I have the PY file at below path on my system $SPLUNK_HOME\etc\apps\file_meta_data\bin App name is file_meta_data and not splunk-file-info. Did I downloaded and installed wrong app version? ... View more

I am also getting below error 2020-02-11 12:37:06,907 ERROR Execution failed Traceback (most recent call last): File "F:\Program Files\Splunk\etc\apps\file_meta_data\bin\modular_input.zip\modular_input\modular_input_base_class.py", line 1095, in execute self.do_run(in_stream, log_exception_and_continue=True) File "F:\Program Files\Splunk\etc\apps\file_meta_data\bin\modular_input.zip\modular_input\modular_input_base_class.py", line 976, in do_run self.run(stanza, cleaned_params, input_config) File "F:\Program Files\Splunk\etc\apps\file_meta_data\bin\file_meta_data.py", line 621, in run file_filter=file_filter) TypeError: get_file_data() got an unexpected keyword argument 'file_filter' My inputs.conf is as below [file_meta_data://Monitor Folder1] file_hash_limit = 1GB file_path = F:\StartingPoint\Splunk include_file_hash = 0 index = main interval = 5m only_if_changed = 0 recurse = 0 file_filter = * ... View more

This helped me to hide a column from a table ... View more

I found the solution for my problem at https://answers.splunk.com/answers/590552/let-dashboard-panel-accept-multiple-time-range-inp.html ... View more

Your comments above helped me to solve my issue posted at https://answers.splunk.com/answers/794801/pass-time-input-value-as-default-to-another-time-i.html Thanks for the response. ... View more

Basically I have a dril down functionality on my dashboard. The first Time input will be visible at load. And 2nd will be visible on drill down. And the default value for 2nd Time input I want to pass the current selected value for 1st Time input. The drill down search is tied to earliest and latest time range of 2nd Time input. ... View more

This approach I have tried and its not working. I have extended your code by adding a panel to show count of events by sourcetypes. However, I am getting error ' Invalid earliest_time.' at load as well as when date time changes in input 1. Double Time inputs <input type="time" token="timetok1"> <label>time input 1</label> <default> <earliest>-7d@w0</earliest> <latest>@w0</latest> </default> </input> <input type="time" token="timetok2"> <label>time input 2</label> <default> <earliest>$timetok1.earliest$</earliest> <latest>$timetok1.latest$</latest> </default> </input> <panel> <table> <search> <query>index=* | stats count(8) by sourcetype</query> <earliest>$timetok2.earliest$</earliest> <latest>$timetok2.latest$</latest> </search> <option name="drilldown">none</option> <option name="refresh.display">progressbar</option> </table> </panel> ... View more

Thanks for the link bwlm. This really helps. ... View more

Thanks for your response. Can you provide some more details of how to configure SQL server to record the SP performance including its execution time etc. so that Splunk can index the data. Are you taking something custom way to do this or there is a native way in SQL server to enable logging of this data? ... View more

I am using pycrypto library which can be downloaded from https://www.dlitz.net/software/pycrypto/ However, the download contains multiple files, directories. Do I need to keep all of them in my custom apps bin directory? ... View more

I am not using add-on builder. I started creating my app by using the reference of hipchat_alerts example. When I update the parameters, they get updated in alert_actions.conf file in apps local directory. I have just added a validation rule in restmap.conf file, nothing about the setup parameters. I do observed that, when I create a new alert it is getting updated values of setup parameters. So I think the json paylod passed to PYTHON script is sending old values only. I may have to use Splunk SDK to read endpoint values unless there is no alternative. ... View more

I have created a setup.xml file for my app and saving user name and password in alert_actions.conf. I am reading those parameters in Python script using similar code mentioned here. But the problem I am facing is the configuration passed to the python script does not gets the updated values of the service end points I used. ... View more

Above mentioned XML data is located inside below tags. ... View more

Is it possible to set different colors for each of the header column based on it's name as the position is dynamic? ... View more

Since this app is not supported on UF, what is the alternate option available in Splunk to collect and index data about all SSL certificated installed on the UF server? ... View more

No. Even for the very first time though all text boxes are entered with some text, it is giving an error for 2nd control which is assignment group. I have Splunk 7.2.3 on Windows platform. ... View more

I created a new alert from scratch and tried to configure the custom alert. But getting same issue. Basically once the error is set, even though the value is entered for the associated control (text box), the error is not resetting. ... View more

The error I am getting is not during run time while the alert is triggered. I have added some validations to make sure that mandatory fields are set while configuring the alert ltself. The error message 'Assignment Group cannot be empty' is shown on the Alert Configuration screen itself. ... View more

I checked and correct conf files are loaded. However, setting the DEBUG mode for AdminMnager I saw below error in Splunkd. 02-26-2019 12:52:50.966 +0000 DEBUG AdminManager - URI /en-US/splunkd/__raw/servicesNS/myuser/search/saved/searches/Test%20ServiceNow generated an AdminManagerExceptionBase exception in handler 'savedsearch': Assignment Group cannot be empty Any idea what this error could be? ... View more

I tried above config and restarted splunk but still no success. I am keep on getting error 'Assignment Group cannot be empty' even though I enter something in the Assignment Group text box. Below are my config files restmap.conf [validation:savedsearch] # Require parameters to be set if webhook action is enabled action.snow_webhook = case('action.snow_webhook' != "1", null(), 'action.snow_webhook.param.url' == "action.snow_webhook.param.url" OR 'action.snow_webhook.param.url' == "", "No Webhook URL specified", 'action.snow_webhook.param.assignment_group' == "action.snow_webhook.param.assignment_group" OR 'action.snow_webhook.param.assignment_group' == "", "Assignment Group cannot be empty", 'action.snow_webhook.param.service_offering' == "action.snow_webhook.param.service_offering" OR 'action.snow_webhook.param.service_offering' == "", "Service Offering cannot be empty", 'action.snow_webhook.param.description' == "action.snow_webhook.param.description" OR 'action.snow_webhook.param.description' == "", "Description cannot be empty", 1==1, null()) action.snow_webhook.param.url = validate(match('action.snow_webhook.param.url', "^https?://[^\s]+$"), "Webhook URL is invalid") alert_actions.conf [snow_webhook] is_custom = 1 label = Test Webhook description = Call REST API POST URL icon_path = webhook.png payload_format = json disabled = 0 param.user_agent = Splunk/$server.guid$ savedsearches.conf.spec # Webhook alert action settings action.snow_webhook = [0|1] * Enable webhook action action.snow_webhook.param.url = * URL to send the HTTP POST request to. Must be accessible from the Splunk server. action.snow_webhook.param.assignment_group = * Assignment Group in SNOW. Must be accessible from the Splunk server. action.snow_webhook.param.service_offering = * Service Offering in SNOW. Must be accessible from the Splunk server. action.snow_webhook.param.description = * Incident description in SNOW. Must be accessible from the Splunk server. ... View more