All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Unfortunately, I am not the manager of our Splunk installation (and have no access to it), so I can't provide any info about our setup, config files, etc. I'll see if I can get that info to you from... See more...
Unfortunately, I am not the manager of our Splunk installation (and have no access to it), so I can't provide any info about our setup, config files, etc. I'll see if I can get that info to you from one of our ops folks. - Tim
I am trying to take the results of one search, extract a field from those results (named "id") and take all of those values (deduped) and use them to get results from another search. Unfortunately th... See more...
I am trying to take the results of one search, extract a field from those results (named "id") and take all of those values (deduped) and use them to get results from another search. Unfortunately the second search doesn't have this field name directly in the sourcetype either so it has to be extracted with rex.  I've been having issues with this though. From what I've read I need to use the subsearch to extract the id's for the outer search. It's not working though. Each search is from a competely different data set that has very little in common.   index=index1 source="/somefile.log" uri="/path/with/id/some_id/" | rex field=uri "/path/with/id/(?<some_id>[^/]+)/*" [ search index=index2 source="/another.log"" "condition-i-want-to-find" | rex field=_raw "some_id:(?<some_id>[^,]+),*" | dedup some_id | fields some_id ]   I've tried a bunch of variations of this with no luck. Including renaming field some_id to "search" as  some have said that would help. I don't necessarily need the original uri="/path/with/id/some_id" in the outer search but that would be nice to limit those results.
When you tested in the CLI, did you use Splunk's python interpreter (splunk cmd python ... )?  If not, then there may be differences in environments that prevent the command from running.  Verify all... See more...
When you tested in the CLI, did you use Splunk's python interpreter (splunk cmd python ... )?  If not, then there may be differences in environments that prevent the command from running.  Verify all imported modules are available via Splunk; those that are not should be added to your command's bin/lib directory. Check python.log for messages that might explain why the command isn't working.
@PickleRick - Can you please share sample syntax?
Hi, Please help me in extracting multivalue fields from email body logs: LOG: "Computer Name","Patch List Name","Compliance Status","Patch List Name1","Compliance Status1","OS Type1" "XXXX.e... See more...
Hi, Please help me in extracting multivalue fields from email body logs: LOG: "Computer Name","Patch List Name","Compliance Status","Patch List Name1","Compliance Status1","OS Type1" "XXXX.emea.intra","ACN - Windows Server - PL - Up to Oct24","Compliant","[ACN - Windows Server - PL - Up to Aug24] + [ACN - Windows Server - PL - Sep24]","Compliant","Windows" "XXXX.na.intra","ACN - Windows Server - PL - Up to Oct24","Compliant","[ACN - Windows Server - PL - Up to Aug24] + [ACN - Windows Server - PL - Sep24]","Compliant","Windows" Fields i want to extract are these: "Computer Name","Patch List Name","Compliance Status","Patch List Name1","Compliance Status1","OS Type1" I have applied rex to bring out all the fields  The rex is giving me total number of 3131 computer_names but when i am using mvexpand command to expand in into multiple rows , it is giving me only 1500 results not sure why rest are getting truncated. Attaching the search query and snippet for reference: index=mail "*tanium*" |spath=body |rex field=body max_match=0 "\"(?<Computer_name>.*)\",\"ACN" |rex field=body max_match=0 "\"(?<Computer_name1>.*)\",\"\[n" |rex field=Computer_name1 max_match=0 "(?<Computer_name2>.*)\",\"\[n" |eval Computer_name=mvappend(Computer_name,Computer_name2)|table Computer_name |dedup Computer_name | mvexpand Computer_name | makemv Computer_name delim="," index=mail "*tanium*" |spath=body |rex field=body max_match=0 "\"(?<Computer_name>.*)\",\"ACN" |rex field=body max_match=0 "\"(?<Computer_name1>.*)\",\"\[n" |rex field=Computer_name1 max_match=0 "(?<Computer_name2>.*)\",\"\[n" |eval Computer_name=mvappend(Computer_name,Computer_name2) |rex field=body max_match=0 "\,(?<Patch_List_Name1>.*)\"\[" |rex field=Patch_List_Name1 max_match=0 "\"(?<Patch_List_Name>.*)\",\"" |rex field=Patch_List_Name1 max_match=0 "\",\""(?<Compliance_status>.*)\" |table Computer_name Patch_List_Name Compliance_status |dedup Computer_name Patch_List_Name Compliance_status | eval tagged=mvzip(Computer_name,Patch_List_Name) | eval tagged=mvzip(tagged,Compliance_status) | mvexpand tagged | makemv tagged delim="," | eval Computer_name=mvindex(tagged,0) | eval Patch_List_Name=mvindex(tagged,1) |eval Compliance_status=mvindex(tagged,-1) |table Computer_name Patch_List_Name Compliance_status      
Hi @mwolfe , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by all the contributors
Try using single quotes for each parameter. This is how I fixed my error. Example: >./splunk add monitor /var/log -index 'main' -sourcetype 'linux'
  Hello @Strangertinz  Have you checked this?  https://community.splunk.com/t5/Getting-Data-In/Why-is-Windows-event-log-message-data-being-truncated-and-only/td-p/231310 Do you have any  other i... See more...
  Hello @Strangertinz  Have you checked this?  https://community.splunk.com/t5/Getting-Data-In/Why-is-Windows-event-log-message-data-being-truncated-and-only/td-p/231310 Do you have any  other issue with your sourcetype? If this is not working, please work with Splunk support, they might ask you generate a diag with DEBUG options to look out for the TRUNCATE message.   If this Helps, Please UpVote.
Inorder to get the response in json you want to add ?output_mode=json at the end of your rest api call url. Or you can add it as part of the payload.
@jbanAtSplunk Are you just seeing this errors on internal logs or are you stuck with the upgrade ( you cannot login)? (Thats telemetry information should've fixed in 9.3) Definitely you should reach... See more...
@jbanAtSplunk Are you just seeing this errors on internal logs or are you stuck with the upgrade ( you cannot login)? (Thats telemetry information should've fixed in 9.3) Definitely you should reach out to splunk support to get this checked. If this Helps, Please Upvote.    
Hi @abi2023 , It is not so clear to me if you want to apply color to the cells in the "user" column only if in a specific format and shape, so if you can clarify it would be nice. You can apply... See more...
Hi @abi2023 , It is not so clear to me if you want to apply color to the cells in the "user" column only if in a specific format and shape, so if you can clarify it would be nice. You can apply that to the table section in your XML code by adding the Format tag with type color. Under that, you specify the type of coloring logic that can be dynamic, range, scale, etc... For example, for a rule that will color the cells of User column whenever there is a value with a light green cell color: <format type="color" field="user"> <colorPalette type="expression">if (isnotnull(value), "#00ff3c", "#f24949") </colorPalette> </format> Green will be valid values, red will be empty/null value cells. Is something like that you're looking for? Full sample: <dashboard version="1.1" theme="dark"> <label>My Dashboard</label> <row> <panel> <table> <search> <query>MySearchString</query> <earliest>-15m</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> </search> <option name="count">100</option> <option name="dataOverlayMode">none</option> <option name="drilldown">none</option> <option name="percentagesRow">false</option> <option name="rowNumbers">false</option> <option name="totalsRow">false</option> <option name="wrap">true</option> <format type="color" field="user"> <colorPalette type="expression">if (isnotnull(value), "#00ff3c", "#f24949") </colorPalette> </format> </table> </panel> </row> </dashboard>  
Hi,  I am dealing with an issue where I am ingesting some logs that contains a few regular line then followed by xml data, but I am only seeing 1 event show up properly with the regular lines and ... See more...
Hi,  I am dealing with an issue where I am ingesting some logs that contains a few regular line then followed by xml data, but I am only seeing 1 event show up properly with the regular lines and 2 other events get cut short after ingesting the first few lines (examples below).  So each event is meant to be structured like event1 however they are cut and when I check the actual log file everything is present.  I tried changing the limits.conf and including maxKBps to 0 but no luck. [thruput] maxKBps = 0 Any other ideas as to what could be causing the issue?  Event1: 2024-11-01 10:04:24,488 23 INFO Sample1 - Customer:11111 ApiKey:xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx DateTime:2024-11-01 10:04:24 RequestBody: <?xml version="1.0" encoding="utf-16"?>........<closing tag> Event2: 2024-11-01 10:04:26,488 23 INFO Sample1 - Customer:11111 ApiKey:xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Event3:  2024-11-01 10:04:28,488 23 INFO Sample1 - Customer:11111 ApiKey:xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
FYI: the Baboon REST API is not free but it isn't expensive. We have used and it worked fine. As mentioned above, it is recommended to install and test it on a dev HF. 
I gave splunk table dashboard view. I need to highlight the "user" field all value with green. all these field value in number and letter. how do I highlight all the value with green. When select Col... See more...
I gave splunk table dashboard view. I need to highlight the "user" field all value with green. all these field value in number and letter. how do I highlight all the value with green. When select Color "values" I can only Automatic but it giving random color. how do I give only green.
@ITWhisperer  I couldn't paste the whole JSON so here is the sample.
There is no such thing as "corresponding value" between different multivalued fields. In case like yours you need to firstly parse out whole array into a multivalued field of json strings, do mvexpa... See more...
There is no such thing as "corresponding value" between different multivalued fields. In case like yours you need to firstly parse out whole array into a multivalued field of json strings, do mvexpand on that field and only then parse out single fields from those results.  
The link worked for us with version 3.2 of the WSO2 API Manger
"result":{"devices":[{"mac":"d8:43:ae:40:6a:c3","hostName":"DESKTOP-JDE9R7Q","medium":"ethernet","connectionState":"connected","connectionStateChangeAt":"2024-10-29T04:41:00.811Z","networkId":"defaul... See more...
"result":{"devices":[{"mac":"d8:43:ae:40:6a:c3","hostName":"DESKTOP-JDE9R7Q","medium":"ethernet","connectionState":"connected","connectionStateChangeAt":"2024-10-29T04:41:00.811Z","networkId":"default","favorite":false,"bandSteering":{"_version":"1.0.0","enable":false,"auto":true},"clientSteering":{"_version":"1.0.0","enable":true,"auto":true},"qos":{"prioritization":{"mode":"auto","realizedState":"ignore"}},"ip":"192.168.1.228","ipv6":["2600:6c55:7800:6c::107b","2600:6c55:7800:6c:403d:7bf4:2205:7e59","2600:6c55:7800:6c:90be:13dd:83dd:5ea3","fe80::eacd:8953:9d4f:94ab"],"steering":{},"name":"DESKTOP-JDE9R7Q","icon":"unknown","iconV2":"laptop-windows","category":"Laptop","osName":"Windows","health":{"status":"excellent","score":5,"details":null},"leafToRoot":[{"id":"f452465ee7ab","nickname":"f452465ee7ab"}],"alerts":[],"freeze":{"frozen":false,"suspended":{"id":"suspend","name":"Suspend","enable":false},"timeTemplates":[{"id":"untilMidnight","name":"Until End of Day","enable":false},{"id":"schoolNights","name":"School Nights","enable":false,"schedules":[{"times":[{"start":"20:00","end":"06:00"}],"daysOfWeek":[7,1,2,3,4]}]},{"id":"bedTime","name":"Bed Time","enable":false,"schedules":[{"times":[{"start":"20:00","end":"06:00"}],"daysOfWeek":[1,2,3,4,5,6,7]}]},{"id":"forever","name":"Indefinitely","enable":false}],"autoExpire":{"id":"autoExpire","enable":false,"expiresAt":null},"schedules":[],"forever":{"id":"forever","name":"Indefinitely","enable":false}},"locallyAdministeredShifty":false,"locallyAdministeredShiftyExpired":false,"locallyAdministeredMac":false,"accessZone":{"id":0,"type":"home","description":"Home","createdAt":"2024-10-30T16:48:50.189Z","_version":"1.0.0"},"firstConnectedAt":"2024-10-03T21:10:06.244Z","capabilities":{"radio24":false,"radio50":false,"radio60":false},"features":{},"isPartnerComponent":false,"kind":{"id":"windows","type":{"id":"windows","category":"Laptop","name":"Computer","icon":"unknown","iconV2":"laptop-windows","osName":"Windows","osVersion":"10.0","source":"rules","confidence":325},"category":"Laptop","name":"DESKTOP-JDE9R7Q","icon":"unknown","iconV2":"laptop-windows","osName":"Windows","osVersion":"10.0","source":"rules","confidence":325,"typeIdentified":false,"ohpCapable":false},"nickname":null,"plumeTypeIdentified":false,"customerTypeIdentified":false,"ohp":{"capable":false},"wpaMode":"","accessZoneType":"home","quarantine":{"enable":false,"anomalyBlacklist":[],"anomalyWhitelist":[]},"groupOfUnassignedDevices":true,"networkAccess":{"mode":"approved"}},{"mac":"90:dd:5d:d5:a1:2e","keyId":1,"hostName":"Living-Room","medium":"wifi","connectionState":"connected","connectionStateChangeAt":"2024-10-29T04:41:49.071Z","vapType":"home","networkId":"default","favorite":false,"bandSteering":{"_version":"1.0.0","enable":true,"auto":true},"clientSteering":{"_version":"1.0.0","enable":true,"auto":true},"qos":{"prioritization":{"mode":"auto","realizedState":"ignore"}},"ip":"192.168.1.206","ipv6":["2600:6c55:7800:6c:28e2:7128:e736:a0d7","2600:6c55:7800:6c:359c:ccb9:5198:5c58","2600:6c55:7800:6c:84a9:7a98:bdc1:29a5","2600:6c55:7800:6c:91cb:1c60:d7c1:4320","fd00:f452:465e:e7ac:8a9:3740:fe01:8930"],"channel":44,"freqBand":"5GL","steering":{},"name":"Living-Room","icon":"unknown","iconV2":"smartdevice-apple","brand":"Apple","health":{"score":5,"status":"excellent","details":null},"leafToRoot":[{"id":"SA91804F4A","nickname":"SA91804F4A","parentId":"f452465ee7ab","radio":"5GU","channel":157,"medium":"wifi"},{"id":"f452465ee7ab","nickname":"f452465ee7ab"}],"alerts":[],"freeze":{"frozen":false,"suspended":{"id":"suspend","name":"Suspend","enable":false},"timeTemplates":[{"id":"untilMidnight","name":"Until End of Day","enable":false},{"id":"schoolNights","name":"School Nights","enable":false,"schedules":[{"times":[{"start":"20:00","end":"06:00"}],"daysOfWeek":[7,1,2,3,4]}]},{"id":"bedTime","name":"Bed Time","enable":false,"schedules":[{"times":[{"start":"20:00","end":"06:00"}],"daysOfWeek":[1,2,3,4,5,6,7]}]},{"id":"forever","name":"Indefinitely","enable":false}],"autoExpire":{"id":"autoExpire","enable":false,"expiresAt":null},"schedules":[],"forever":{"id":"forever","name":"Indefinitely","enable":false}},"locallyAdministeredShifty":false,"locallyAdministeredShiftyExpired":false,"locallyAdministeredMac":false,"accessZone":{"id":0,"type":"home","description":"Home","createdAt":"2024-10-30T16:48:50.189Z","_version":"1.0.0"},"firstConnectedAt":"2024-10-03T22:44:22.704Z","capabilities":{"radio24":true,"radio50":true,"radio60":false},"features":{},"isPartnerComponent":false,"kind":{"id":"apple","type":{"id":"apple","brand":"Apple","icon":"unknown","iconV2":"smartdevice-apple","source":"rules","confidence":100},"brand":"Apple","name":"Living-Room","icon":"unknown","iconV2":"smartdevice-apple","source":"rules","confidence":100,"typeIdentified":false,"ohpCapable":false},"nickname":null,"plumeTypeIdentified":false,"customerTypeIdentified":false,"ohp":{"capable":false},"wpaMode":"psk2","accessZoneType":"home","quarantine":{"enable":false,"anomalyBlacklist":[],"anomalyWhitelist":[]},"groupOfUnassignedDevices":true,"networkAccess":{"mode":"auto"}},{"mac":"48:27:e2:ec:1c:24","keyId":1,"hostName":"espressif","medium":"wifi","connectionState":"connected","connectionStateChangeAt":"2024-10-29T04:41:56.063Z","vapType":"home","networkId":"default","favorite":false,"bandSteering":{"_version":"1.0.0","enable":false,"auto":true},"clientSteering":{"_version":"1.0.0","enable":true,"auto":true},"qos":{"prioritization":{"mode":"auto","realizedState":"ignore"}},"ip":"192.168.1.70","ipv6":[],"channel":1,"freqBand":"2.4G","steering":{},"name":"Espressif","icon":"unknown","iconV2":"iotplatform-espressif","category":"IoT Platform","brand":"Espressif","health":{"score":5,"status":"excellent","details":null},"leafToRoot":[{"id":"f452465ee7ab","nickname":"f452465ee7ab"}],"alerts":[],"freeze":{"frozen":false,"suspended":{"id":"suspend","name":"Suspend","enable":false},"timeTemplates":[{"id":"untilMidnight","name":"Until End of Day","enable":false},{"id":"schoolNights","name":"School Nights","enable":false,"schedules":[{"times":[{"start":"20:00","end":"06:00"}],"daysOfWeek":[7,1,2,3,4]}]},{"id":"bedTime","name":"Bed Time","enable":false,"schedules":[{"times":[{"start":"20:00","end":"06:00"}],"daysOfWeek":[1,2,3,4,5,6,7]}]},{"id":"forever","name":"Indefinitely","enable":false}],"autoExpire":{"id":"autoExpire","enable":false,"expiresAt":null},"schedules":[],"forever":{"id":"forever","name":"Indefinitely","enable":false}},"locallyAdministeredShifty":false,"locallyAdministeredShiftyExpired":false,"locallyAdministeredMac":false,"accessZone":{"id":0,"type":"home","description":"Home","createdAt":"2024-10-30T16:48:50.189Z","_version":"1.0.0"},"firstConnectedAt":"2024-10-03T22:44:07.254Z","capabilities":{"radio24":true,"radio50":false,"radio60":false},"features":{},"isPartnerComponent":false,"kind":{"id":"espressif-iotplatform","type":{"id":"espressif-iotplatform","category":"IoT Platform","brand":"Espressif","icon":"unknown","iconV2":"iotplatform-espressif","source":"rules","confidence":20},"category":"IoT Platform","brand":"Espressif","name":"Espressif","icon":"unknown","iconV2":"iotplatform-espressif","source":"rules","confidence":20,"typeIdentified":false,"ohpCapable":false},"nickname":null,"plumeTypeIdentified":false,"customerTypeIdentified":false,"ohp":{"capable":false},"wpaMode":"psk2","accessZoneType":"home","quarantine":{"enable":false,"anomalyBlacklist":[],"anomalyWhitelist":[]},"groupOfUnassignedDevices":true,"networkAccess":{"mode":"auto"}},{"mac":"c0:48:e6:a5:a5:7b","keyId":1,"hostName":"Samsung-33","medium":"wifi","connectionState":"connected","connectionStateChangeAt":"2024-10-29T04:42:00.362Z","vapType":"home","networkId":"default","favorite":false,"bandSteering":{"_version":"1.0.0","enable":false,"auto":true},"clientSteering":{"_version":"1.0.0","enable":true,"auto":true},"qos":{"prioritization":{"mode":"auto","realizedState":"ignore"}},"ip":"192.168.1.209","ipv6":["2600:6c55:7800:6c::145d","fe80::c248:e6ff:fea5:a57b"],"channel":6,"freqBand":"2.4G","steering":{},"name":"Samsung","icon":"unknown","iconV2":"smartdevice-samsung","brand":"Samsung","health":{"score":5,"status":"excellent","details":null},"leafToRoot":[{"id":"SA91804F4A","nickname":"SA91804F4A","parentId":"f452465ee7ab","radio":"5GU","channel":157,"medium":"wifi"},{"id":"f452465ee7ab","nickname":"f452465ee7ab"}],"alerts":[],"freeze":{"frozen":false,"suspended":{"id":"suspend","name":"Suspend","enable":false},"timeTemplates":[{"id":"untilMidnight","name":"Until End of Day","enable":false},{"id":"schoolNights","name":"School Nights","enable":false,"schedules":[{"times":[{"start":"20:00","end":"06:00"}],"daysOfWeek":[7,1,2,3,4]}]},{"id":"bedTime","name":"Bed Time","enable":false,"schedules":[{"times":[{"start":"20:00","end":"06:00"}],"daysOfWeek":[1,2,3,4,5,6,7]}]},{"id":"forever","name":"Indefinitely","enable":false}],"autoExpire":{"id":"autoExpire","enable":false,"expiresAt":null},"schedules":[],"forever":{"id":"forever","name":"Indefinitely","enable":false}},"locallyAdministeredShifty":false,"locallyAdministeredShiftyExpired":false,"locallyAdministeredMac":false,"accessZone":{"id":0,"type":"home","description":"Home","createdAt":"2024-10-30T16:48:50.189Z","_version":"1.0.0"},"firstConnectedAt":"2024-10-04T05:46:20.274Z","capabilities":{"radio24":true,"radio50":false,"radio60":false},"features":{},"isPartnerComponent":false,"kind":{"id":"samsung","type":{"id":"samsung","brand":"Samsung","icon":"unknown","iconV2":"smartdevice-samsung","source":"rules","confidence":100},"brand":"Samsung","name":"Samsung","icon":"unknown","iconV2":"smartdevice-samsung","source":"rules","confidence":100,"typeIdentified":false,"ohpCapable":false},"nickname":null,"plumeTypeIdentified":false,"customerTypeIdentified":false,"ohp":{"capable":false},"wpaMode":"psk2","accessZoneType":"home","quarantine":{"enable":false,"anomalyBlacklist":[],"anomalyWhitelist":[]},"groupOfUnassignedDevices":true,"networkAccess":{"mode":"auto"}},{"mac":"54:3a:d6:5a:4a:38","keyId":1,"hostName":"Samsung-29","medium":"wifi","connectionState":"connected","connectionStateChangeAt":"2024-10-29T04:46:53.982Z","vapType":"home","networkId":"default","favorite":false,"bandSteering":{"_version":"1.0.0","enable":true,"auto":true},"clientSteering":{"_version":"1.0.0","enable":true,"auto":true},"qos":{"prioritization":{"mode":"auto","realizedState":"ignore"}},"ip":"192.168.1.125","ipv6":["2600:6c55:7800:6c::18c6","fe80::563a:d6ff:fe5a:4a38"],"channel":157,"freqBand":"5G","steering":{},"name":"Samsung","icon":"unknown","iconV2":"smartdevice-samsung","brand":"Samsung","health":{"score":5,"status":"excellent","details":null},"leafToRoot":[{"id":"f452465ee7ab","nickname":"f452465ee7ab"}],"alerts":[],"freeze":{"frozen":false,"suspended":{"id":"suspend","name":"Suspend","enable":false},"timeTemplates":[{"id":"untilMidnight","name":"Until End of Day","enable":false},{"id":"schoolNights","name":"School Nights","enable":false,"schedules":[{"times":[{"start":"20:00","end":"06:00"}],"daysOfWeek":[7,1,2,3,4]}]},{"id":"bedTime","name":"Bed Time","enable":false,"schedules":[{"times":[{"start":"20:00","end":"06:00"}],"daysOfWeek":[1,2,3,4,5,6,7]}]},{"id":"forever","name":"Indefinitely","enable":false}],"autoExpire":{"id":"autoExpire","enable":false,"expiresAt":null},"schedules":[],"forever":{"id":"forever","name":"Indefinitely","enable":false}},"locallyAdministeredShifty":false,"locallyAdministeredShiftyExpired":false,"locallyAdministeredMac":false,"accessZone":{"id":0,"type":"home","description":"Home","createdAt":"2024-10-30T16:48:50.189Z","_version":"1.0.0"},"firstConnectedAt":"2024-10-03T22:44:37.294Z","capabilities":{"radio24":true,"radio50":true,"radio60":false},"features":{},"isPartnerComponent":false,"kind":{"id":"samsung","type":{"id":"samsung","brand":"Samsung","icon":"unknown","iconV2":"smartdevice-samsung","source":"rules","confidence":100},"brand":"Samsung","name":"Samsung","icon":"unknown","iconV2":"smartdevice-samsung","source":"rules","confidence":100,"typeIdentified":false,"ohpCapable":false},"nickname":null,"plumeTypeIdentified":false,"customerTypeIdentified":false,"ohp":{"capable":false},"wpaMode":"psk2","accessZoneType":"home","quarantine":{"enable":false,"anomalyBlacklist":[],"anomalyWhitelist":[]},"groupOfUnassignedDevices":true,"networkAccess":{"mode":"auto"}}
2024-11-01 12:25:49,065 +0000 ERROR startup:116 - Unable to read in product version information; isSessionKeyDefined=False error=__init__() got an unexpected keyword argument 'context' 2024-11-01 12... See more...
2024-11-01 12:25:49,065 +0000 ERROR startup:116 - Unable to read in product version information; isSessionKeyDefined=False error=__init__() got an unexpected keyword argument 'context' 2024-11-01 12:25:49,066 +0000 INFO startup:148 - Splunk appserver version=UNKNOWN_VERSION build=000 isFree=False isTrial=True productType=splunk instanceType=UNKNOWN 2024-11-01 12:25:49,066 +0000 INFO decorators:130 - loading uri: /en-US/ 2024-11-01 12:25:49,068 +0000 INFO error:342 - GET /en-US/ 127.0.0.1 8065 2024-11-01 12:25:49,068 +0000 INFO error:345 - 500 Internal Server Error The server encountered an unexpected condition which prevented it from fulfilling the request. 2024-11-01 12:25:49,068 +0000 ERROR error:346 - Traceback (most recent call last): File "/opt/splunk/lib/python3.9/site-packages/cherrypy/_cprequest.py", line 628, in respond self._do_respond(path_info) File "/opt/splunk/lib/python3.9/site-packages/cherrypy/_cprequest.py", line 687, in _do_respond response.body = self.handler() File "/opt/splunk/lib/python3.9/site-packages/cherrypy/lib/encoding.py", line 219, in __call__ self.body = self.oldhandler(*args, **kwargs) File "/opt/splunk/lib/python3.9/site-packages/splunk/appserver/mrsparkle/lib/htmlinjectiontoolfactory.py", line 78, in wrapper resp = handler(*args, **kwargs) File "/opt/splunk/lib/python3.9/site-packages/cherrypy/_cpdispatch.py", line 54, in __call__ return self.callable(*self.args, **self.kwargs) File "&lt;/opt/splunk/lib/python3.9/site-packages/decorator.py:decorator-gen-1740&gt;", line 2, in index File "/opt/splunk/lib/python3.9/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 52, in rundecs return fn(*a, **kw) File "&lt;/opt/splunk/lib/python3.9/site-packages/decorator.py:decorator-gen-1738&gt;", line 2, in index File "/opt/splunk/lib/python3.9/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 134, in check return fn(self, *a, **kw) File "&lt;/opt/splunk/lib/python3.9/site-packages/decorator.py:decorator-gen-1737&gt;", line 2, in index File "/opt/splunk/lib/python3.9/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 185, in validate_ip return fn(self, *a, **kw) File "&lt;/opt/splunk/lib/python3.9/site-packages/decorator.py:decorator-gen-1736&gt;", line 2, in index File "/opt/splunk/lib/python3.9/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 264, in preform_sso_check update_session_user(sessionKey, remote_user) File "/opt/splunk/lib/python3.9/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 207, in update_session_user en = splunk.entity.getEntity('authentication/users', user, sessionKey=sessionKey) File "/opt/splunk/lib/python3.9/site-packages/splunk/entity.py", line 276, in getEntity serverResponse, serverContent = rest.simpleRequest(uri, getargs=kwargs, sessionKey=sessionKey, raiseAllErrors=True) File "/opt/splunk/lib/python3.9/site-packages/splunk/rest/__init__.py", line 573, in simpleRequest h = httplib2.Http(timeout=timeout, proxy_info=None, context=ctx) TypeError: __init__() got an unexpected keyword argument 'context'
Hello team, I’ve developed a custom command script that works perfectly when executed through the CLI, but it fails to run in the Splunk Web UI. I suspect this may be due to permissions or configura... See more...
Hello team, I’ve developed a custom command script that works perfectly when executed through the CLI, but it fails to run in the Splunk Web UI. I suspect this may be due to permissions or configuration issues, as both environments might not be using the same settings. Details Environment: Splunk Enterprise 9.2.2 Script: A custom Python script located in the bin directory of my app. The script runs successfully when executed via the CLI, but in the UI, it either returns errors or no results. Troubleshooting Steps Taken Verified that the script is in the correct bin directory with appropriate execution permissions. Checked commands.conf, authorization.conf, app.conf files for any configuration inconsistencies. Ensured that roles in the UI environment have the necessary permissions. Could this issue be related to role-based restrictions or specific configurations in the UI? Any insights on additional configuration checks or steps to align CLI and UI permissions would be greatly appreciated. Thank you in advance!