All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

I am using JAVA SDK to display data on screen. There was no error in version 1.6.0, which I initially used. However, after updating to 1.6.3, the following error appeared. This error is "java.l... See more...
I am using JAVA SDK to display data on screen. There was no error in version 1.6.0, which I initially used. However, after updating to 1.6.3, the following error appeared. This error is "java.lang.NumberFormatException: multiple points". This happens randomly when a service connects or a job is performed. 2024-10-21 12:16:53.899 ERROR 2732 --- [nio-8090-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] threw exception   java.lang.NumberFormatException: multiple points at java.base/jdk.internal.math.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1890) ~[na:na] Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:  Assembly trace from producer [reactor.core.publisher.MonoCompletionStage] : reactor.core.publisher.Mono.fromCompletionStage(Mono.java:549) org.springframework.core.ReactiveAdapterRegistry$ReactorRegistrar.lambda$registerAdapters$4(ReactiveAdapterRegistry.java:241) Error has been observed at the following site(s): |_ Mono.fromCompletionStage ⇢ at org.springframework.core.ReactiveAdapterRegistry$ReactorRegistrar.lambda$registerAdapters$4(ReactiveAdapterRegistry.java:241) Stack trace: at java.base/jdk.internal.math.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1890) ~[na:na] at java.base/jdk.internal.math.FloatingDecimal.parseDouble(FloatingDecimal.java:110) ~[na:na] at java.base/java.lang.Double.parseDouble(Double.java:543) ~[na:na] at java.base/java.text.DigitList.getDouble(DigitList.java:169) ~[na:na] at java.base/java.text.DecimalFormat.parse(DecimalFormat.java:2126) ~[na:na] at java.base/java.text.SimpleDateFormat.subParse(SimpleDateFormat.java:1933) ~[na:na] at java.base/java.text.SimpleDateFormat.parse(SimpleDateFormat.java:1541) ~[na:na] at java.base/java.text.DateFormat.parse(DateFormat.java:393) ~[na:na] at com.splunk.Value.toDate(Value.java:109) ~[splunk-1.6.3.0.jar:1.6.3] at com.splunk.Resource.load(Resource.java:166) ~[splunk-1.6.3.0.jar:1.6.3] at com.splunk.Entity.load(Entity.java:356) ~[splunk-1.6.3.0.jar:1.6.3] at com.splunk.Job.refresh(Job.java:940) ~[splunk-1.6.3.0.jar:1.6.3] at com.splunk.JobCollection.create(JobCollection.java:90) ~[splunk-1.6.3.0.jar:1.6.3] at com.splunk.JobCollection.create(JobCollection.java:108) ~[splunk-1.6.3.0.jar:1.6.3] at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.4.jar:5.3.4] at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:779) ~[spring-aop-5.3.4.jar:5.3.4] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.4.jar:5.3.4] at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) ~[spring-aop-5.3.4.jar:5.3.4] at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115) ~[spring-aop-5.3.4.jar:5.3.4] at org.springframework.aop.interceptor.AsyncExecutionAspectSupport.lambda$doSubmit$3(AsyncExecutionAspectSupport.java:276) ~[spring-aop-5.3.4.jar:5.3.4] at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run$$$capture(CompletableFuture.java:1700) ~[na:na] at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java) ~[na:na   Has anyone solved this error?  
Hi, I have an log which show currency field and it will have all the valid currency codes like JPY, CNY, USD etc.. I need to add a dropdown on top with currency value, but my  query i should differ... See more...
Hi, I have an log which show currency field and it will have all the valid currency codes like JPY, CNY, USD etc.. I need to add a dropdown on top with currency value, but my  query i should differentiate between local and foreign currency, for example user have to search by selecting 1st option as JPY and another option should list me all the other currency except JPY, I am not sure if this possible in splunk, need experts advice here. Currency Amount Card Brand JPY 100 XXX CNY 100 XYZ INR 100 UUU
Yes both parameters password and oldpassword are correct and yes I'm trying to update local user
In the new update of TrendVision One Splunk for XDR, there is a new input configuration called 'Detection.' However, I am confused about whether OAT or Detection should be enabled, as they cannot be ... See more...
In the new update of TrendVision One Splunk for XDR, there is a new input configuration called 'Detection.' However, I am confused about whether OAT or Detection should be enabled, as they cannot be enabled simultaneously. Which one should be enabled in both cases?
The palo alto server transmit the syslog with the port 5514. (514 port was in use) And I search with the query "source="udp:5514"". Is there any problem in the query ?
Thank you for your reply. There are two add-ons "Palo Alto Networks Add-on" and "Splunk Add-on for Palo Alto Networks". Is there okay to go with either one ? The video I referred on Youtube was ab... See more...
Thank you for your reply. There are two add-ons "Palo Alto Networks Add-on" and "Splunk Add-on for Palo Alto Networks". Is there okay to go with either one ? The video I referred on Youtube was about "Palo Alto Networks Add-on", and search result was displayed successfully. I confirmed that the splunk server could received the syslog packets successfully using tshark. what is the problem in displaying the search results.
Hi all, I am trying to understand data in sourcetype=pan:hipmatch for a VPN posture check use case. Has anyone developed or know of any dashboards developed on pan:hip match data and what fields can... See more...
Hi all, I am trying to understand data in sourcetype=pan:hipmatch for a VPN posture check use case. Has anyone developed or know of any dashboards developed on pan:hip match data and what fields can be use to correlate it with pan:globalprotect. Appreciate any pointers
Hi @Pcktech, Do your forwarders synchronize their clocks with an external source? If yes, have you confirmed whether clock synchronization occurred around the time of the first execution? For examp... See more...
Hi @Pcktech, Do your forwarders synchronize their clocks with an external source? If yes, have you confirmed whether clock synchronization occurred around the time of the first execution? For example: 07:02:00 - scheduler queues task 07:02:01 - clock is synchronized with external source and set to 07:01:57 07:01:58 - scheduler executes task 07:02:00 - scheduler queues task 07:02:01 - scheduler executes task If the forwarder logs do not indicate a step backwards, clock synchronization may still have occurred after the task was queued but before any events were logged.
Hi @Ethil, As far as I can tell, the et and lt query parameters are only used with input-search and not input-dashboard etc.
I found this old bug "SPL-109918"  combined with a different issue though.  Thanks.      
Hi @catta99, In your JavaScript source, you can use jQuery selectors to attach a click event handler to an object. In this example, I define a button with id="button1" in button_test.xml and attach... See more...
Hi @catta99, In your JavaScript source, you can use jQuery selectors to attach a click event handler to an object. In this example, I define a button with id="button1" in button_test.xml and attach a click event handler in button_test.js: <!-- button_test.xml --> <dashboard version="1.1" theme="light" script="button_test.js"> <label>button_test</label> <row> <panel> <html> <button id="button1">Button 1</button> </html> </panel> </row> </dashboard> // button_test.js require([ "jquery", "splunkjs/mvc", "splunkjs/mvc/simplexml/ready!" ], function($, mvc) { $("#button1").on("click", function() { alert("Button 1 clicked."); }); }); When button1 is clicked, the browser displays a dialog box with the message "Button 1 clicked." SplunkJS is documented at https://dev.splunk.com/enterprise/docs/developapps/visualizedata/usewebframework/, where you can find example JavaScript templates. RequireJS is documented at https://requirejs.org/docs/api.html#jsfiles, but its use is limited to the require([...], function(...) {}); shown above. jQuery selectors are documented at https://api.jquery.com/category/selectors/. The jQuery click event is documented at https://api.jquery.com/click/.  
There is no single answer to a general sizing question. All general guidelines may not apply in your specific use case. Typically you scale search head layer out horizontally when you have either ma... See more...
There is no single answer to a general sizing question. All general guidelines may not apply in your specific use case. Typically you scale search head layer out horizontally when you have either many users who work on your environment simultaneously and you want to spread the load across many nodes or you have many saved searches so that your scheduler can distribute the search activity across SHC nodes. Just remember that SHC does _not_ help you with a single search performance and it does _not_ help you for a single user session - those are always limited by single SH parameters and load.
Neither is relevant.  Ingest rate applies to indexers, not search heads.
Hi @TahWee, Just in case: Did you email the address on the contact tab in Splunkbase? They are also active in the community and probably respond to direct messages. They are also easy to locate on... See more...
Hi @TahWee, Just in case: Did you email the address on the contact tab in Splunkbase? They are also active in the community and probably respond to direct messages. They are also easy to locate on LinkedIn by cross-referencing their name with Splunk and recent activity.
Thanks! Could you elaborate more on EPS OR GB/Day?
Ignore that warning (it's just a warning).  The important part is "Login failed", which means you used the wrong credentials.
When the biggest server available to you isn't enough for the search load then it's time for a SHC.
Just include X in the rex pattern with the correct relationship to the anchors for your field extraction | rex "X.*anchor1(?<field1>pattern1)" | rex "Y.*anchor2(?<field2>pattern2)"
@victor_menezes Which version of Splunk are you using that supports this syntax of rex?
index=someIndex [| makeresults | eval earliest=$token_epoch$ | eval latest=earliest+604800 | table earliest latest]