Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About graether
graether
Path Finder
Member since:
12-30-2015
11-11-2020
Community Statistics
| Posts | 16 |
| Solutions | 0 |
| Karma Given | 8 |
| Karma Received | 0 |
| Member Since | 12-30-2015 |
Activity Feed
- Posted Re: Splunk Systemd Service on Splunk Dev. 11-11-2020 07:08 AM
- Karma Re: Splunk Systemd Service for tonymata. 11-11-2020 07:04 AM
- Karma Re: Excute sql statement on splunk db connect for pmdba. 08-19-2020 05:09 AM
- Posted Re: How to create an offline repository of Splunk Documentation? on Installation. 07-15-2020 11:38 PM
- Posted Re: Multiple stanza in inputs.conf for the same folder on Deployment Architecture. 06-26-2020 11:42 AM
- Karma Re: Multiple stanza in inputs.conf for the same folder for voldemarlegrand. 06-23-2020 06:53 AM
- Karma Re: Invalid lookup table ? for jkat54. 06-05-2020 12:48 AM
- Karma Re: Why is my lookup search returning error "All of the fields in the lookup table are specified as lookups, leaving no destination fields"? for jstoner_splunk. 06-05-2020 12:48 AM
- Karma Re: Report Showing How Many Hosts Per Index for FrankVl. 06-05-2020 12:46 AM
- Karma Re: How to bulk delete alerts for johndoeqisoa. 06-05-2020 12:46 AM
- Karma Re: How do I set the default index? for jbsplunk. 06-05-2020 12:45 AM
- Posted Re: Upgrade to Splunk 7.2.4 on SUSE Enterprise 15 not working on Installation. 02-25-2020 07:44 AM
- Posted Re: DBConnect: OSError: [Errno 2] No such file or directory validate java command: /usr/java/latest/bin/java. on All Apps and Add-ons. 01-02-2020 06:08 AM
- Posted Re: JdbcUrl for firebird parsed wrong? on Getting Data In. 11-14-2018 04:59 AM
- Posted Re: How to add own IP locations into the GeoLite2-City.mmdb on Splunk Search. 11-12-2018 01:12 AM
- Posted Re: JdbcUrl for firebird parsed wrong? on Getting Data In. 10-24-2018 03:14 AM
- Posted Re: How to add own IP locations into the GeoLite2-City.mmdb on Splunk Search. 08-20-2018 02:14 AM
- Posted Re: How to add own IP locations into the GeoLite2-City.mmdb on Splunk Search. 08-20-2018 12:27 AM
- Posted How to add own IP locations into the GeoLite2-City.mmdb on Splunk Search. 08-19-2018 11:57 PM
- Tagged How to add own IP locations into the GeoLite2-City.mmdb on Splunk Search. 08-19-2018 11:57 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-11-2020
07:08 AM
Thanks, the crucial part for me was TimeoutSec=600
TasksMax=infinity For some reason it was not needed for release 7.2.5, but needed for 8.1
... View more
06-26-2020
11:42 AM
Hello voldemarlegrand, I have the same issue and liked your trick. But somehow it works in splunk btool inputs list stanza, but not in reality. Splunk stopped logging the data specified with /data/./data1. When I used a less well defined method like /data/data1 and /data/data if I have only a /data/data1 directory then it works. I guess the better solution is to assign indexes by transforms.conf as described at https://docs.splunk.com/Documentation/Splunk/8.0.4/Indexer/Setupmultipleindexes
... View more
02-25-2020
07:44 AM
Hello Vinkumar,
in which release is it fixed? Unfortunately in contrast to rpm, zypper has no option --nodeps and I found no other working option (tried -n install --force). I need to use zypper to access a remote repo where the forwarder resides.
Thanks -Gerd
... View more
01-02-2020
06:08 AM
FWIW, my problem was caused not by the new DB connect version, but likely by using a Splunk App Repo on Windows, where executables might have lost there executable "x" right. Then no JDBC related java process was startet. When I reinstalled the DB connect App purely on Linux from scratch, installed the driver, restarted the Heavy Forwarder, then it was working, although the Configuration.General GUI still shows issues.
... View more
11-12-2018
01:12 AM
Hello Tiago,
I did not need to edit the file .mmdb anymore due to a project scope change. I've started with
https://blog.maxmind.com/2015/09/29/building-your-own-mmdb-database-for-fun-and-profit/
but was not so straightforward. So unfortunately no news from my side.
... View more
10-24-2018
03:14 AM
Hi Shyngys,
if I remember correctly I got the connection to work, by ignoring the issue and clicked "Save anyway" in Splunk. I also figured out that the issue might related to missing JDBC Compatibility Test Suite (CTS): „the separator string, always null because catalogs are not supported by database server (see JDBC CTS for details).“, siehe https://www.firebirdsql.org/file/documentation/drivers_documentation/java/2.2.4/docs/org/firebirdsql/jdbc/AbstractDatabaseMetaData.html
... View more
08-20-2018
02:14 AM
Thanks MuS for pointing this out!
Somehow this
https://blog.maxmind.com/2015/09/29/building-your-own-mmdb-database-for-fun-and-profit/
looks promising, and I'll give it a try.
Cheers
... View more
08-20-2018
12:27 AM
Thanks, but I need to put my own IPs into the database, as explained in Customizing-Maxmind-IP-Geo-DB-for-Internal-Networks
... View more
08-19-2018
11:57 PM
Hello,
I applied successfully the tool at
github Customizing-Maxmind-IP-Geo-DB-for-Internal-Networks
https://github.com/threatstream/mhn/wiki/Customizing-Maxmind-IP-Geo-DB-for-Internal-Networks]
to add own IPs for an important Enterprise Security Projekt.
But somehow the mmdb created by
python csv2dat.py -w mmcity.dat mmcity GeoLiteCity-and-mynetworks.csv
differs from Splunks internal GeoLite2-City.mmdb
>>> import pygeoip, json
>>> geo = pygeoip.GeoIP('GeoLite2-City.mmdb')
>>> print json.dumps(geo.record_by_addr('182.236.164.11'), indent=4, sort_keys=True)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/root/mmutils/env/lib/python2.7/site-packages/pygeoip/__init__.py", line 544, in record_by_addr
raise GeoIPError(message)
pygeoip.GeoIPError: Invalid database type, expected City
Is there a better method? Did I miss another conversion step?
Thanks!
... View more
11-15-2017
09:29 AM
Given two vectors w,v where a heatmap matrix element, the correlation coefficient corr(w,v) is calculated: How can I drilldown by clicking on the heatmap to visualize the values of w and v.
... View more
09-19-2017
12:45 PM
Here at least formally and partially my self answered question: How to install R Analytics on Windows:
Install R Studio https://www.rstudio.com/products/rstudio/download/ (I have not tried plain R)
Start R Studio and enter the command: install.packages("opencpu")
enter the command: opencpu::ocpu_start_server(). Note the output will display more than the base URL
Optional: check that the OpenCPU server is up by browsing to something like http://localhost:4711/ocpu
Install the R-Analytics App for Splunk
Restart Splunk
In the Splunk Web: Open the App and configure the base URL, like http://localhost:4711
Now for me http://localhost:8000/de-DE/app/ita_r/r_script works including R-graphics
... View more
09-19-2017
12:33 PM
here is what I saw: Failed to load resource: the server responded with a status of 404 (Not Found)
There was a png link to: http://localhost:8000/de-DE/app/ita_r/400,0,there%20is%20no%20package%20called%20'corrplot'In%20call:library(corrplot)/png?width=800&height=800
... View more
09-17-2017
01:40 PM
Kind of answer to my question: On Windows the App also runs (partially?) as follows: Install latest R-Studio, there Tools > Install Packages: OpenCPU, then run the R command: opencpu::opencpu$start(). It should give an output like
Creating new config file: C:/Users/username/Documents/.opencpu.conf
OpenCPU started.
[httpuv] http://localhost:4711/ocpu
In the R-Analytics App specify only the base URL, here
http://localhost:4711
Now the example
http://localhost:8000/de-DE/app/ita_r/r_script
works including R-graphics.
So far the Demo views did not display anything. Any ideas for troubleshooting here?
Thanks!
... View more
05-16-2017
05:06 AM
Hi,
It seems that I can connect to a firebird database, but run into issue JDBC-446
http://tracker.firebirdsql.org/browse/JDBC-446.
The solution according to the firebird release notes
https://www.firebirdsql.org/file/documentation/drivers_documentation/java/3.0.0/release_notes.html#connection-rejected-without-an-explicit-character-set
is to use a jdbcURL in the db_connections.conf:
jdbc:firebirdsql:host/3050:D:/aQrate_Data/DB/MYQLOG?encoding=UTF8, "SYSDBA", "masterkey"
Now somehow it seems that some parser maybe in splunk set the encoding to UTF8, "SYSDBA", "masterkey"
because the message is now:
No valid encoding definition for Firebird encoding UTF8, "SYSDBA", "masterkey" and/or Java charset null
Is there a workaround to set the encodings somewhere else in a splunk db connect apps config file?
Thanks -Gerd
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-11-2020
11:09 AM
|
Karma given to
