the splunk user. There may be functionality in postman to supply this password.
Change the definition of the macro to not be an eval macro by unchecking the "Use eval-based definition" box. Eval-based definitions are for macros that return a string value. The fileinfo macro re...
See more...
Change the definition of the macro to not be an eval macro by unchecking the "Use eval-based definition" box. Eval-based definitions are for macros that return a string value. The fileinfo macro returns a result set so is not an eval.
If you are trying to find the alerts coming from Microsoft Defender for Identity, you can gather the alerts via the MS Graph Plugin found here: https://splunkbase.splunk.com/app/4564#Configuring-Mic...
See more...
If you are trying to find the alerts coming from Microsoft Defender for Identity, you can gather the alerts via the MS Graph Plugin found here: https://splunkbase.splunk.com/app/4564#Configuring-Microsoft-Graph-Security-data-inputs
Taking a Udemy Splunk introductory course module about macros.
The string works fine in Search, but not as a macro named fileinfo - get the above error.
index=web
| eval megabytes=bytes/1024/10...
See more...
Taking a Udemy Splunk introductory course module about macros.
The string works fine in Search, but not as a macro named fileinfo - get the above error.
index=web
| eval megabytes=bytes/1024/1024
| stats sum(megabytes) as "Megs" by file
| sort – Megs
Hi! I know I'm late but I've always wondered this as well... From the Components and their relationship with the network section of the Inherit a Splunk Enterprise Deployment documentation, this is l...
See more...
Hi! I know I'm late but I've always wondered this as well... From the Components and their relationship with the network section of the Inherit a Splunk Enterprise Deployment documentation, this is loopback communication, meaning you won't need to open any ports. Splunk is talking to the local KV Store database (mongod). If I run an lsof for open ports, I see the following all occurring over the loopback interface (8065 shows a similar result, only showing Python as the listening service):
Attempting to address an issue where some of my org's larger playbooks refuse to load in the SOAR playbook editor . Support as usual disappoints by throwing their hands up in the air referencing "Bes...
See more...
Attempting to address an issue where some of my org's larger playbooks refuse to load in the SOAR playbook editor . Support as usual disappoints by throwing their hands up in the air referencing "Best Practices" and demanding we reduce the size of our playbooks. When I ask them to back their position by asking for documentation there is none. We're finding ourselves having to disable automations and workflows simply because we can't even load these workflows in the editor to perform routine fixes. Even after escalating to our account team, we're still getting the "reduce the size of your playbooks answer". Their workaround for not being able to load the playbook in the current version to rewrite them is to to rebuild a SOAR enviornment in 5.x so we can make these edits 🤬. Has anyone else experienced this? Is the only resolution rewriting playbooks to break them up? Version 6.1 Attempted the newest release, in a lab, no improvement.
I already have the Salesforce add-on for Splunk. Does Salesforce have an email source that I can tap on to get those emails? Has anyone done it successfully?
Hi @Sagar.Nalawade,
Please have a read of these AppD Docs pages
https://docs.appdynamics.com/appd/onprem/24.x/24.3/en/events-service-deployment/events-service-requirements
https://docs.appdyn...
See more...
Hi @Sagar.Nalawade,
Please have a read of these AppD Docs pages
https://docs.appdynamics.com/appd/onprem/24.x/24.3/en/events-service-deployment/events-service-requirements
https://docs.appdynamics.com/appd/onprem/24.x/24.3/en/events-service-deployment
Let me know if these help you out.
Tried changing to different base search and it did not work. My dashboard has other graphs too so changing to classic is big task, but will sure give a try, Thank you!
Hi @sajo.sam,
I found this TKB article. Please check it out and see if it helps. https://community.appdynamics.com/t5/Knowledge-Base/How-do-I-debug-common-Linux-Private-Synthetic-Agent-issues/ta-p...
See more...
Hi @sajo.sam,
I found this TKB article. Please check it out and see if it helps. https://community.appdynamics.com/t5/Knowledge-Base/How-do-I-debug-common-Linux-Private-Synthetic-Agent-issues/ta-p/51547
Hi @Jerg.Weick,
I've shared this with the PM, and it's being investigated whether it's a bug. I will report back here when I have any new information.
^ Posted was edited by @Ryan.Paredez to corr...
See more...
Hi @Jerg.Weick,
I've shared this with the PM, and it's being investigated whether it's a bug. I will report back here when I have any new information.
^ Posted was edited by @Ryan.Paredez to correct my initial reply.