cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
tqi_raurora
Engager
Member since: ‎09-20-2018
‎11-11-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-20-2018
Activity Feed
View All

LDAP groups do not get replicated between search h...

by in Splunk Enterprise
‎09-21-2020 09:04 AM
‎09-21-2020 09:04 AM
Hi, Rony here. We've got a Search Head Cluster with 6 Search Heads. When a user access our splunk URL, it hits a load balancer, wich randomly uses one of the 6 Search heads. Authentication is by LDAP integration.   Heres the problem: When a user logins to splunk, that user groups (and as a result, his roles) only gets updated on the specific search head that user happens to hit. If the user continues to use splunk, the load balancer might connect him to another search head, where the user groups are not updated The user tries to perform an action that requires the permissions provided by the group, and fails. Is there a way that, when the user logs in, his assigned LDAP groups gets replicated to all the search heads on the cluster? ... View more

Re: How do I alter props.conf via Python SDK?

by in Getting Data In
‎08-08-2019 08:54 AM
‎08-08-2019 08:54 AM
A simple way would be using the client module: http://dev.splunk.com/python#client from splunklib.client import connect print('connecting...') service = connect( host='localhost', port='8089', username='admin', password='password' ) print('connected!') service.confs['props'].create( 'source::/logs/mylog.log' ).submit( {'TRANSFORMS-null': 'setnull'} ) ... View more

How do I alter props.conf via Python SDK?

by in Getting Data In
‎09-20-2018 02:03 PM
‎09-20-2018 02:03 PM
I can alter props.conf via the REST API using the following request: curl -k -u admin:password https://localhost:8089/servicesNS/nobody/search/configs/conf-props -d name=source::/logs/mylog.log -d TRANSFORMS-null=setnull This will add the following stanza to props.conf: [source::/logs/mylog.log] TRANSFORMS-null = setnull However, is there a way I can get the same results using the Python SDK? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-11-2021 10:43 AM
Karma given to
View All