FYI, Release 6.1.0 of the AWS Add-on that was released on 11th July 2022 resolves this issue: Release notes for the Splunk Add-on for AWS - Splunk Documentation New features Version 6.1.0 of the Splunk Add-on for AWS version contains the following new and changed features: Support for the parsing of CSV files from AWS S3 (Generic S3 and SQS-based S3 ingestion methods) https://docs.splunk.com/Documentation/AddOns/released/AWS/Releasenotes#New_features
... View more
This documentation is not clear as to any parameters for aws_key Can we get more information? Does it accept wildcards? should the path include a filename? My understanding is that S3 does not use a Linux file system, so a lot of the directories etc. act differently. But I can't find any information on configuring it in the TA....
... View more
You setup props.conf in deployment-apps only if you are managing your HF with deployment server But if you are managing it yourself then setup props in apps directory
... View more
I suggest that you manually install the Splunk service by running the following command from the /bin directory: splunk enable boot-start
You may have tried to upgrade Splunk with a user account that has does not have administrative privileges.
... View more
Hello rickrowe, normally you would report this by opening a Support case. What is the exact name of the App where you see this and how is Cisco spelled?
... View more
You are probably operating inside of a search head cluster. If so, try using curl to access the REST endpoints against the literal name of one of the search heads. For example: instead of going to https://mysplunk.company.com, go to https://mysearchhead01.company.com via Curl like this
curl -k -u alice:pass https://mysearchhead01.company.com/servicesNS/alice/myapp/saved/searches/mysearch \
-d search="index=mai*"
... View more
@jagdish0886 This question is nearly 4 years old with an accepted answer. If the answer does not work for you then please post a new question describing your problem.
... View more
Thanks Phadnett! The query worked but it was showing 5 violations whereas my search didn;t lock out. Anyways, I will keep this query as the message is exactly what I was looking for.
... View more
Hi phadnett [Splunk],
find the answer provided by @bpaul [Splunk] here http://answers.splunk.com/answers/287056/if-my-coldtofrozendir-is-full-or-unavailable-do-i.html
cheers, MuS
... View more