All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

btool is a own program in $SPLUNK_HOME/bin It is a bit more tricky to use because you have to be in splunk env. I tested successful following procedure on UF 9.2.2 . /opt/splunkforwarder/bin/set... See more...
btool is a own program in $SPLUNK_HOME/bin It is a bit more tricky to use because you have to be in splunk env. I tested successful following procedure on UF 9.2.2 . /opt/splunkforwarder/bin/setSplunkEnv btool inputs list  without sourcing the Splunk Env you get missing libraries error: /opt/splunkforwarder/bin/btool inputs list /opt/splunkforwarder/bin/splunkd: error while loading shared libraries: libmongoc-1.0.so.0: cannot open shared object file: No such file or directory  
Thank you for your advice, I ignored the token content and cloesd it.
Yep,I can use useraccount&password to do it.
@sylviee_o  It appears you're upgrading from a much older version of Splunk to 9.4.x, which is causing the issue shown in your screenshot. To resolve this, you need to follow the supported upgrade p... See more...
@sylviee_o  It appears you're upgrading from a much older version of Splunk to 9.4.x, which is causing the issue shown in your screenshot. To resolve this, you need to follow the supported upgrade path to ensure all components, including KV Store, are properly updated. Skipping intermediate versions can result in compatibility problems and failed upgrades. Before upgrading to 9.4.x, verify that your KV Store server version is at least 4.2. If it isn't, first upgrade to an intermediate version (such as 9.3.x) that brings KV Store to the required level, then proceed to 9.4.x. Also refer, #https://docs.splunk.com/Documentation/Splunk/9.4.2/Admin/MigrateKVstore Regards, Prewin Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!
@jessieb_83  Do your proxy log events include fields that identify a user or a device (such as src, dest, src_ip, dest_ip, host ...)? Typically, proxy logs should be mapped to the Web data model. C... See more...
@jessieb_83  Do your proxy log events include fields that identify a user or a device (such as src, dest, src_ip, dest_ip, host ...)? Typically, proxy logs should be mapped to the Web data model. Check that your logs contain the necessary fields for proper mapping. Regards, Prewin Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!
@HA-01  Looks like app doesn't support fetching Dynamic test data.Ref #https://docs.appdynamics.com/appd/24.x/latest/en/end-user-monitoring/thousandeyes-integration-with-browser-real-user-monitoring... See more...
@HA-01  Looks like app doesn't support fetching Dynamic test data.Ref #https://docs.appdynamics.com/appd/24.x/latest/en/end-user-monitoring/thousandeyes-integration-with-browser-real-user-monitoring/thousandeyes-network-metrics-in-browser-rum #https://docs.thousandeyes.com/product-documentation/integration-guides/custom-built-integrations/splunk-app You can consider using ThousandEyes API calls to pull Dynamic data. #https://developer.cisco.com/docs/thousandeyes/create-endpoint-dynamic-test/ #https://docs.thousandeyes.com/product-documentation/end-user-monitoring/viewing-data/endpoint-agent-automated-session-tests-view Regards, Prewin Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!
1. Is it a fresh installation or an upgrade? 2. You have the immediate debugging steps on screen.
Could be. I didn't copy-paste it but written here by hand so there might have been a typo.
Thank you for your reply. I checked the internal log, but there were no errors related to ThousandEyes Dynamic tests. Therefore, I checked whether the App is configured to retrieve Dynamic test dat... See more...
Thank you for your reply. I checked the internal log, but there were no errors related to ThousandEyes Dynamic tests. Therefore, I checked whether the App is configured to retrieve Dynamic test data in the first place. Upon reviewing the thousandeyes_constant.py file, I found that ENDPOINT_TEST_TYPES = ["agent-to-server", "http-server"] does not include “Dynamic.” This indicates that the current specification does not support retrieving Dynamic test data.
I have a feeling that using tokens in the count part of the XML config was broken at some point. It used to work, then it stopped working, but now I tested again, it does work - what version are you ... See more...
I have a feeling that using tokens in the count part of the XML config was broken at some point. It used to work, then it stopped working, but now I tested again, it does work - what version are you on?  
Hello everyone, I use a Dell Windows laptop, and after downloading the Splunk enterprise 9.4.3 app for Windows, I'm unable to install it because of an error prompt. Please, can I get a step by step a... See more...
Hello everyone, I use a Dell Windows laptop, and after downloading the Splunk enterprise 9.4.3 app for Windows, I'm unable to install it because of an error prompt. Please, can I get a step by step approach on fixing this?  
This did work, but had to remove the s on optimizations and presto. Thank you.
@oawill  mltk_ai_commander_dataset.csv is a training dataset that ships with MLTK 5.6.0 and higher specifically for hands-on exercises with the LLM integrations feature. This dataset contains exampl... See more...
@oawill  mltk_ai_commander_dataset.csv is a training dataset that ships with MLTK 5.6.0 and higher specifically for hands-on exercises with the LLM integrations feature. This dataset contains example data used to train models to distinguish between malicious and benign PowerShell scripts. Since this is an example training dataset provided by Splunk for educational/demonstration purposes with the MLTK, the specific authorship and attribution details may not be extensively documented in the traditional dataset credits format. The dataset is designed as sample data for users to practice with the AI Commander functionality. If this Helps, Please Upvote.
Hi @bellb  There isnt a published PDF, however if you go to https://help.splunk.com/en/splunk-enterprise/release-notes-and-updates/release-notes/9.4/whats-new/welcome-to-splunk-enterprise-9.4 and cl... See more...
Hi @bellb  There isnt a published PDF, however if you go to https://help.splunk.com/en/splunk-enterprise/release-notes-and-updates/release-notes/9.4/whats-new/welcome-to-splunk-enterprise-9.4 and click on the Print button, you should hopefully be able to save it as / print to PDF.  Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing  
I am trying to find the Dataset Credits for mltk_ai_commander.csv, which comes with MLTK 5.6.0 and higher, according to the user guide. I checked the MLTK Dataset Credits page, but it looks like it h... See more...
I am trying to find the Dataset Credits for mltk_ai_commander.csv, which comes with MLTK 5.6.0 and higher, according to the user guide. I checked the MLTK Dataset Credits page, but it looks like it hasn't been updated for this version yet. Does anyone know if there is somewhere else I can find authorship or attribution information?
Can I get a PDF of the Splunk Enterprise 9.4.3 Release Notes?
OK. It seems that even with "where" Splunk optimizes this search and it turns into index=whatever source=CASE("stderr") "stderr" Which obviously again searches for the source as indexed field only.... See more...
OK. It seems that even with "where" Splunk optimizes this search and it turns into index=whatever source=CASE("stderr") "stderr" Which obviously again searches for the source as indexed field only. (same goes  You can make it work if you disable optimizations index=whatever stderr | noop search_optimization=false | where source="stderr"  
This is happening because I`ve got this set up, and it looks like the only way to refresh is to enter edit mode and exit without saving. Any ideas ? cc @livehybrid  <option name="count">$row_count_t... See more...
This is happening because I`ve got this set up, and it looks like the only way to refresh is to enter edit mode and exit without saving. Any ideas ? cc @livehybrid  <option name="count">$row_count_tok$</option>
That is intriguing because I was pretty sure it would work. I tried to recreate your case locally with makeresults | collect and it indeed doesn't find it with where. I'll keep digging.
For some additional context — the dashboard actually works unless I switch from portrait to landscape or the other way round. When that happens, the only way to resolve is to enter edit mode and then... See more...
For some additional context — the dashboard actually works unless I switch from portrait to landscape or the other way round. When that happens, the only way to resolve is to enter edit mode and then exit without making any changes. Simply refreshing the page doesn't work as expected, although the token does update automatically (I`ve got the token in a title so I can view it`s values).