Hi All,  We are working on getting Appian data to splunk. Appian has been configured to push the logs to splunk syslog endpoint. We have tried several things but the data received in splunk is still encrypted.  https://docs.appian.com/suite/help/21.2/Log_Streaming_for_Appian_Cloud.html#prerequisite-checklist Below is the config of splunk. Please help us if you have done this is past or have knowledge on how to fix this.  Splunk Version : 8.1.4 etc\apps\search\local\inputs.conf [tcp://514] connection_host = ip index = appian sourcetype = syslog   [SSL] requireClientCert = false serverCert =  $SPLUNK_HOME\etc\auth\splunkweb\myDataCertificate.pem sslVersions = tls1.2 cipherSuite = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256 Note : myDataCertificate.pem is a combination of server+interimCA+rootCA.    Sample Encrypted Data 10/10/21 8:04:18.000 PM \x00\x00\x00\x9E\x00\x9F\xC0|\xC0}\x003\x00g\x009\x00k\x00E\x00\xBE\x00\x88\x00\xC4\x00\x00\xA2\x00\xA3\xC0\x80\xC0\x81\x002\x00@\x008\x00j\x00D\x00\xBD\x00\x87\x00\xC3\x00\x00f\x00\x00D\x00\x00\x00\x00\x00\x00\xFF\x00\x00\x00#\x00\x00\x00 10/10/21 8:04:18.000 PM \xC0r\xC0\xC0\xC0/\xC00\xC0\x8A\xC0\x8B\xC0\xC0'\xC0\xC0v\xC0\xC0\x00\x9C\x00\x9D\xC0z\xC0{\x00/\x00<\x005\x00=\x00A\x00\xBA\x00\x84\x00\xC0\x00 ... View more

The RDS SQL Instance on the AWS environment is an end point ( egs: mssql2016db.xfd4uv5wrty.us-west-2.rds.amazonaws.com ). we can connect to this instance through SQL Express or SQL Mgmt Studio, using credentials on port 1433. The instructions are here in the link below to do the same. http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToMicrosoftSQLServerInstance.html When we try to do the same with "Splunk DB Connect-2", we get an "Internal Server Error" or "Operation Timed Out". The RPC server is up and all the supported drivers are downloaded and available. We can connect to a local SQL DB, but not sure if we are doing anything wrong when connecting to AWS RDS. http://docs.splunk.com/Documentation/DBX/2.2.0/DeployDBX/Supporteddatabases Has anyone tried doing this?, if yes please point us to the documentation. ... View more

We have a custom Python script that we use to send "event" to service-now from Splunk. This is working fine in Splunk 6.1.8 (Splunk App for ServiceNow 2.4). The same Python script is not working on Splunk 6.3.0 (latest Splunk App for ServiceNow 4.0.1). The reason we use a custom Python script is because our events module in ServiceNow is a customized one and fields names differ from the standard fuji version. Please let me know if you have faced the same issue and have a solution. ... View more

Hi, We have the same app deployed on multiple Domain Controllers. On some DC's, the data indexed in Splunk is older by 2.5 Hours or so. Though the DC has latest entries in Event Log, they appear in Splunk (6.1.8) only after a certain duration of time. We have tried upgrading the forwarder version, and also configuring thruput in limits.conf, but doesn't work. Please help. ... View more