Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About badrinath_itrs
badrinath_itrs
Communicator
Member since:
09-09-2015
11-21-2022
Community Statistics
| Posts | 65 |
| Solutions | 10 |
| Karma Given | 16 |
| Karma Received | 19 |
| Member Since | 09-09-2015 |
Activity Feed
- Posted Re: Splunk Add-on for AWS Problem with Self Signed Certificate on All Apps and Add-ons. 11-21-2022 05:55 PM
- Got Karma for Re: How to clean KVstore on search head cluster nodes. 01-26-2022 07:33 AM
- Got Karma for Re: Splunk with React. 11-25-2021 06:50 AM
- Posted Re: Splunk with React on Splunk Cloud Platform. 11-24-2021 07:12 PM
- Got Karma for Re: Unable to stop splunk. 11-17-2021 09:47 PM
- Karma Using Splunk SDK for Javascript in Angular 2+ application for kennyyang. 11-17-2021 09:41 PM
- Posted Re: Unable to stop splunk on Deployment Architecture. 11-17-2021 06:31 PM
- Posted Re: How to ingest only those lines from the log that start with "date/time" on Getting Data In. 11-17-2021 06:24 PM
- Karma Re: Ignoring any data record that begins with a "#" character for richgalloway. 11-17-2021 06:23 PM
- Karma Re: Startwebserver 0 for isoutamo. 11-17-2021 06:14 PM
- Karma Re: Splunk Add-on for AWS Problem with Self Signed Certificate for JosephHobbs. 11-17-2021 06:13 PM
- Got Karma for Re: Splunk Add-on for AWS Problem with Self Signed Certificate. 11-17-2021 06:20 AM
- Posted Re: Startwebserver 0 on Deployment Architecture. 11-16-2021 03:39 PM
- Posted Re: Splunk Add-on for AWS Problem with Self Signed Certificate on All Apps and Add-ons. 11-16-2021 02:18 PM
- Karma Re: Splunk Add-on for AWS Problem with Self Signed Certificate for JosephHobbs. 11-16-2021 02:18 PM
- Posted Re: Startwebserver 0 on Deployment Architecture. 11-16-2021 02:17 PM
- Posted Re: Using Splunk SDK for Javascript in Angular 2+ application on Splunk Enterprise. 11-16-2021 03:41 AM
- Got Karma for Re: Bug: Duplicate values with INDEXED_EXTRACTION?. 06-22-2021 03:25 AM
- Posted Re: Splunk Add-on for AWS Problem with Self Signed Certificate on All Apps and Add-ons. 05-13-2021 01:25 AM
- Posted Splunk Add-on for AWS Problem: Does anyone know how to disable the SSL certificate validation in the add-on? on All Apps and Add-ons. 05-11-2021 09:31 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 1 | |||
| 0 |
11-21-2022
05:55 PM
@Raja_splunk_88 , I would not recommend to go down this path and the changes gets lost during upgrade etc. May be better to configure the TA not to use HEC and send to normal splunk port. If you still want to make the changes , search for hec_config.py under the TA directory and make below changes for enableSSL flag setting to 0 from 1 . Sample changes below. if not hec_input:
logger.info("Create HEC data input")
hec_settings = {
#"enableSSL": 1, ## Does not work with self signed cert
"enableSSL": 0,
"port": port,
"output_mode": "json",
"disabled": 0,
}
... View more
11-24-2021
07:12 PM
1 Karma
Hi @ChintanaM , I am also new to react but have stated to watch below session to get me going. https://conf.splunk.com/files/2021/recordings/DEV1134A.mp4 and Also this page is really a good start. https://bestofreactjs.com/repo/zepdev-kveditor-react-rich-text-editing
... View more
- Tags:
- @
11-17-2021
06:31 PM
1 Karma
@rdelhorbe @dm1 , If you are running Splunk as systemd service, then it would be better if you use below command to stop SPLUNK. systemctl stop Splunkd ( # Stop Splunk ) systemctl status Splunkd ( # Status Splunk ) systemctl start Splunkd ( # Start Splunk ) If you have not setup SPLUNK properly to run as systemd service you would need to login with root user to stop it. Refer this page for more details as how to properly configure Splunk to run as systemd service. https://docs.splunk.com/Documentation/Splunk/8.2.3/Admin/RunSplunkassystemdservice
... View more
11-17-2021
06:24 PM
@mlevsh , This question is already answered in the past. Can you please look into below link and see that helps. Ignoring-any-data-record-that-begins-with-a-quot-quot-character You can do this with props and Transforms as mentioned in the above post.
... View more
11-16-2021
03:39 PM
If this enterprise SPLUNK installation , it should be enabled in web.conf in $SPLUNK_HOME/etc/system/default. You can try adding below settings in $SPLUNK_HOME/etc/system/local/web.conf [settings]
startwebserver = 1
... View more
11-16-2021
02:18 PM
1 Karma
I have not tried that option but will give a try as well.
... View more
11-16-2021
02:17 PM
The Webserver gets restarted automatically if that is enabled as startwebserver =1 in web.conf. Can you check if you have a file in $SPLUNK_HOME/etc/system/local/web.conf that disable the webserver ? if not create a file and enable the settings ?
... View more
11-16-2021
03:41 AM
This question was asked 2 years back, I am also having same problem and just wanted to check if anyone has any luck in importing the sdk in Angular. I found its very hard as there is hardly any documentation available . @kennyyang , Did you manage to get this working ?
... View more
05-13-2021
01:25 AM
Checked with SPLUNK Support and got below response. Splunk_TA_aws is using Python's urllib3 module (https://pypi.org/project/urllib3/) across the board (not just for Kinesis), and this module is coded to do SSL certificate verification. I'm afraid tweaking it will affect the entire TA. As of now I have modified the code to use http when sending data to HEC to resolve the issue. Below file has been modified. Splunk_TA_aws/bin/3rdparty/python3/splunktalib/hec_config.py
... View more
05-11-2021
09:31 PM
We are using the Splunk Add-on for AWS (Version : 5.0.3) and SPLUNK version 8.0.8 . We would like to leverage the SPLUNK Add-on to consume data from Kinesis Stream and internally send data to SPLUNK HEC end point . When it is sending data to Internal HEC end point ( port : 8088) it is throwing error as below for the self signed certificate being used for SPLUNK HEC.
Does anyone know how to disable the SSL certificate validation in the add-on ?
Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/splunktalib/event_writer.py", line 252, in write_events
data=event, http=self._http)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/splunktalib/rest.py", line 31, in splunkd_request
data, timeout, retry)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/splunktalib/rest.py", line 62, in urllib3_request
data, timeout, retry, urllib3_req)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/splunktalib/rest.py", line 97, in do_splunkd_request
raise e
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/splunktalib/rest.py", line 93, in do_splunkd_request
data, timeout)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/splunktalib/rest.py", line 57, in urllib3_req
preload_content=True)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/urllib3/request.py", line 80, in request
method, url, fields=fields, headers=headers, **urlopen_kw
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/urllib3/request.py", line 171, in request_encode_body
return self.urlopen(method, url, **extra_kw)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/urllib3/poolmanager.py", line 330, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/urllib3/connectionpool.py", line 760, in urlopen
**response_kw
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/urllib3/connectionpool.py", line 720, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/python3/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=8088): Max retries exceeded with url: /services/collector (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
... View more
Labels
- Labels:
-
configuration
-
troubleshooting
01-19-2020
04:01 PM
The configuration errors are being recorded in splunkd_stdout.log with "Invalid key in stanza" during server restart. May be worth of getting this information from this log instead of running rest command.
... View more
01-16-2020
02:16 PM
Can you check the errors and warning you are receiving for date time parsing on the receiving SPLUNK instance
... View more
01-09-2020
01:44 AM
You can use the below app or similar app to view conf files from SPLUNK interface.
https://splunkbase.splunk.com/app/4353/
... View more
01-09-2020
01:38 AM
Hello, is the UF managed via Deployment servers ? If yes, you can restart them when you push a change from Deployment server using restart flag.
If they are not managed by Deployment server, then you can use puppet or chef or ansible depending on your environment to restart UF.
... View more
01-08-2020
01:24 PM
1 Karma
You need to identify which KVStore collection is taking lot of space and decide if that is required or not . Don't just remove all KVStore collections in your SHC environment unless you understand the impact.
I would start with Checking the KVStore collection size in DMC and find out which collections are taking more size and go from there.
If you need to remove one collection individually in SHC, you can use | outputlookup
to remove it.
If you decide to backup your kvstore and restore it later you can refer below documentation .
https://docs.splunk.com/Documentation/Splunk/8.0.1/Admin/BackupKVstore
To delete the KVStore on members you can refer below documentation.
Refer documentation https://docs.splunk.com/Documentation/Splunk/8.0.1/Admin/ResyncKVstore
... View more
01-07-2020
07:01 PM
We were using an LDAP user for authentication and the authentication was taking more time , hence it was slowing the KVStore update using API.
... View more
01-06-2020
01:35 PM
Can you take a backup of server.conf and remove sslKeysfilePassword stanza as this is deprecated and also sslPassword stanza. Restart SPLUNK, it should add the default sslPassword values again.
The error you see is related to bad password on SSL Certificates .
... View more
01-06-2020
01:28 PM
1 Karma
SPLUNK does not support ingestion of .xel format logs directly, but you can use the sys.fn_xe_file_target_read_file function on the SQL server side to convert the logs and may use DB Connect to ingest the data into SPLUNK .
... View more
01-05-2020
08:47 PM
You can add the proxy configuration in splunk-launch.conf and also add NO_PROXY setttings as well.
Refer https://answers.splunk.com/answers/555493/how-to-configure-exceptions-to-proxy-config-in-spl.html for more details.
Most of the code will honor the proxy setting at OS level .
... View more
01-05-2020
08:43 PM
It looks like you are using proxy setting either as environment variable in your environment or in splunk-launch.conf .
Please blacklist localhost IP in proxy settings and try to upload it. If possible temporarily disable the proxy setting and upload it and see it works.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-21-2022
07:47 PM
|
Karma given to
