Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About chrisitanmoleck
chrisitanmoleck
Path Finder
Member since:
03-17-2014
02-04-2021
Community Statistics
| Posts | 36 |
| Solutions | 2 |
| Karma Given | 3 |
| Karma Received | 9 |
| Member Since | 03-17-2014 |
Activity Feed
- Got Karma for Re: Event: Show source loading ..... 03-08-2023 12:14 AM
- Got Karma for Re: Event: Show source loading ..... 03-08-2023 12:14 AM
- Got Karma for Event: Show source loading ..... 03-08-2023 12:14 AM
- Posted Role: Limit access to one host of one index on Security. 02-04-2021 06:09 AM
- Got Karma for Event: Show source loading ..... 06-05-2020 12:50 AM
- Got Karma for Re: Event: Show source loading ..... 06-05-2020 12:50 AM
- Got Karma for Re: Event: Show source loading ..... 06-05-2020 12:50 AM
- Got Karma for Re: Event: Show source loading ..... 06-05-2020 12:50 AM
- Karma Re: Splunk doesn't index new created logfile. for MuS. 06-05-2020 12:46 AM
- Karma Re: Splunk doesn't index new created logfile. for kristian_kolb. 06-05-2020 12:46 AM
- Karma Re: log does not forward to indexer for Ayn. 06-05-2020 12:46 AM
- Got Karma for S.o.S TA Unix - Error nfs-iostat.py - no splunk.bundle. 06-05-2020 12:46 AM
- Got Karma for Re: vmware app 2.0 error on splunk 6. 06-05-2020 12:46 AM
- Posted Re: Event: Show source loading .... on Getting Data In. 02-20-2020 10:56 PM
- Posted Re: Event: Show source loading .... on Getting Data In. 01-16-2020 04:46 AM
- Posted Re: Event: Show source loading .... on Getting Data In. 01-07-2020 10:51 PM
- Posted Re: Event: Show source loading .... on Getting Data In. 01-07-2020 03:31 AM
- Posted Re: Event: Show source loading .... on Getting Data In. 01-06-2020 10:57 PM
- Posted Re: Event: Show source loading .... on Getting Data In. 01-03-2020 01:47 AM
- Posted Re: Event: Show source loading .... on Getting Data In. 01-03-2020 01:11 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 2 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 |
02-04-2021
06:09 AM
Hello, we are using Splunk v8.1.1 I have one user with multiple roles, so he can access multiple indexes and hosts. The user need additionally access to one host in a multi-host index. - role1 -> index1 -> all hosts - role2 -> index2 -> all hosts - role3 -> index3 -> one host (foo) of many So I created a new role3 for index3 and a search filter for the host -> (host::foo) Owning the three roles the user has only access to the host foo. How can I limit the access to one host in a multi-host index without affect other roles? Best Regards Christian
... View more
Labels
- Labels:
-
access control
02-20-2020
10:56 PM
2 Karma
After updating to 8.0.2, the problem is solved!
... View more
01-16-2020
04:46 AM
3 Karma
Splunk support:
The Bug is solved on the next version that should be 8.0.2.
So the option would be to upgrade Splunk whenever this release comes out, we do not have an estimated date at the moment.
... View more
01-06-2020
10:57 PM
@niketnilay
index=_internal host=*
Not working
What is the exact query you have run?
host=foo
The issue occurs at every host
Also how many events did you have?
Thats very different. From a few to several thousands.
Did you click on Show Source after you had pulled all the events?
No I pulled at out just one event
Have you tried with index= and searching with shorter duration or may be with | head 1 to see Show Source works for you?
That change nothing
How about changing browsers to test?
Same at IE11, FF65.0 and GC78.0
... View more
01-03-2020
12:31 AM
2 Karma
Hello,
if I try to show the source of an event, splunk shows only "loading ...".
I took care, that the result is finalized.
We are using Splunk 8.0.1.
Edit:
I start a search with "host=..." and time=last 24h
I open an event -> event actions -> show source (event.png)
Now the loading screen will not display any result/source, just "loading ...." (show-source.png)
... View more
04-25-2018
02:54 AM
Is there a solution without such a lookup?
Because the users want to enter "host=Switch1" and not "host=10.11.12.13 | lookup.... "
... View more
04-25-2018
02:31 AM
No I don't. But I could create that.
What are the steps after that?
... View more
04-25-2018
02:17 AM
We send syslog direct from switches to the Splunk indexer.
Is it possible to change the IP address to the name of the switch?
from:
Apr 25 10:32:09 10.11.12.13 458104: 5y14w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to up
to:
Apr 25 10:32:09 Switch1 458104: 5y14w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to up
In inputs.conf I have these to options:
connection_host = Switch1
host = Switch1
Unfortunately, we have no connection to a DNS-Server.
Maybe there is a way over /etc/hosts if no Splunk solution is possible.
... View more
04-24-2018
01:11 AM
I found the solution:
Port forwarding was not enabled for the interface. 1
The NAT-Rule was not saved. 2
... View more
04-19-2018
04:46 AM
Unfortunately it doesn't work.
IP-Tables NAT: /usr/sbin/iptables -t nat -A PREROUTING -m udp -p udp --dport 514 -j REDIRECT --to-ports 5447
Firewall entries for 5447 and 514
Entry in $SPLUNK_HOME/etc/system/local/inputs.conf
[udp://10.23.112.64:5447]
disabled = false
sourcetype = syslog
index = switches
This creates a new data input.
I struggeling with your command, because the splunk running user has some security protection, so that I can't execute it.
In metrics.log I have some of these entries:
04-19-2018 13:43:59.762 +0200 INFO Metrics - group=udpin_connections, 10.23.112.64:5447, sourcePort=5447, _udp_bps=0.00, _udp_kbps=0.00, _udp_avg_thruput=0.00, _udp_kprocessed=0.00, _udp_eps=0.00
Otherwise I can't find any data in splunk to the switch.
... View more
04-19-2018
12:04 AM
Hello,
we want to send syslog from cisco switches directly to the splunk indexer.
So I made a NAT from UDP 514 to 5447 and a new UPD data input (for 5447).
Is it also neccessary to define these data at the inputs.conf of the indexer?
Best Regards
Christian
... View more
10-17-2017
12:15 AM
Hello,
Has anyone a working systemd script for Redhat/SUSE?
If I using the script from https://answers.splunk.com/answers/59662/is-there-a-systemd-unit-file-for-splunk.html
I get some error at the HTTP-Listener
10-17-2017 09:07:36.017 +0200 ERROR DispatchProcess - Failed to start the search process. 10-17-2017 09:07:36.032 +0200 ERROR SearchProcessRunner - Error reading from preforked process=0/25: Connection reset by peer 10-17-2017 09:07:36.123 +0200 WARN Thread - HTTPDispatch: about to throw a ThreadException: pthread_create: Resource temporarily unavailable; 75 threads active 10-17-2017 09:07:36.123
+0200 ERROR HttpListener - Error spawning thread: HTTPDispatch: about to throw a ThreadException: pthread_create: Resource temporarily unavailable; 75 threads active 10-17-2017 09:07:45.273 +0200 ERROR SearchProcessRunner - preforked search=0/32 on process=0/31 caught exception. completed_searches=0, process_started=1508224065.223881, search_started=1508224065.228171, search_ended=1508224065.273768, total_usage_time=0.046 10-17-2017 09:07:45.273 +0200 ERROR SearchProcessRunner - preforked process=0/31 died on exception: Main Thread: about to throw a ThreadException: pthread_create: Resource temporarily unavailable; 3 threads active 10-17-2017 09:07:50.688
+0200 WARN ProcessTracker - executable=splunk-optimize failed to start reason='': Resource temporarily unavailable 10-17-2017 09:07:50.692
+0200 WARN ProcessTracker - executable=splunk-optimize failed to start reason='': Resource temporarily unavailable 10-17-2017 09:07:50.693
+0200 WARN ProcessTracker - executable=splunk-optimize failed to start reason='': Resource temporarily unavailable 10-17-2017 09:07:50.693
+0200 WARN ProcessTracker - executable=splunk-optimize failed to start reason='': Resource temporarily unavailable
... View more
08-23-2017
06:01 AM
If you want to copy data with the collect-command you should also add informations to host, sourcetype and source.
Otherwise these fields get a splunk-internal name.
index="foo" | collect index="bar" host="bar1" source="bar2" sourcetype="bar3"
... View more
08-21-2017
07:11 AM
If I do it with collect and deactivate the old index, I can't find the moved data.
host=foo
has no result.
Otherwise index=bar has the correct results
... View more
08-21-2017
05:16 AM
Hello,
we have a lot of indices with low amount of data (some MBs).
So I want to merge some indicies to one.
e.g:
Foo -> FooBar
Bar -> FooBar
How is that feasible?
... View more
08-20-2017
11:53 PM
The answer of wollinet works only for the current year, because the timestamp is mm-dd-yy.
So if you did login in December 2016 and January 2017, the last login will be December 2016.
Is it possible to modify the query that the order is yy-mm-dd?
... View more
05-15-2014
05:48 AM
Thank your for your answer, but to limit the bandwith, doesn't help me.
... View more
05-15-2014
05:26 AM
Hello,
is it possible to limit the data which will be send to the forwarder, like 10 MB/day?
One of our application servers had a strange behaviour and create a logfile of 700MB.
We have only a 500MB licencse.
We want to avoid that.
Best Regards
Christian
... View more
04-29-2014
04:29 AM
Then, I don't understand why these .py file is included in a TA.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-04-2021
06:29 AM
|
