All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hello all, I have a problem with my configuration smtp. When I send e-mail I get this error : 2024-02-14 16:44:15,213 +0100 ERROR cli_common:482 - Failed to decrypt value: ************************... See more...
Hello all, I have a problem with my configuration smtp. When I send e-mail I get this error : 2024-02-14 16:44:15,213 +0100 ERROR cli_common:482 - Failed to decrypt value: ***************************=, error: Read custom key data size=30 Someone has an idea?
Hello all, I have a problem with my configuration smtp. When I send e-mail I get this error : 2024-02-14 16:44:15,213 +0100 ERROR cli_common:482 - Failed to decrypt value: ************************... See more...
Hello all, I have a problem with my configuration smtp. When I send e-mail I get this error : 2024-02-14 16:44:15,213 +0100 ERROR cli_common:482 - Failed to decrypt value: ***************************=, error: Read custom key data size=30 Someone has an idea?
Maybe this is worth of own idea in ideas.splunk.com?
Hello all, I have a problem with my configuration smtp. When I send e-mail I get this error : 2024-02-14 16:44:15,213 +0100 ERROR cli_common:482 - Failed to decrypt value: ********************... See more...
Hello all, I have a problem with my configuration smtp. When I send e-mail I get this error : 2024-02-14 16:44:15,213 +0100 ERROR cli_common:482 - Failed to decrypt value: ***************************=, error: Read custom key data size=30 Someone has an idea?
Hi, I had an add-on built using add-on builder  last year and it was working. In January I rebuilt it using the latest version of Add-on builder and it started failing with  CERTIFICATE_VERIFY_FAIL... See more...
Hi, I had an add-on built using add-on builder  last year and it was working. In January I rebuilt it using the latest version of Add-on builder and it started failing with  CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate I did not made any change on our add-on other than adding some extra logs. Does anyone know what changed in Add-On builder latest 4.1.4 version that it started failing? I will appreciate any help in troubleshooting this issue
Thank you for your help!
If the sourcetype cannot be changed then the custom app should specify its props using source:: or host::.
Hi @snobyink, in this case, please try this regex instead the previus one: ^\w+\s+\d+\s+\d+:\d+:\d+\s+(?<host>\w+).*user\s(?<user>\w+)+ that you can test at https://regex101.com/r/bV4B9h/1 Ciao. ... See more...
Hi @snobyink, in this case, please try this regex instead the previus one: ^\w+\s+\d+\s+\d+:\d+:\d+\s+(?<host>\w+).*user\s(?<user>\w+)+ that you can test at https://regex101.com/r/bV4B9h/1 Ciao. Giuseppe
I am sorry this didn't work for me and I tried to get it to work. But I already have a solution.
Thanks! Unfortunately the hostname is not extracted as a field. How do we extract host as well from the output? In the meantime we are looking to see if we can install this Add On if we can get past ... See more...
Thanks! Unfortunately the hostname is not extracted as a field. How do we extract host as well from the output? In the meantime we are looking to see if we can install this Add On if we can get past the red tape
Thank you for explaining this. I didn't know about this syntax.
I guess Splunk 9.x defauls to systemd again. Any way to revert to init.d?
Hi @jmrubio , you mainly have to create an index on the indexers. Then, if you like but itisn't mandatory, you can also create an index on the HF, but only to have the index in the dropdowns, this ... See more...
Hi @jmrubio , you mainly have to create an index on the indexers. Then, if you like but itisn't mandatory, you can also create an index on the HF, but only to have the index in the dropdowns, this index will never be used. Ciao. Giuseppe
Hi @Mariam001 , ok, let me know. ciao. Giuseppe
I have now done some additional research and testing.   I am using Alpine Linux which does not include systemd. That is probably why this is not working for me.     8e23f2b85b3a:/# "/opt/splunkf... See more...
I have now done some additional research and testing.   I am using Alpine Linux which does not include systemd. That is probably why this is not working for me.     8e23f2b85b3a:/# "/opt/splunkforwarder/bin/splunk" start --accept-license --answer-yes --no-prompt Warning: Attempting to revert the SPLUNK_HOME ownership Warning: Executing "chown -R splunk:splunk /opt/splunkforwarder" This appears to be your first time running this version of Splunk. Creating unit file... Error calling execve(): No such file or directory Error launching command: No such file or directory Failed to create the unit file. Please do it manually later. Splunk> The Notorious B.I.G. D.A.T.A. Checking prerequisites... Checking mgmt port [8089]: open Creating: /opt/splunkforwarder/var/lib/splunk Creating: /opt/splunkforwarder/var/run/splunk Creating: /opt/splunkforwarder/var/run/splunk/appserver/i18n Creating: /opt/splunkforwarder/var/run/splunk/appserver/modules/static/css Creating: /opt/splunkforwarder/var/run/splunk/upload Creating: /opt/splunkforwarder/var/run/splunk/search_telemetry Creating: /opt/splunkforwarder/var/run/splunk/search_log Creating: /opt/splunkforwarder/var/spool/splunk Creating: /opt/splunkforwarder/var/spool/dirmoncache Creating: /opt/splunkforwarder/var/lib/splunk/authDb Creating: /opt/splunkforwarder/var/lib/splunk/hashDb Checking conf files for problems... Done Checking default conf files for edits... Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-9.1.2-b6b9c8185839-linux-2.6-x86_64-manifest' All installed files intact. Done All preliminary checks passed. Starting splunk server daemon (splunkd)... PYTHONHTTPSVERIFY is set to 0 in splunk-launch.conf disabling certificate validation for the httplib and urllib libraries shipped with the embedded Python interpreter; must be set to "1" for increased security However it seems to start a background process but I dont see the logs in splunk. Using the status command kills the background process:   8e23f2b85b3a:/# "/opt/splunkforwarder/bin/splunk" status Warning: Attempting to revert the SPLUNK_HOME ownership Warning: Executing "chown -R splunk:splunk /opt/splunkforwarder" splunkd 165 was not running. Stopping splunk helpers...   I have tried disabling boot start: splunk disable boot-start But that gives me a similar error: Error calling execve(): No such file or directory Error launching command: No such file or directory execve: No such file or directory while running command /sbin/chkconfig   Has something changed from 8.x to 9.x that now systemd is used default somehow? How can I run the universal forwarder without systemd?
Hi @richgalloway , I got it but thing here is I want to get those events which are retrieving via search through REST API because we are integrating Splunk with other tool to forward all the events.... See more...
Hi @richgalloway , I got it but thing here is I want to get those events which are retrieving via search through REST API because we are integrating Splunk with other tool to forward all the events. So, we are looking for an API which provides all events. Regards, Eshwar
Hi   The client needs to use the same sourcetype, they don't want to change anything from official app, cuz the inputs don't allow to change sourcetype in the configuration, the inputs used are from... See more...
Hi   The client needs to use the same sourcetype, they don't want to change anything from official app, cuz the inputs don't allow to change sourcetype in the configuration, the inputs used are from official app and these assign sourcetype automatically
Hello, Our application is not working anymore after upgrading from 9.0.7 to 9.1.2. We have a dashboard made in html and we were including it in a simplexml dashboard. It's not working because in 9.... See more...
Hello, Our application is not working anymore after upgrading from 9.0.7 to 9.1.2. We have a dashboard made in html and we were including it in a simplexml dashboard. It's not working because in 9.1.2 jquery libraries older than 3.5 are not supported anymore. Is there a workaround for this matter except rewriting the application in dashboard studio? It's a complex  application and we have multiple dashboards like this one.  <view template="app:/templates/TUBE-MAP.html"> <label>App name</label> </view>
This is expected and benign ERROR. We will change log to INFO in future.
Thanks for your response. I will try that