I think I got it - I hope this is helpful to others ...
| eval tls_version = case(ssl_version=="3.1", "1.0", ssl_version=="3.2", "1.1", ssl_version=="3.3", "1.2", ssl_version=="undefined", "n/a", true(), "other")
... View more
I can't find an affirmative document / release note, so if you know, please clarify when this ssl_version field was added to the Splunk Stream app.
I am trying to add the ssl_version field to a dashboard, But the values showing in this field do not match up to SSL/TLS versions I recognize.
We're running Splunk Stream 7.1.2 on Splunk Enterprise 6.6.7. I don't find any field reference in the current Stream App documentation, or in Stream Field Details.
The sample events I'm seeing are all showing a value of "3.3".
... View more
In my Users page: https://splunk:8000/en-US/manager/search/authentication/users, all of our LDAP users accounts show "[PROCESSING ERROR]" in the column: Default app inherited from.
Is there a command to bulk-reassign each/all user's default app, or otherwise clear up this apparent error message?
... View more
As of v3.2, neither SA-Hydra nor SA-Utils are required on the Indexer, yet we still get the 'Invalid key in stanza' errors during splunk start (as well as from `splunk btool check --debug).
Splunk App for VMware -latest- component reference
... View more
Thanks for the tip to check out uberagent-for-splunk, but could this use case also be addressed without installing UF at all?
Did you consider collecting from these XA nodes with a remote forwarder?
http://docs.splunk.com/Documentation/Splunk/6.2.2/Data/ConsiderationsfordecidinghowtomonitorWindowsdata#Use_a_forwarder
... View more