Firstly I'd check by hand how is your proxied connection different than the straight one. I suppose your organization is doing some kind of TLS inspection decrypting traffic and "repacking" it again with your own CA-generated certificate but it's always nice to confirm (and check in appropriate corporate policies whether this is a legitimate action or is someone playing with something he shouldn't have). Use curl -v and compare certificate data on the connection with and without proxy. You need to add the proper CA certificates to the trusted store for the input. The solution for AWS add-on is here: https://docs.splunk.com/Documentation/AddOns/released/AWS/Troubleshooting#Certificate_verify_failed_.28_ssl.c:741.29_error_message The GCP add-on should have similar solution somewhere. ... View more

Hi I am getting the same error @sivaksk147 gets (Unable to initialize modular input "server" defined in the app "splunk_app_db_connect": Introspecting scheme=server: script running failed (exited with code 1)). After the db connect app installation if I try to start the app splunk crashes and I need to start it again. I'm a mac user. Is there any solution. Thanks ... View more

can you try | transpose 0 header_field=msg | sort -send  | transpose 0 header_field=msg ... View more

You can try  <your search> | search NOT EventCode IN (1234, 2345, 3456, 4567, 5678, 6789, 7890) Hope this help. @jundai   ... View more

Yes.. There was some configuration issue when upload on web. Unzipped and copied to apps directory manually and it worked like a charm. I have kept source type as cisco:ios. ... View more

I see only one difference. Summary indexes(SI) can be created only based existing reports, whereas we create collect through searches by appending teh command "| collect index=" at the end. ... View more