All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Thank you for your reply. There are two add-ons "Palo Alto Networks Add-on" and "Splunk Add-on for Palo Alto Networks". Is there okay to go with either one ? The video I referred on Youtube was ab... See more...
Thank you for your reply. There are two add-ons "Palo Alto Networks Add-on" and "Splunk Add-on for Palo Alto Networks". Is there okay to go with either one ? The video I referred on Youtube was about "Palo Alto Networks Add-on", and search result was displayed successfully. I confirmed that the splunk server could received the syslog packets successfully using tshark. what is the problem in displaying the search results.
Hi all, I am trying to understand data in sourcetype=pan:hipmatch for a VPN posture check use case. Has anyone developed or know of any dashboards developed on pan:hip match data and what fields can... See more...
Hi all, I am trying to understand data in sourcetype=pan:hipmatch for a VPN posture check use case. Has anyone developed or know of any dashboards developed on pan:hip match data and what fields can be use to correlate it with pan:globalprotect. Appreciate any pointers
Hi @Pcktech, Do your forwarders synchronize their clocks with an external source? If yes, have you confirmed whether clock synchronization occurred around the time of the first execution? For examp... See more...
Hi @Pcktech, Do your forwarders synchronize their clocks with an external source? If yes, have you confirmed whether clock synchronization occurred around the time of the first execution? For example: 07:02:00 - scheduler queues task 07:02:01 - clock is synchronized with external source and set to 07:01:57 07:01:58 - scheduler executes task 07:02:00 - scheduler queues task 07:02:01 - scheduler executes task If the forwarder logs do not indicate a step backwards, clock synchronization may still have occurred after the task was queued but before any events were logged.
Hi @Ethil, As far as I can tell, the et and lt query parameters are only used with input-search and not input-dashboard etc.
I found this old bug "SPL-109918"  combined with a different issue though.  Thanks.      
Hi @catta99, In your JavaScript source, you can use jQuery selectors to attach a click event handler to an object. In this example, I define a button with id="button1" in button_test.xml and attach... See more...
Hi @catta99, In your JavaScript source, you can use jQuery selectors to attach a click event handler to an object. In this example, I define a button with id="button1" in button_test.xml and attach a click event handler in button_test.js: <!-- button_test.xml --> <dashboard version="1.1" theme="light" script="button_test.js"> <label>button_test</label> <row> <panel> <html> <button id="button1">Button 1</button> </html> </panel> </row> </dashboard> // button_test.js require([ "jquery", "splunkjs/mvc", "splunkjs/mvc/simplexml/ready!" ], function($, mvc) { $("#button1").on("click", function() { alert("Button 1 clicked."); }); }); When button1 is clicked, the browser displays a dialog box with the message "Button 1 clicked." SplunkJS is documented at https://dev.splunk.com/enterprise/docs/developapps/visualizedata/usewebframework/, where you can find example JavaScript templates. RequireJS is documented at https://requirejs.org/docs/api.html#jsfiles, but its use is limited to the require([...], function(...) {}); shown above. jQuery selectors are documented at https://api.jquery.com/category/selectors/. The jQuery click event is documented at https://api.jquery.com/click/.  
There is no single answer to a general sizing question. All general guidelines may not apply in your specific use case. Typically you scale search head layer out horizontally when you have either ma... See more...
There is no single answer to a general sizing question. All general guidelines may not apply in your specific use case. Typically you scale search head layer out horizontally when you have either many users who work on your environment simultaneously and you want to spread the load across many nodes or you have many saved searches so that your scheduler can distribute the search activity across SHC nodes. Just remember that SHC does _not_ help you with a single search performance and it does _not_ help you for a single user session - those are always limited by single SH parameters and load.
Neither is relevant.  Ingest rate applies to indexers, not search heads.
Hi @TahWee, Just in case: Did you email the address on the contact tab in Splunkbase? They are also active in the community and probably respond to direct messages. They are also easy to locate on... See more...
Hi @TahWee, Just in case: Did you email the address on the contact tab in Splunkbase? They are also active in the community and probably respond to direct messages. They are also easy to locate on LinkedIn by cross-referencing their name with Splunk and recent activity.
Thanks! Could you elaborate more on EPS OR GB/Day?
Ignore that warning (it's just a warning).  The important part is "Login failed", which means you used the wrong credentials.
When the biggest server available to you isn't enough for the search load then it's time for a SHC.
Just include X in the rex pattern with the correct relationship to the anchors for your field extraction | rex "X.*anchor1(?<field1>pattern1)" | rex "Y.*anchor2(?<field2>pattern2)"
@victor_menezes Which version of Splunk are you using that supports this syntax of rex?
index=someIndex [| makeresults | eval earliest=$token_epoch$ | eval latest=earliest+604800 | table earliest latest]
I am trying to deploy SH cluster, but when I run below command    ./splunk init shcluster-config -auth <username>:<password> -mgmt_uri <URI>:<management_port> -replication_port <replication_port> -... See more...
I am trying to deploy SH cluster, but when I run below command    ./splunk init shcluster-config -auth <username>:<password> -mgmt_uri <URI>:<management_port> -replication_port <replication_port> -replication_factor <n> -conf_deploy_fetch_url <URL>:<management_port> -secret <security_key> -shcluster_label <label>   But I am getting below error WARNING: Server Certificate Hostname Validation is disabled. Please see server.conf/[sslConfig]/cliVerifyServerName for details. Login failed but when I do below config  I get below error [sslConfig] cliVerifyServerName = true sslVerifyServerCert = true ERROR: certificate validation: self signed certificate in certificate chain Couldn't complete HTTP request: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Hello, I am writing to ask from which point regarding the EPS OR Daily ingested GB/day and the number of users simultaneously access the search head. at what point should i consider a cluster searc... See more...
Hello, I am writing to ask from which point regarding the EPS OR Daily ingested GB/day and the number of users simultaneously access the search head. at what point should i consider a cluster search head cluster, as it will be (one-single SH ) OR (three SH + Deployer)? from your technical perspective?    
Hi Ryan, unfortunately, it did not work applying what is recommended in the doc you shared: C:\inetpub\wwwroot\wss\VirtualDirectories\{your-site} Add the CSP Header to the <httpProtocol> section o... See more...
Hi Ryan, unfortunately, it did not work applying what is recommended in the doc you shared: C:\inetpub\wwwroot\wss\VirtualDirectories\{your-site} Add the CSP Header to the <httpProtocol> section of the Web.config file. <system.webServer> <httpProtocol> <customHeaders> <add name="Content-Security-Policy" value="script-src 'unsafe-inline' cdn.appdynamics.com; connect-src peum.kaska.com; img-src cdn.appdynamics.com; child-src cdn.appdynamics.com;" /> </customHeaders> </httpProtocol> </system.webServer> The application crashed and we had to rollback.  Notes: the agent is loaded successfully. Any other suggestions? Where else to look?
It's not about DBConnect itself. It's about JDBC, becaus that's what's responsible for the actual connection. See https://learn.microsoft.com/en-us/sql/connect/jdbc/setting-the-connection-properties ... See more...
It's not about DBConnect itself. It's about JDBC, becaus that's what's responsible for the actual connection. See https://learn.microsoft.com/en-us/sql/connect/jdbc/setting-the-connection-properties There is an interesting paragraph in authentication parameter description which might pertain to you.
Hi, I'm interested to know more about RBA Navigator, anyone have the communication method to Matt Snyder the app creator? I would like to know more information about the list of available features,... See more...
Hi, I'm interested to know more about RBA Navigator, anyone have the communication method to Matt Snyder the app creator? I would like to know more information about the list of available features, Use Cases (if possible), and installation guide. Thanks.