Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About pavankumarh
pavankumarh
Path Finder
Member since:
07-30-2015
02-05-2023
Community Statistics
| Posts | 13 |
| Solutions | 1 |
| Karma Given | 31 |
| Karma Received | 2 |
| Member Since | 07-30-2015 |
Activity Feed
- Posted Re: KVStore failure after upgrade to 9.0 on Splunk Enterprise. 02-05-2023 06:04 AM
- Karma Why is there KVStore failure after upgrade to 9.0? for bigfatyeastroll. 02-05-2023 05:59 AM
- Karma Re: After upgrading to 6.5.0, KV Store will not start for claudio_manig. 01-18-2023 05:43 AM
- Karma After upgrading to 6.5.0, KV Store will not start for jcrabb_splunk. 01-18-2023 05:42 AM
- Karma Re: Universal Forwarder 8.0 upgrade path from 6.x for burwell. 12-07-2022 03:37 AM
- Karma Why am I getting this error "HttpInputDataHandler - Failed processing http input"in splunkd.log on heavy forwarder? for lukasmecir. 08-01-2022 06:57 AM
- Karma Re: ldapsearch error_message=password is mandatory in simple bind for jamesdsteel. 07-05-2022 06:58 AM
- Posted Re: External search command 'ldapfilter' returned error code 1. Script output = " ERROR The default configuration s on All Apps and Add-ons. 06-14-2022 05:23 AM
- Tagged Re: External search command 'ldapfilter' returned error code 1. Script output = " ERROR The default configuration s on All Apps and Add-ons. 06-14-2022 05:23 AM
- Tagged Re: External search command 'ldapfilter' returned error code 1. Script output = " ERROR The default configuration s on All Apps and Add-ons. 06-14-2022 05:23 AM
- Karma Re: Indexer fails to join back cluster due to standalone buckets for keio_splunk. 02-17-2022 05:43 AM
- Karma Re: Blank h and s in license_usage.log? for Vishal_Patel. 02-17-2022 05:41 AM
- Posted Appian Integration on Getting Data In. 11-15-2021 10:23 AM
- Tagged Appian Integration on Getting Data In. 11-15-2021 10:23 AM
- Tagged Appian Integration on Getting Data In. 11-15-2021 10:23 AM
- Posted Re: How do I trigger the re-indexing of events from a locally collected Windows Event Log channel? on Getting Data In. 04-01-2021 07:49 AM
- Karma Re: How do I trigger the re-indexing of events from a locally collected Windows Event Log channel? for Jeff_Lightly_Sp. 04-01-2021 07:48 AM
- Karma Re: How do I trigger the re-indexing of events from a locally collected Windows Event Log channel? for hexx. 04-01-2021 07:47 AM
- Karma Re: Splunk 7.2.2 - systemd - Root privileges required when starting/stopping Splunk? for bandit. 09-30-2020 04:38 AM
- Karma Re: Max time spent in per-result alerts issue for mdsnmss. 06-05-2020 12:49 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-05-2023
06:04 AM
You logs indicate a old pem cert. have you tried renaming the server.pem file under splunk/etc/auth. then restarting splunk service. most KV store isues are resolved with this action. 2022-06-29T15:04:51.149Z F NETWORK [main] The provided SSL certificate is expired or not yet valid.
... View more
06-14-2022
05:23 AM
This seems to be a known issue and solution is available in the documentation link below. Creating the local\commands.conf worked for us. https://docs.splunk.com/Documentation/SA-LdapSearch/3.0.4/User/Workaroundfordefaultconfigstanzaerrorsindistributedenvironments
... View more
- Tags:
- error
- ldapfilter
11-15-2021
10:23 AM
Hi All, We are working on getting Appian data to splunk. Appian has been configured to push the logs to splunk syslog endpoint. We have tried several things but the data received in splunk is still encrypted. https://docs.appian.com/suite/help/21.2/Log_Streaming_for_Appian_Cloud.html#prerequisite-checklist Below is the config of splunk. Please help us if you have done this is past or have knowledge on how to fix this. Splunk Version : 8.1.4 etc\apps\search\local\inputs.conf [tcp://514] connection_host = ip index = appian sourcetype = syslog [SSL] requireClientCert = false serverCert = $SPLUNK_HOME\etc\auth\splunkweb\myDataCertificate.pem sslVersions = tls1.2 cipherSuite = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256 Note : myDataCertificate.pem is a combination of server+interimCA+rootCA. Sample Encrypted Data 10/10/21 8:04:18.000 PM \x00\x00\x00\x9E\x00\x9F\xC0|\xC0}\x003\x00g\x009\x00k\x00E\x00\xBE\x00\x88\x00\xC4\x00\x00\xA2\x00\xA3\xC0\x80\xC0\x81\x002\x00@\x008\x00j\x00D\x00\xBD\x00\x87\x00\xC3\x00\x00f\x00\x00D\x00\x00\x00\x00\x00\x00\xFF\x00\x00\x00#\x00\x00\x00 10/10/21 8:04:18.000 PM \xC0r\xC0\xC0\xC0/\xC00\xC0\x8A\xC0\x8B\xC0\xC0'\xC0\xC0v\xC0\xC0\x00\x9C\x00\x9D\xC0z\xC0{\x00/\x00<\x005\x00=\x00A\x00\xBA\x00\x84\x00\xC0\x00
... View more
- Tags:
- Appian
- integration
Labels
- Labels:
-
inputs.conf
04-01-2021
07:49 AM
i was fed up deleting the fishbucket multiple times and using the btprobe. deleting the "application" file under "\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog" did the job. thank you.
... View more
01-03-2018
11:31 PM
Hi, Thank you for the answer. Could you please share an example connection configuration that you did. may be a screenshot from dbconnect will help.
... View more
10-14-2016
02:17 AM
1 Karma
hi, try this query
index=yourindex |stats values(Date) values(Source) values(Label) count by Host
i tried it on my data and results look like what you asked for.
... View more
10-13-2016
03:49 AM
1 Karma
i copy pasted your query and it didn't sort. i just deleted the "-" character before MegaBytes and typed it again.
the search query gave me sorted results. Strange Though.
index=_internal source=*license_usage.log type=Usage | eval MB = round(b/1024/1024,1) | chart sum(MB) as MegaBytes by h | rename h as device | sort -MegaBytes
... View more
10-12-2016
07:55 AM
Thanks Luke.. The explanation in wiki link was a bit complex and took time to understand but it certainly supports your answer.
I was running two parallel daily reports - one based on _time and the other based on _indextime to verify if my retention values were working as expected. But both confusing me.
Now i will concentrate on _time based one for my further analysis.
Thanks Again.
... View more
10-12-2016
06:40 AM
hi, when we set frozenTimePeriodInSecs=30 days for an index. i have read through the documentation and forums that the bucket moves to frozen state when all the data in the given bucket is more than 30 days old. but i need some more clarity. basically the condition i think is one of the below for the latest event in the bucket.
_time > frozenTimePeriodInSecs
OR
_indextime >frozenTimePeriodInSecs
Please let me know which time controls the retention.
... View more
07-18-2016
06:24 AM
The RDS SQL Instance on the AWS environment is an end point ( egs: mssql2016db.xfd4uv5wrty.us-west-2.rds.amazonaws.com ). we can connect to this instance through SQL Express or SQL Mgmt Studio, using credentials on port 1433. The instructions are here in the link below to do the same.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToMicrosoftSQLServerInstance.html
When we try to do the same with "Splunk DB Connect-2", we get an "Internal Server Error" or "Operation Timed Out".
The RPC server is up and all the supported drivers are downloaded and available. We can connect to a local SQL DB, but not sure if we are doing anything wrong when connecting to AWS RDS.
http://docs.splunk.com/Documentation/DBX/2.2.0/DeployDBX/Supporteddatabases
Has anyone tried doing this?, if yes please point us to the documentation.
... View more
- Tags:
- splunk-enterprise
05-17-2016
10:00 AM
We have a custom Python script that we use to send "event" to service-now from Splunk. This is working fine in Splunk 6.1.8 (Splunk App for ServiceNow 2.4).
The same Python script is not working on Splunk 6.3.0 (latest Splunk App for ServiceNow 4.0.1). The reason we use a custom Python script is because our events module in ServiceNow is a customized one and fields names differ from the standard fuji version.
Please let me know if you have faced the same issue and have a solution.
... View more
08-03-2015
09:11 AM
Hi Woodcock.. Thank You for your response, as said by you I see that lagsecs=-1 and lagsecs=-2 for some events. To Troubleshoot the time zone issues, we tried defining time zone in the props.conf ( TZ=Asia/Calcutta) file @ \SUF\Input_app\local\ on the host. But we didn't see any improvements. Please suggest if you know the possible fix.
... View more
07-30-2015
10:08 AM
Hi,
We have the same app deployed on multiple Domain Controllers. On some DC's, the data indexed in Splunk is older by 2.5 Hours or so. Though the DC has latest entries in Event Log, they appear in Splunk (6.1.8) only after a certain duration of time.
We have tried upgrading the forwarder version, and also configuring thruput in limits.conf, but doesn't work.
Please help.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-05-2023
09:25 AM
|
Karma given to
