All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

I tried this solution but still facing the same issue
  The error message is generated only for these specific event codes
Hello @ITWhisperer ,    Thanks for your resposne!    If you don't mind changing the code as well. Thansk a lot for your resposne!
Hi, I'm looking for advise how often should I upgrade Splunk Universal Forwarder - what is the best practice for this. In the https://docs.splunk.com/Documentation/SplunkCloud/9.2.2406/Admin/Upgrad... See more...
Hi, I'm looking for advise how often should I upgrade Splunk Universal Forwarder - what is the best practice for this. In the https://docs.splunk.com/Documentation/SplunkCloud/9.2.2406/Admin/UpgradeyourForwarders  stays: As a best practice, run the most recent forwarder version, even if the forwarder is a higher version number than your Splunk Cloud Platform environment. But is it really good practice to install the latest version? How do you do this in your environment?
I have the same issue and even after enabling the deployment client via cli it still says its disabled. What was the fix for your issue?
Thankyou for your information, maybe i will checking it in latest Sourcetype generate default by splunk yesterday. So i can validating directory paths for inputs.conf
Having converted the number to hex, perform 16 replacements, starting with 0, then 1, replacing the hex digit with the corresponding binary equivalent.
Yes, but in /var/log there are many different kinds of files (and typically even many different kinds of events within some files) and each of them should be parsed differently. If you just ingest al... See more...
Yes, but in /var/log there are many different kinds of files (and typically even many different kinds of events within some files) and each of them should be parsed differently. If you just ingest all of them into one big "sack", you will most definitely lose at least some info (like properly parsed timestamps on some events) and you will not have properly parsed fields for many of those events. So if you have - for example - /var/log/exim/main.log you should ingest it separately with exim_main sourcetyp (and reject.log should have own input stanza with exim_reject sourcetype). Apache httpd access logs should be ingested separately with one of the access_* sourcetypes depending on your apache configuration. And so on. If you just pull everything with one generic sourcetype... well, you can do a full-text search but not much more. You're losing a lot of functionality.
Hello @ITWhisperer ,    Thanks for that.    I'm currebtly using Splunk Enterprise with Version 9.1.1, So thats the reason.    Any alternative way to work on this with this version? Thanks for... See more...
Hello @ITWhisperer ,    Thanks for that.    I'm currebtly using Splunk Enterprise with Version 9.1.1, So thats the reason.    Any alternative way to work on this with this version? Thanks for pointing it out. regards, Manoj Kumar S
OK so there is probably something different about the search which is not working - perhaps if you shared that with us we might be able to spot something, but at the moment this knowledge is unavaila... See more...
OK so there is probably something different about the search which is not working - perhaps if you shared that with us we might be able to spot something, but at the moment this knowledge is unavailable to us.
Check out: ansible.builtin.file module – Manage files and file properties — Ansible Community Documentation - name: Recursively change ownership of a directory ansible.builtin.file: path: /etc... See more...
Check out: ansible.builtin.file module – Manage files and file properties — Ansible Community Documentation - name: Recursively change ownership of a directory ansible.builtin.file: path: /etc/foo state: directory recurse: yes owner: foo group: foo
bit-wise functions only came into Splunk Enterprise in 9.2.0 and in 9.1 in Cloud Services (according to the documentation) - which version of Splunk are you using?
"binary" only came into Splunk Enterprise in 9.2.0 and doesn't appear to be in Cloud Services yet (according to the documentation)
Hello @yuanliu ,    Thanks for your response!     I'm having this error "Error in 'EvalCommand': The arguments to the 'tostring' function are invalid.", can you please help me in this. Thanks ... See more...
Hello @yuanliu ,    Thanks for your response!     I'm having this error "Error in 'EvalCommand': The arguments to the 'tostring' function are invalid.", can you please help me in this. Thanks in advance!
@mayankrojo- Your Technology Add-on seems to be built by UCC Framework of Splunk. Which as of today not providing option to hide that button. https://splunk.github.io/addonfactory-ucc-generator/open... See more...
@mayankrojo- Your Technology Add-on seems to be built by UCC Framework of Splunk. Which as of today not providing option to hide that button. https://splunk.github.io/addonfactory-ucc-generator/openapi/   I hope this helps!!!
@nicholaszn- Easiest thing to do is load your existing Add-on on to Add-on Builder and re-build the Add-on with new version, will automatically upgrade all the libraries.   I hope this helps!!!
Thankyou for your information, reason why i create /var/log because i want ingest everything in /log and Splunk do it perfectly.  It will be named default by Splunk but its okay  And for .bash_h... See more...
Thankyou for your information, reason why i create /var/log because i want ingest everything in /log and Splunk do it perfectly.  It will be named default by Splunk but its okay  And for .bash_history i input that because that's a request.  Once again thanks sir, now i no need worries anymore about this newIndex size.  
@sbel- It is not recommend to install the package on install of App/Add-on, for a lot of reasons, it always good idea to bundle it as part of the App/Add-on build. Now the case of what OS version Sp... See more...
@sbel- It is not recommend to install the package on install of App/Add-on, for a lot of reasons, it always good idea to bundle it as part of the App/Add-on build. Now the case of what OS version Splunk Cloud is running, you can ask this to Splunk Cloud Support.   I hope this helps!!! Kindly upvote if it does!!
@vjsplunk- If that is the case and you said you are not using base-searches then the only issue could be browser caching or cookie issue. Try incognito window.
Yes. If I open the panel from "Open in Search" it is giving the results.