While trying to list the base searches, the context menu redirects to http://<search_head_server>.local:8000/en-GB/app/itsi/kpi_base_searches_lister However, an empty page is being returned. The Browser inspector indicated 404 (Not Found) error. Any pointers?  

Hello, till few weeks ago we were using site https://www.splunk.com/page/securityportal to check for Splunk vulnerabilities but the structure of the page changed and now there is no information about last know vulnerability. Can you redirect me to the new site if it exists or to the different possibilities to check Splunk related vulnerabilities.   Thank you.

I've got the service monitoring in place and now I want to run ad-hoc tests. How do we spoof fake alarms and see how the impact relationship within the service model change? I figured the following two options: Used the stressors (Linux Stressor-ng https://www.mankier.com/1/stress-ng#Examples) on the servers to increase or decrease the resource consumption. This option is not so fast for customer demonstrations when it comes to break and fix things quickly. Ingest fake alarms using HEC towards the itsi_tracked_alerts index. I managed to get this working using curl, however, the event doesn’t seem to associate with the metrics. Do you have any tips for achieving this use case? Are there any other options available?

Hi Appdynamics Gurus, I am new here and using a trial license trying Appdynamics. I have installed machine agent via rpm way on my 3 linux servers: 2 of them had Javahardwaremonitor enabled and the rest had Hardwaremonitor enabled. All of the 3 machine agents had been started successfully from log files. However, there is nothing displayed in the controller dashboard: From the log files, all of the agents are at: INFO ServersDataCollector - Started servers data collector - DataCollectorConfig(samplingInterval=30001, componentNames=[remote.volumes, partitions]) INFO ServersDataCollector - Started servers data collector - DataCollectorConfig(samplingInterval=3000, componentNames=[memory, partitions, volumes, cpus]). May I know what I should do to have the data displayed? Btw, the machine agent I am using is appdynamics-machine-agent-21.10.0.3188.x86_64.rpm. Thanks. Jason

Hi All, @ehaddad_splunk We have recently upgraded splunk core version to 8.2 and upgraded the solarwinds add on to 1.2.0 but since the configuration page is not loading and i see this error  "Unable to initialize modular input "solwarwinds_query" defined in the app "Splunk_TA_SolarWinds": Introspecting scheme=solwarwinds_query: script running failed (PID 7531 exited with code 1).." also there are other errors in the Splunk Logs "11-08-2021 17:06:29.732 +1100 ERROR AdminManagerExternal [8127 TcpChannelThread] - Stack trace from python handler:\nTraceback (most recent call last):\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/splunktaucclib/rest_handler/handler.py", line 117, in wrapper\n for name, data, acl in meth(self, *args, **kwargs):\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/splunktaucclib/rest_handler/handler.py", line 179, in all\n **query\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/solnlib/packages/splunklib/binding.py", line 289, in wrapper\n return request_fun(self, *args, **kwargs)\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/solnlib/packages/splunklib/binding.py", line 71, in new_f\n val = f(*args, **kwargs)\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/solnlib/packages/splunklib/binding.py", line 679, in get\n response = self.http.get(path, all_headers, **query)\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/solnlib/packages/splunklib/binding.py", line 1183, in get\n return self.request(url, { 'method': "GET", 'headers': headers })\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/solnlib/packages/splunklib/binding.py", line 1244, in request\n raise HTTPError(response)\nsolnlib.packages.splunklib.binding.HTTPError: HTTP 404 Not Found -- {"messages":[{"type":"ERROR","text":"Not Found"}]}\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 151, in init\n hand.execute(info)\n File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 637, in execute\n if self.requestedAction == ACTION_LIST: self.handleList(confInfo)\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/splunk_aoblib/rest_migration.py", line 39, in handleList\n AdminExternalHandler.handleList(self, confInfo)\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/splunktaucclib/rest_handler/admin_external.py", line 40, in wrapper\n for entity in result:\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/splunktaucclib/rest_handler/handler.py", line 122, in wrapper\n raise RestError(exc.status, str(exc))\nsplunktaucclib.rest_handler.error.RestError: REST Error [404]: Not Found -- HTTP 404 Not Found -- {"messages":[{"type":"ERROR","text":"Not Found"}]}\n   11-08-2021 17:06:29.823 +1100 ERROR AdminManagerExternal [8131 TcpChannelThread] - Stack trace from python handler:\nTraceback (most recent call last):\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/splunktaucclib/rest_handler/handler.py", line 117, in wrapper\n for name, data, acl in meth(self, *args, **kwargs):\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/splunktaucclib/rest_handler/handler.py", line 179, in all\n **query\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/solnlib/packages/splunklib/binding.py", line 289, in wrapper\n return request_fun(self, *args, **kwargs)\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/solnlib/packages/splunklib/binding.py", line 71, in new_f\n val = f(*args, **kwargs)\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/solnlib/packages/splunklib/binding.py", line 679, in get\n response = self.http.get(path, all_headers, **query)\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/solnlib/packages/splunklib/binding.py", line 1183, in get\n return self.request(url, { 'method': "GET", 'headers': headers })\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/solnlib/packages/splunklib/binding.py", line 1244, in request\n raise HTTPError(response)\nsolnlib.packages.splunklib.binding.HTTPError: HTTP 404 Not Found -- {"messages":[{"type":"ERROR","text":"Not Found"}]}\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 151, in init\n hand.execute(info)\n File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 637, in execute\n if self.requestedAction == ACTION_LIST: self.handleList(confInfo)\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/splunk_aoblib/rest_migration.py", line 39, in handleList\n AdminExternalHandler.handleList(self, confInfo)\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/splunktaucclib/rest_handler/admin_external.py", line 40, in wrapper\n for entity in result:\n File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/splunktaucclib/rest_handler/handler.py", line 122, in wrapper\n raise RestError(exc.status, str(exc))\nsplunktaucclib.rest_handler.error.RestError: REST Error [404]: Not Found -- HTTP 404 Not Found -- {"messages":[{"type":"ERROR","text":"Not Found"}]}\n 11-08-2021 17:05:49.497 +1100 ERROR ModularInputs [7481 MainThread] - Unable to initialize modular input "solwarwinds_query" defined in the app "Splunk_TA_SolarWinds": Introspecting scheme=solwarwinds_query: script running failed (PID 7531 exited with code 1).."  

We are trying to Install the universal forwarder version 8.0.9 but unable to start splunk on this server due the following errors. Please find the below screenshot  $ cd /splunk/splunkforwarder/bin $ ./splunk start --accept-license   Went in the shared article, but it ended with no solution.  Unable to start Splunk universal forwarder on AIX ... - Splunk Community    Kindly advise us   

Hello everyone, I installed Telegram Alert Action app (https://splunkbase.splunk.com/app/3703/) for my SearchHead server (Splunk Enterprise 8.0.6) successfully. But when i add Telegram Alert action for all alerts, i can not see any its configurations as below image: Could any one tell me what is this issue? Thanks very much!

Need help to extract value between 2 fields eg: below "status":"Active", "birthDate":"xxxx-03-06", I am trying below rex field=details "\"status\"\:\"(?<contactStatus>[^\n\r\",]+)*\"birthDate\"" NOTE: there is another status field, so I am trying to use this option, as I know "birthDate " follows "status" field. Thanks for you help in advance

Hi all! Pretty new to splunk so just seeing if this is even possible. I have 2 lookups I have created, one that is users who are in our privileged access AD group (admins) and the other that is machines that are in the same group. What I am trying to do is see who from the USER lookup has logged into which machine in the MACHINE lookup, by using the auth logs that are pumped into splunk. I am trying the search below but I don't seem to be getting anywhere with it   index=auth EventCodeDescription="An account was successfully logged on" [|inputlookup users.csv][| inputlookup machines.csv]   I've also tried with the below but also no luck   index=auth EventCodeDescription="An account was successfully logged on" user=inputlookup users.csv src=inputlookup machines.csv   Any help from the community would be great!

We are planning to upgrade from Splunk 7.3 to 8.2.3. I am documenting the Python upgrading process. So is Python upgraded once during upgrading from 7.x to 8.x And another time during upgrading from 8.x to 8.2.3 ? Meaning Python is upgraded twice for us? And if you would please elaborate Do's & Don't to watch for during Python upgrading. We do have Splunk Ent. plus ES & roughly 60 Apps & TAs. Thanks a million in advance. 

Hi Guys, I am getting this error in splund.log ERROR TcpInputProc - Error encountered for connection from src=my_searchhead_ip:36786. error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. Using Splunk 7.3.3 Enterprise version   We are trying to send logs from one splunk instance (7.3.3) in one geography to another geography (Splunk enterprise security)over the internet. Splunk shows we have established a successful connection between 2 geographies, but data/logs are not getting sent.   We assume that this is the error which is not letting us send the data from one instance to another over the internet.   Any help would be very useful. let me know if you need more info on the same

I have a list of identifers I need to query splunk for results for, and then display the identifiers that Splunk didn't find any results for. Can someone point me in the right direction on how to accomplish this in a single search?

Hi i have log like this, need to find where unusuall time gap between "Packet Processed" and "Send Packet" that exist this is normal 001 2021-10-25 08:59:50,725 INFO CUS.AbCD-VW2-1234567890 [FlowProcessorService] Packet Processed: 2021-10-25 08:59:50,726 INFO CUS.AbCD-VW2-1234567890 [AppClientManager] Send Packet this is normal 035 2021-10-25 08:59:52,730 INFO CUS.AbCD-VW2-0987654321 [FlowProcessorService] Packet Processed: 2021-10-25 08:59:52,735 INFO CUS.AbCD-VW2-0987654321 [AppClientManager] Send Packet this is NOT normal 5:230 2021-10-25 08:59:54,725 INFO CUS.AbCD-VW2-1478523699 [FlowProcessorService] Packet Processed: 2021-10-25 08:59:59,955 INFO CUS.AbCD-VW2-1478523699 [AppClientManager] Send Packet this is NOT normal 1:100 2021-10-25 08:59:58,705 INFO CUS.AbCD-VW2-9632587411 [FlowProcessorService] Packet Processed: 2021-10-25 08:59:59,805 INFO CUS.AbCD-VW2-9632587411 [AppClientManager] Send Packet this is NOT normal 100 2021-10-25 08:59:59,800 INFO CUS.AbCD-VW2-3333322222 [FlowProcessorService] Packet Processed: 2021-10-25 08:59:59,950 INFO CUS.AbCD-VW2-3333322222 [AppClientManager] Send Packet this is huge log and imagine lot's of line like this write to log file without order as i sort above need to know when count of unusuall time gaps increase. 2021-10-25 08:59:50,725 INFO CUS.AbCD-VW2-1234567890 [FlowProcessorService] Packet Processed: 2021-10-25 08:59:50,726 INFO CUS.AbCD-VW2-1234567890 [AppClientManager] Send Packet 2021-10-25 08:59:52,730 INFO CUS.AbCD-VW2-0987654321 [FlowProcessorService] Packet Processed: 2021-10-25 08:59:52,735 INFO CUS.AbCD-VW2-0987654321 [AppClientManager] Send Packet 2021-10-25 08:59:54,725 INFO CUS.AbCD-VW2-1478523699 [FlowProcessorService] Packet Processed: 2021-10-25 08:59:58,705 INFO CUS.AbCD-VW2-9632587411 [FlowProcessorService] Packet Processed: 2021-10-25 08:59:59,800 INFO CUS.AbCD-VW2-3333322222 [FlowProcessorService] Packet Processed: 2021-10-25 08:59:59,805 INFO CUS.AbCD-VW2-9632587411 [AppClientManager] Send Packet 2021-10-25 08:59:59,950 INFO CUS.AbCD-VW2-3333322222 [AppClientManager] Send Packet 2021-10-25 08:59:59,955 INFO CUS.AbCD-VW2-1478523699 [AppClientManager] Send Packet FYI: unusuall time gaps means increase time between "Packet Processed" & "Send Packet"   Any idea? Thanks,

i have initial query with one index name(index1)  which show F10N F10W F11 etc values in one chart but for F6 value comes from different index (index2) . how should i combine that F6 value into one chart. index1 : MicronSite IN($input_site$) index=mtparam sourcetype=CommandTimesByArea | rex field=_raw "Fabwide:AvgTotalTrackoutTime\s+(?<AvgTotalTrackoutTime>\d+)" | timechart span=12h avg(AvgTotalTrackoutTime) aligntime=@d+7h by MicronSite index2 : MicronSite=F6 index=mfg source=command_times area_id=Fabwide command_name IN (SigmaRunComplete,MESLotTrackOut) | timechart partial=f span=12h aligntime=@d+7h avg(avg) by command_name | addtotals fieldname=AvgTotalTrackoutTime  

[Filter: smut] anonymous_hippo's post body matched "damn", board "splunk-search". Post Subject: How to simply filter out text String from search results that has line breaks/return in it on SPLUNK Enterprise? Post Body: I'm really annoyed,  I am using SPLUNK Enterprise and I'm literally tryin to parse out some JSON (basically a String) from my Splunk Logs that has linebreaks after each field/key in the JSON string result , i.e. Some random search results here { key1: value1 key2: value2 key3: value3 }, some log message here   .... Like .* and many other REGEX chars work just fine in the search for some damn reason I tried all combinations of [\r\n\s]+ and such and get 0 results despite it working just fine in regex101.com online sandbox environment  I think I read online from my searches that Splunk logs don't preserve the linebreaks, but if it doesn't do that, then what is the final result looking like then? because I tried querying with out whitespaces, or linebreaks, and every combination under the sun, and never got a "hit" back on my search results. Also, I'm not using any of that REX crap as I don't need to extract anything; I just wanted to filter and maybe do a stats count on my results    Can anyone provide a simple solution please thank you! Body text "damn" matched filter pattern "damn". Post by User[id=237938,login=anonymous_hippo] has message uid 573934. Link to post: How to simply filter out text String from search results that has line breaks/return in it on SPLUNK Enterprise?