Hi, Please extract DUSTER and JUNIPER as app_name from following sample events - 1. unit_hostname="GBWDC111AD011HMA.systems.uk.fed" support_id="16675049156208762610" vs_name="/f5-tenant-01/DUS...
See more...
Hi, Please extract DUSTER and JUNIPER as app_name from following sample events - 1. unit_hostname="GBWDC111AD011HMA.systems.uk.fed" support_id="16675049156208762610" vs_name="/f5-tenant-01/DUSTER-GBM-FR-DEV/v-dusteruat.systems.uk.fed-443" policy_name="/Common/waf-fed-transparent" 2. unit_hostname="GBWDC111AD011HMA.systems.uk.fed" support_id="16675049156208762610" vs_name="/f5-tenant-01/JUNIPER-GBM-FR-DEV/v-juniperuat.systems.uk.fed-443" policy_name="/Common/waf-fed-transparent" The app_names will be dynamic and there is no gurantee that everytime GBM will not be coming beside app_names. I tried this - vs_name=\"\/.*\/(?<app_name>.*)\-GBM but as I told everytime GBM will not same in all events. Please make it generic and give the regex for me. Thanks
@Cartoon520 Enable SSL: Select this check box to enable Secure Sockets Layer (SSL) encryption for the connection. SSL support is not available for all connection types. For further information, see...
See more...
@Cartoon520 Enable SSL: Select this check box to enable Secure Sockets Layer (SSL) encryption for the connection. SSL support is not available for all connection types. For further information, see http://docs.splunk.com/Documentation/DBX/3.18.1/DeployDBX/Installdatabasedrivers and http://docs.splunk.com/Documentation/DBX/3.18.1/DeployDBX/Installdatabasedrivers#Enable_SSL_for_your_database_connection https://docs.splunk.com/Documentation/DBX/3.18.1/DeployDBX/Installdatabasedrivers#Enable_SSL_for_your_database_connection
@alin Stop Splunk Enterprise Find the passw file for your instance ($SPLUNK_HOME/etc/passwd) and rename it to passwd.bk Create a file named user-seed.conf in your $SPLUNK_HOME/etc/system/local/ d...
See more...
@alin Stop Splunk Enterprise Find the passw file for your instance ($SPLUNK_HOME/etc/passwd) and rename it to passwd.bk Create a file named user-seed.conf in your $SPLUNK_HOME/etc/system/local/ directory. In the file add the following text: [user_info] PASSWORD = NEW_PASSWORD In the place of "NEW_PASSWORD" insert the password you would like to use. Start Splunk Enterprise and use the new password to log into your instance from Splunk Web. If you previously created other users and know their login details, copy and paste their credentials from the passwbk file into the passwd file and restart Splunk
You must have heard the phrase, time is of essence. This is especially true in time series such as Splunk. Could you start from the beginning and describe your use case? What is the input, what is...
See more...
You must have heard the phrase, time is of essence. This is especially true in time series such as Splunk. Could you start from the beginning and describe your use case? What is the input, what is the expected output, and what is the logic between input and expected output without SPL?
Hello I have a question about using python library in the algorithm of Splunk ML Toolkit. Open the ARIMA.py file in the path splunk/etc/apps/Splunk_ML_Toolkit/bin/algos as below. === Contents ...
See more...
Hello I have a question about using python library in the algorithm of Splunk ML Toolkit. Open the ARIMA.py file in the path splunk/etc/apps/Splunk_ML_Toolkit/bin/algos as below. === Contents === [root@master algos]# pwd /opt/splunk/etc/apps/Splunk_ML_Toolkit/bin/algos [root@master algos]# [root@master algos]# more ARIMA.py #!/usr/bin/env python import datetime import pandas as pd import numpy as np from statsmodels.tsa.arima.model import ARIMA as _ARIMA from statsmodels.tools.sm_exceptions import MissingDataError ========================= Among the contents of ARIMA.py , it says import pandas aspd Where is Pandas bringing up the library in? When I run ARIMA.py as below, I get a message that the module is not found. === Execution Results === [root@master algos]# python3 ARIMA.py Traceback (most recent call last): File "ARIMA.py", line 5, in <module> import pandas as pd ModuleNotFoundError: No module named 'pandas' [root@master algos]#
Currently we connect to PostgreSQL database using username/password authentication. Now we need to switch to certificate based authentication. I've created certificate in the server. Can anyone plea...
See more...
Currently we connect to PostgreSQL database using username/password authentication. Now we need to switch to certificate based authentication. I've created certificate in the server. Can anyone please guide me how to configure this in DBConnect Web GUI?
This worked for me on a fresh dashboard, thank you. I tried this on an existing dashboard though and quickly found out that if you get the numbers even off a little, you end up hiding/deleting (I ...
See more...
This worked for me on a fresh dashboard, thank you. I tried this on an existing dashboard though and quickly found out that if you get the numbers even off a little, you end up hiding/deleting (I wasn't sure what actually happened) other panels elsewhere on the dashboard - It's like they get pushed off into the ether. I ended up having to rebuild the dashboard from scratch A friendly heads-up for anyone that comes along in the future!
Hello. I have created an index under a custom app from splunk web it is reflecting but we I have set up the univarsal forwarder to monitor logs for same index it is not reflecting anything on indexer...
See more...
Hello. I have created an index under a custom app from splunk web it is reflecting but we I have set up the univarsal forwarder to monitor logs for same index it is not reflecting anything on indexer. Also my kb store showing status failed and tell me to check mongod.log and splunk key , please help in this
I've tried a few methods shared here to adjust the start/end times of span. Mainly: 1 - | eval _time=_time-3600
| bin _time span=4h
| eval _time=_time+3600 2 - | timechart span=4h align...
See more...
I've tried a few methods shared here to adjust the start/end times of span. Mainly: 1 - | eval _time=_time-3600
| bin _time span=4h
| eval _time=_time+3600 2 - | timechart span=4h aligntime=@h-120m However after testing, neither of these is actually offsetting the span. It only changes the times shown in the resulting table. The values (in my case counts) in each box do not change, just the _time values. Am I doing something wrong? For example: _time A B C 1/28 00:00 2 1 2 1/28 04:00 4 2 4 1/28 08:00 6 3 6 1/28 12:00 8 4 8 1/28 16:00 10 5 10 _time A B C 1/27 22:00 2 1 2 1/28 02:00 4 2 4 1/28 06:00 6 3 6 1/28 10:00 8 4 8 1/28 14:00 10 5 10
Greetings, Are there any official AWS CFT Templates to create necessary roles, SNS/SQS Services to use Splunk Add on for AWS to ingest Cloudtrail Data into Splunk?
On the IDX's server.conf you need to add this line in the [sslConfig] stanza: serverCert = /opt/splunk/etc/auth/mycerts/myCombinedServerCertificate.pem Then delete the sslPassword line from your se...
See more...
On the IDX's server.conf you need to add this line in the [sslConfig] stanza: serverCert = /opt/splunk/etc/auth/mycerts/myCombinedServerCertificate.pem Then delete the sslPassword line from your server.conf if it's the default, Splunk will recreate it anyhow. That should fix it unless your cert is not prepared properly with just leaf cert + private key in the 'myCombinedServerCertificate.pem' __PRESENT __PRESENT
Probably proxy server (or firewall). Typically proxy server because the ODBC driver is not proxy aware like your internet browser is. This is why others mentioned configure the proxy without explan...
See more...
Probably proxy server (or firewall). Typically proxy server because the ODBC driver is not proxy aware like your internet browser is. This is why others mentioned configure the proxy without explanation. The typical solution is to add an environmental variable that the ODBC driver can see. I would recommend testing it using the following process: At the command line (in Windows) enter setx http_proxy <proxy_ip>:<proxy_port> (example setx http_proxy 132.50.12.1:443) Restart your ODBC Program (ex, PowerBi) Retest your connection If it fails, add the https_proxy the same way. If it succeeds, add it the system permanently. Ref# Configure the proxy server - Splunk Documentation # libcurl - programming tutorial # Set up proxy using http_proxy & https_proxy environment variable in Linux? | GoLinuxCloud # windows - Command line to remove an environment variable from the OS-level configuration - Stack Ove...
Probably proxy server (or firewall). Typically proxy server because the ODBC driver is not proxy aware like your internet browser is. This is why others mentioned configure the proxy without explan...
See more...
Probably proxy server (or firewall). Typically proxy server because the ODBC driver is not proxy aware like your internet browser is. This is why others mentioned configure the proxy without explanation. The typical solution is to add an environmental variable that the ODBC driver can see. I would recommend testing it using the following process: At the command line (in Windows) enter setx http_proxy <proxy_ip>:<proxy_port> (example setx http_proxy 132.50.12.1:443) Restart your ODBC Program (ex, PowerBi) Retest your connection If it fails, add the https_proxy the same way. If it succeeds, add it the system permanently. Ref# Configure the proxy server - Splunk Documentation # libcurl - programming tutorial # Set up proxy using http_proxy & https_proxy environment variable in Linux? | GoLinuxCloud # windows - Command line to remove an environment variable from the OS-level configuration - Stack Overflow