If you put that setting under the specific stanza for that sourcetype then changes to default stanza wont impact. Anything under default stanza is only considered if the same setting has NOT been se...
See more...
If you put that setting under the specific stanza for that sourcetype then changes to default stanza wont impact. Anything under default stanza is only considered if the same setting has NOT been set in a more specific stanza.
Hello @JagsP Please update the [stanza] regex as follows: REGEX = successful\, returned exit code \'0\' Note: Make sure to place the configurations correctly otherwise it will not work . ...
See more...
Hello @JagsP Please update the [stanza] regex as follows: REGEX = successful\, returned exit code \'0\' Note: Make sure to place the configurations correctly otherwise it will not work . For eg: If your data flow is UF->HF->Indexer, parsing occurs at the full enterprise instance, with the HF being the first layer where this takes place. Additionally, here is the documentation for routing and filtering data, which will help you understand the core concepts. https://docs.splunk.com/Documentation/Splunk/9.3.1/Forwarding/Routeandfilterdatad For learning and writing regex for your data, you can use the platform https://regex101.com/ If this resolves your issue, please accept and upvote the answers. Happy Splunking!
Hi, I was able to resolve the issue. The issue: You are probably trying to perform vetting in a windows environment. This is causing the file & directories to have improper accesses which do not co...
See more...
Hi, I was able to resolve the issue. The issue: You are probably trying to perform vetting in a windows environment. This is causing the file & directories to have improper accesses which do not comply with the App inspect procedures in splunk as they are built around NIX OS. Solution: 1. Dowload CYGWIN (https://www.cygwin.com/setup-x86_64.exe), and install it in your windows machine, and open CYGWIN. 2. Go into /cygdrive/<your app location> and run the following commands: find <your app> -type f -exec chmod 644 '{}' \; find <your app> -type d -exec chmod 700 '{}' \; (Make sure to check the permissions by running the command: ls -lR) 3. Create the .spl file also by using cygwin terminal: tar -zvcf <your_app_name.spl> <app_name> 4. Now try vetting procedure, I did it using postman, and this time it worked.
@Marco, @jokertothequinn , @manasbellani - What is your file/folder permission looks like? Please check on linux machine with below command. ls -l I hope this helps!!! Kindly upvote if it does!!!
I'm using cmd |iplocation src, and the results produce results for the City. Next i want to compare each City and report when results is different. Example when result for a City is Miami and next h...
See more...
I'm using cmd |iplocation src, and the results produce results for the City. Next i want to compare each City and report when results is different. Example when result for a City is Miami and next hour or so in the same field for the City is Boston.
I am creating a panel and input type select as "link".
There multiple choice filed is created, how to keep all choice button in a line using splunk classic.
<panel id="panel_id_1">
<input type="l...
See more...
I am creating a panel and input type select as "link".
There multiple choice filed is created, how to keep all choice button in a line using splunk classic.
<panel id="panel_id_1">
<input type="link" token="token_tab" searchWhenChanged="true" id="details">
<label></label>
<choice value="x">X</choice>
<choice value="Y">Y</choice>
<choice value="z">Z</choice>
</panel>
I want keep all choice value as X Y Z, but for me it is coming
X Y
Z
Hi @nyajoefit22 Yes! you can push the authentication config from Deployer without bind password and just add the bind password under system/local and restart each search head/rolling restart of SHC...
See more...
Hi @nyajoefit22 Yes! you can push the authentication config from Deployer without bind password and just add the bind password under system/local and restart each search head/rolling restart of SHC. This would avoid plain text password in TA.
props.conf :
[sap_failure]
TRANSFORMS-filter = setnull,stanza
transform.conf :
[setnull]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue
[stanza]
REGEX = "successful, returned exit code '0'"
DE...
See more...
props.conf :
[sap_failure]
TRANSFORMS-filter = setnull,stanza
transform.conf :
[setnull]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue
[stanza]
REGEX = "successful, returned exit code '0'"
DEST_KEY = queue
FORMAT = indexQueue
Content:
[16/Sep/2024:02:00:36 -05:00] INFO : [PID:0185317:Backup:360] [1] successful, returned exit code '0' [16/Sep/2024:02:00:36 -05:00] DEBUG: [PID:0185317:SAPHANA:648] SQLSTRING: 'BACKUP DATA FOR FULL SYSTEM CLOSE SNAPSHOT BACKUP_ID 1726470003540 SUCCESSFUL 'hana_data_FHL__2024-09-16T070003-1779190Z''
Here in content if you see i have other events which is not having the desired text string . I need to filter all other events .
has context menu
Here is the JS. I gave the input id="user_name". require([
"splunkjs/mvc",
"splunkjs/mvc/simplexml/ready!"
], function (mvc) {
// get default token model
var tokens = mvc.Component...
See more...
Here is the JS. I gave the input id="user_name". require([
"splunkjs/mvc",
"splunkjs/mvc/simplexml/ready!"
], function (mvc) {
// get default token model
var tokens = mvc.Components.getInstance("default");
var user_name = document.getElementById("user_name");
// Set required style if init value is undefined to channel
if (tokens.get("user_name") === 'Enter a User') {
user_name.classList.add("required");
}
// Dropdown change on channel
tokens.on("change:user_name", function (model, value) {
if (value === 'Enter a User') {
user_name.classList.add("required");
} else {
user_name.classList.remove("required");
}
});
}); Here is the CSS again just to capture it all in the same reply. .required button{
border: 2px solid #f6685e !important;
} I use this code (more or less) on other dashboards to perform the same "required" function on other inputs like drop downs and it works by creating a red outline around the drop down until a choice is made.
Hello @JagsP 1. What is the dataflow ? For Eg: UF->HF->Indexer and where have you placed your configurations. 2. Also, share the sample event , so accordingly I can help you with regex part.
What would be the proper way to push an authentication.conf from the deployer and have the bind password not left in clear text? Is it possible to push the authentication from the deployer without th...
See more...
What would be the proper way to push an authentication.conf from the deployer and have the bind password not left in clear text? Is it possible to push the authentication from the deployer without the bind password and then add another authentication.conf manually to each search head in system local with only the bind password in the stanza? After restart of the search head cluster I’m thinking the bind password would then be encrypted? Would this be the proper way to do this? Would appreciate any other suggestions.
Hello. I know this is an old post, but running into this same issue with the bind password being insecure on the deployer. What would be the proper way to push an authentication.conf from the deploye...
See more...
Hello. I know this is an old post, but running into this same issue with the bind password being insecure on the deployer. What would be the proper way to push an authentication.conf from the deployer and have the bind password not left in clear text? Is it possible to push the authentication from the deployer without the bind password and then add another authentication.conf manually to each search head in system local with only the bind password in the stanza?
Create an init block which sets the default values for stageToken and indexToken <init>
<set token="stageToken">test</set>
<set token="indexToken">ap</set>
</init>
Is there any issue with the below settings ? Also is the Regex wrong here ? [sourcetype] TRANSFORMS-filter = setnull,stanza transforms: [setnull]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue...
See more...
Is there any issue with the below settings ? Also is the Regex wrong here ? [sourcetype] TRANSFORMS-filter = setnull,stanza transforms: [setnull]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue [stanza] REGEX = "Snapshot created successfully" DEST_KEY = queue FORMAT = indexQueue A
Thank you for replying. No. I don't use proxy server. My server is in my home. Windows Server is one and Windows clients are two. Own server cannot access local IP address, and my clients too. An...
See more...
Thank you for replying. No. I don't use proxy server. My server is in my home. Windows Server is one and Windows clients are two. Own server cannot access local IP address, and my clients too. And my router doesn't become proxy server. I will try when I access 192.168.0.8 from my client pc, server's firewall access log is written or not.
What unit of time is your BatteryAge in, seconds, hours, days? How long is a month? If your current day is the 5th of the month and the age equates to 40 days, what result would you expect?