All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hi fellow splunkers, recently i deployed WinPrintMon inputs to our printserver, to check driver versions and found out that splunk falsly calculated modulus. Tested in Enterprise 9.3.2 and 9.4.0 ... See more...
Hi fellow splunkers, recently i deployed WinPrintMon inputs to our printserver, to check driver versions and found out that splunk falsly calculated modulus. Tested in Enterprise 9.3.2 and 9.4.0 in the calculated version i found out, that the revision of a driver differs from the printmanagement on that printserver directly. i calculate the revision like that: version % pow(2,16) In my case the calculation translates to 17171305019303231 % 65536 splunk calculates 25920 which isn't correct, it is 25919
Hi @siemsplunk  Could you try that command again but use current_member_uri instead? Please let me know how you get on and consider accepting this answer or adding karma this answer if it has helpe... See more...
Hi @siemsplunk  Could you try that command again but use current_member_uri instead? Please let me know how you get on and consider accepting this answer or adding karma this answer if it has helped. Regards Will
Hi @Roy_9 , see if this old answer can help you.: https://community.splunk.com/t5/Splunk-Enterprise/Splunk-on-ARM-Achitecture/m-p/512005 if you don't find it in the download section, open a ticket ... See more...
Hi @Roy_9 , see if this old answer can help you.: https://community.splunk.com/t5/Splunk-Enterprise/Splunk-on-ARM-Achitecture/m-p/512005 if you don't find it in the download section, open a ticket to Splunk Support. Ciao. Giuseppe
Hello, I am looking to download Forwarder package  windows ARM for Surface 7 laptops and not finding the link, please help me with it.   Thanks
Hi, I`m trying to make an API request from my local machine to our Splunk Cloud instance, without much success. Checked the Firewall logs and I can`t see any blocked/denied traffic. Using: -  cur... See more...
Hi, I`m trying to make an API request from my local machine to our Splunk Cloud instance, without much success. Checked the Firewall logs and I can`t see any blocked/denied traffic. Using: -  curl 7.29.0 - nss-3.90 Error received:   * Host myDomain.splunkcloud.com:8089 was resolved. * IPv6: (none) * IPv4: xx.xx.xx.xxx * Trying xx.xx.xx.xxx:8089... * Connected to myDomain.splunkcloud.com (xx.xx.xx.xxx) port 8089 * schannel: disabled automatic use of client certificate * ALPN: curl offers http/1.1 * Recv failure: Connection was reset * schannel: failed to receive handshake, SSL/TLS connection failed * closing connection #0 curl: (35) Recv failure: Connection was reset    
Hi,   I have a case where I was to restrict user from edit option and cloning the dashbaord. Currently we have 200+ dashboards with read-write permission and we can't exclude them from current rol... See more...
Hi,   I have a case where I was to restrict user from edit option and cloning the dashbaord. Currently we have 200+ dashboards with read-write permission and we can't exclude them from current role. What I did now  I created new role say restricted and plan is to keep every thing as it is and make dashboard enable with new role . Issue We have 200+ dashboards, manually doing is not feasible here...is there way I can one shot revoke the write access(current role) and assign dashboard with new role which will restrict users.
When I run ./splunk add shcluster-member -new_member_uri https://<CAPTAIN_IP>:8089 I get Failed to proxy call to member https://<CAPTAIN_IP>:8089. ERROR: Node splsearch02 is already part of clu... See more...
When I run ./splunk add shcluster-member -new_member_uri https://<CAPTAIN_IP>:8089 I get Failed to proxy call to member https://<CAPTAIN_IP>:8089. ERROR: Node splsearch02 is already part of cluster id=2A5DDFE0-B873-4201-8B68-D2ACB4873DA7. A node cannot be part of two clusters. If you want to re-purpose this node, run 'splunk clean all' to clean this instance and then add to the cluster.
Hi @Singh10 , why are you using _TCP_ROUTING? did you configured the sample value on outputs.conf? Ciao. Giuseppe
"rsa:syslog"  is sourcetype, and I want to change to another sourcetype. I will try with SOURCE_KEY = _raw. thank you for your help  
Hi @Raja_Selvaraj , if you know the names of the host you can follow my solution. Cisao. Giuseppe  
do you know if this is still possible?
Hi @alexeysharkov , let us know if we can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by a... See more...
Hi @alexeysharkov , let us know if we can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by all the contributors
Hi @ak9092 , did you find any solution for this?
Hello all, I'm fresh out the womb with Splunk... so please bear with me.  I am attempting to install Splunk Enterprise 9.4.0 to do some Splunk training on Coursera, and come across an error. I just... See more...
Hello all, I'm fresh out the womb with Splunk... so please bear with me.  I am attempting to install Splunk Enterprise 9.4.0 to do some Splunk training on Coursera, and come across an error. I just got over not being able to find SplunkD.exe in the .bin folder by creating an exception in my antivirus. Now, I cannot seem to get past the next error (below). I searched the Splunk site and Googled it, to no avail. Please help, I have a pending job interview and want to talk somewhat intelligently about Splunk.  Any help will be greatly appreciated.  New guy! law.dennis@infosecagency.com  
| spath path=properties | mvexpand properties | spath input=properties   this works fine for me. Thank you!!
@ITWhisperer  @gcusello  My vendor is perfect hi write  select to_char(systimestamp,'YYYY-MM-DD"T"HH24:MM:SS:FFTZH:TZM') now_time from blabla and use it to save log xml instead  to_char(systim... See more...
@ITWhisperer  @gcusello  My vendor is perfect hi write  select to_char(systimestamp,'YYYY-MM-DD"T"HH24:MM:SS:FFTZH:TZM') now_time from blabla and use it to save log xml instead  to_char(systimestamp,'YYYY-MM-DD"T"HH24:MI:SS:FFTZH:TZM') now_time so date is incorrect  I coming to rewrite it     SORRY  
Again, this event appears to be in the right bucket. Please provide evidence that you have events in the wrong buckets, otherwise, this seems to be a non-problem 
Ok i get find only one xml event  search it  index=hcg_app_damu_prod sourcetype=damu_log_dbz_out earliest=-1d | spath | search (log.referenceId=HKBRZA0000389094 AND log.agrementNumber=4303291972) ... See more...
Ok i get find only one xml event  search it  index=hcg_app_damu_prod sourcetype=damu_log_dbz_out earliest=-1d | spath | search (log.referenceId=HKBRZA0000389094 AND log.agrementNumber=4303291972) And then i build timechart  So event with _time =2025-02-26T14:02:59.970+05:00  Goes to bucket at 2025-02-26 14:00:00   Im sure my events spread on 5 minutes buckets I have no Idea why it go to hour bucket's    
@Lavanya1612  Changing the Task Server port to 1025 should not be an issue in itself, as it is above the privileged port range (<1024) and is less likely to face permission issues. Ensure that port ... See more...
@Lavanya1612  Changing the Task Server port to 1025 should not be an issue in itself, as it is above the privileged port range (<1024) and is less likely to face permission issues. Ensure that port 1025 is not being used by another service and that firewall rules allow communication on this port. Since this worked in the lower environment, there is a good chance it could work in production. However, production environments often have different security policies, firewall rules, and resource loads, which could affect stability. Incompatibility with OpenJDK might lead to failures in JDBC connections, scheduler issues, or unstable behavior of the DB Connect app. If DB Connect fails, any dashboards, alerts, or scheduled searches that rely on database inputs might be impacted. If cost is the main concern, consider using OpenJDK but be prepared with a rollback plan
Hi, We encountered a "DBX Server Error: Cannot communicate with the task server." To resolve this, I changed the Task Server port, and the error was fixed. We successfully tested this in the lower e... See more...
Hi, We encountered a "DBX Server Error: Cannot communicate with the task server." To resolve this, I changed the Task Server port, and the error was fixed. We successfully tested this in the lower environment, as it uses OpenJDK. In production, Oracle JDK (paid version) was installed during setup. To reduce costs for the client, we attempted to switch to OpenJDK, but we encountered the same "DBX Server Error: Cannot communicate with the task server." As a result, we reverted the changes. Given that the documentation states OpenJDK is not compatible and that only JDK/JRE 17 or higher is supported (tested with JDK 17.0.12), would changing the Task Server port to 1025 and switching to OpenJDK potentially cause any issues in production?