Activity Feed
- Karma Re: Why am I getting error "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" running a search through the Splunk Java SDK? for shaskell_splunk. 06-05-2020 12:48 AM
- Karma Re: Why am I getting error "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" running a search through the Splunk Java SDK? for shaskell_splunk. 06-05-2020 12:48 AM
- Karma Re: Hunk App for HBase: No search result for rdagan_splunk. 06-05-2020 12:48 AM
- Karma Re: Hunk App for HBase: No search result for rdagan_splunk. 06-05-2020 12:48 AM
- Karma Re: Hunk App for HBase: No search result for rdagan_splunk. 06-05-2020 12:48 AM
- Karma Re: Why am I getting this error in the search.log when extracting Hive data in Splunk? for kschon_splunk. 06-05-2020 12:48 AM
- Karma Re: Why am I getting this error in the search.log when extracting Hive data in Splunk? for kschon_splunk. 06-05-2020 12:48 AM
- Karma Re: What is the difference between the Kafka Messaging Modular Input and the Splunk Add-on for Kafka? for jcoates_splunk. 06-05-2020 12:48 AM
- Karma Re: Why am I getting error "Unknown search command 'sourcetype'" using a subsearch in a where command? for somesoni2. 06-05-2020 12:48 AM
- Karma Re: Trying to return an event based on an eval if statement, why am I getting "Typechecking failed. The '==' operator received different types."? for somesoni2. 06-05-2020 12:48 AM
- Karma Re: Do I need to purchase licenses to use these apps and add-ons from Splunkbase in our production environment? for ChrisG. 06-05-2020 12:48 AM
- Got Karma for Modular input not showing on settings>Data inputs. 06-05-2020 12:48 AM
- Got Karma for Modular input not showing on settings>Data inputs. 06-05-2020 12:48 AM
- Got Karma for Modular input not showing on settings>Data inputs. 06-05-2020 12:48 AM
- Got Karma for Modular input not showing on settings>Data inputs. 06-05-2020 12:48 AM
- Got Karma for Re: Modular input not showing on settings>Data inputs. 06-05-2020 12:48 AM
- Got Karma for Why am I getting this error in the search.log when extracting Hive data in Splunk?. 06-05-2020 12:48 AM
- Karma Re: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" when connecting to Splunk Enterprise for sunrej. 06-05-2020 12:47 AM
- Posted Re: Why am I getting error "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" running a search through the Splunk Java SDK? on Splunk Search. 06-11-2016 12:40 AM
- Posted Re: Why am I getting error "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" running a search through the Splunk Java SDK? on Splunk Search. 06-11-2016 12:37 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
06-11-2016
12:40 AM
Also, sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | where '3' > 0 is not working though it did in Web.
For example:
(Not working)
java -jar dist/examples/search_oneshot.jar "sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | where '3' > 0" --output_mode=json
(Working)
java -jar dist/examples/search_oneshot.jar "search * | tail 10" --output_mode=json
Is there any way to use sourcetype in CLI? I am getting Unknown search command 'sourcetype'. It worked in Splunk Web.
Update: By putting 'search' ahead of the command, it worked.
... View more
06-11-2016
12:37 AM
Actually, when i am using https and did enableSplunkdSSL = true, it did not work but when i did http and did enableSplunkdSSL = false it worked. I commented the required line in java.security also.
I know it's not recommended but do you have any workaround?
... View more
06-10-2016
07:20 PM
Hi shaskell,
Thanks I went through but I am getting the following error now.
I am using SDK 1.5.0 and JRE7.
Do you know how to resolve it? I have changed https to http in .splunkrc file.
java.lang.RuntimeException: Connection reset
at com.splunk.HttpService.send(HttpService.java:427)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)
at com.splunk.Service.login(Service.java:1122)
at com.splunk.Service.login(Service.java:1101)
at com.splunk.Service.connect(Service.java:187)
at com.splunk.examples.search.Program.run(Unknown Source)
at com.splunk.examples.search.Program.main(Unknown Source)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:690)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:661)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1324)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at com.splunk.HttpService.send(HttpService.java:425)
... 7 more
... View more
06-10-2016
07:02 PM
Hi Sunrej, I am getting the following error in SDK 1.5.0 Did you also get it? Or do you know how to resolve it? I have changed https to http in .splunkrc file. And I am using JRE7
java.lang.RuntimeException: Connection reset
at com.splunk.HttpService.send(HttpService.java:427)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)
at com.splunk.Service.login(Service.java:1122)
at com.splunk.Service.login(Service.java:1101)
at com.splunk.Service.connect(Service.java:187)
at com.splunk.examples.search.Program.run(Unknown Source)
at com.splunk.examples.search.Program.main(Unknown Source)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:690)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:661)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1324)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at com.splunk.HttpService.send(HttpService.java:425)
... 7 more
... View more
06-10-2016
01:03 AM
I am getting the following error when I am running a search through the Splunk Java SDK:
java.lang.RuntimeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
I am using splunk-sdk-java-1.5.0 and ran the command:
java -jar dist/examples/search.jar "sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | where '3' > 0" --output_mode=csv
... View more
06-05-2016
11:11 AM
All the inputs can be seen by going into Settings > Data inputs
... View more
06-05-2016
11:09 AM
Building Spring-Splunk adapter itself contains all the XSDs. So just put the jar in the classpath while executing the Spring application.
... View more
05-26-2016
05:12 PM
I am getting the below error while running Splunk integration spring adapter.
org.xml.sax.SAXParseException; lineNumber: 16; columnNumber: 212; schema_reference.4: Failed to read schema document 'http://www.springframework.org/schema/integration/splunk/spring-integration-splunk.xsd', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema>.
I tried to search http://www.springframework.org/schema/integration/splunk/ but it looks like it is not reachable. Has Spring deprecated the support of Splunk?
My bean configuration looked like this:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:int="http://www.springframework.org/schema/integration"
xmlns:int-splunk="http://www.springframework.org/schema/integration/splunk"
xmlns:stream="http://www.springframework.org/schema/integration/stream"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/integration/stream http://www.springframework.org/schema/integration/stream/spring-integration-stream.xsd
http://www.springframework.org/schema/integration/splunk http://www.springframework.org/schema/integration/splunk/spring-integration-splunk.xsd
http://www.springframework.org/schema/integration http://www.springframework.org/schema/integration/spring-integration.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.4.RELEASE.xsd">;
<import resource="SplunkInboundChannelAdapterCommon-context.xml"/>
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
auto-startup="true" search="sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | where '3' > 0" splunk-server-ref="splunkServer" channel="inputFromSplunk" mode="realtime" initEarliestTime="-1d">
<int:poller fixed-rate="5" time-unit="SECONDS"/>
</int-splunk:inbound-channel-adapter>
</beans>
... View more
- Tags:
- splunkintegration
05-24-2016
10:33 PM
I understand your point. I have an understanding that Hunk & Hunk App for Hbase are two different thing. Hunk App for Hbase is free to use but Hunk has paid license. Please correct my understand.
... View more
05-24-2016
10:28 PM
Thanks for the reply.
Till now in my POC, I have used free version of Splunk (500mb limit).
Does it have Hunk installed in it as I used Hunk app for Hbase for Hbase data indexing?
... View more
05-24-2016
10:26 PM
Thanks I will have a look on it.
... View more
05-24-2016
10:17 PM
I want to use the following Splunk apps in the production environment.
Kafka messaging modular input
AMQP messaging modular input
Hadoop Connect
Hunk App for Hbase
Alert manager
Can anyone please let me know do I need to buy the licenses for each one of them? Will it not be covered in the Splunk Enterprise license which I will be buying in some days?
Swift reply would be much appreciated.
... View more
05-24-2016
08:05 AM
Thanks it worked like a charm.
... View more
05-24-2016
06:44 AM
Sorry I have updated the question. '13' & '5' were the column indexes of sourcetype=SplunkRabbitMQ_messaging, i was referring.
Though I ran your query and it resulted in the same error.
... View more
05-24-2016
02:47 AM
I am calculating distance between the 2 latitude and longitude and if the distance > 0, then it will return the event or else it does not do anything. An event contains a Json message body. Following is the search I am using, but it is giving me an error.
sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | eval distance=sqrt(pow('13'-[search sourcetype=SplunkKafka_messaging | spath input=msg_body | eval lat2=pickup_latitude | return $lat2],2)+pow('5'-[search sourcetype=SplunkKafka_messaging | spath input=msg_body | eval long2=pickup_longitude | return $long2],2)) | eval result = if (distance>0, [search sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body], [search sourcetype=SplunkKafka_messaging | spath input=msg_body]) | return $result
Error:
Error in 'eval' command: Typechecking failed. The '==' operator received different types.
I have to use this search in real-time.
Update: In the search , '13' & '5' are the column indexes and not the numeric value.
... View more
05-23-2016
08:59 AM
Thanks! It did work.
... View more
05-23-2016
08:01 AM
I am getting 2 errors:
1. Error reading runtime settings: File :/usr/local/splunk/var/run/splunk/dispatch/subsearch_1464015531.154_1464015531.1/runtime.csv does not exist
2. ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Error in 'where' command: Typechecking failed. The '>' operator received different types
... View more
05-23-2016
02:04 AM
I want to do something like the below command but it is giving me an error.
sourcetype=SplunkKafka_messaging | spath input=msg_body | where passenger_count > [sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | stats avg(passenger_count)]
Error:
Unknown search command 'sourcetype'.
Can anyone let me know how to achieve the objective? My aim is to extract the events where passenger_count is greater then the average of that column.
This will happen in real time.
... View more
05-22-2016
11:00 AM
Resolved
There is a mismatch between the queue name in Splunk and that I gave in Producer code of RabbitMQ.
... View more
05-21-2016
01:37 AM
I am getting the below error when I am pushing json data to the exchange.
05-21-2016 14:01:56.567 +0530 ERROR ExecProcessor - message from "python /usr/local/splunk/etc/apps/amqp_ta/bin/amqp.py" Caused by: com.rabbitmq.client.ShutdownSignalException: channel error; protocol method: #method(reply-code=404, reply-text=NOT_FOUND - no previously declared queue, class-id=50, method-id=20)
Using rabbitmq_server-3.6.1 and the latest version of AMQP Messaging Modular Input
... View more
05-20-2016
01:07 AM
Also in latest version of Splunk (6.4.1), one can see all the Data inputs at Settings > Data inputs as mentioned by splunkdevabhi
... View more
05-20-2016
01:05 AM
Resolved
I was using Splunk 6.4 but this morning i downloaded and installed Splunk 6.4.1 and now its working.
... View more
05-19-2016
08:46 AM
I am using both the Splunk Add-on for Kafka and Kafka Messaging Modular Input for comparison.
When I am configuring it from Splunk Web, it is giving me the following error:
Encountered the following error while
trying to save: Splunkd daemon is not
responding: ("Error connecting to
/servicesNS/admin/launcher/data/inputs/kafka:
('The read operation timed out',)",)
Can anyone let me know what to change to rectify it?
... View more
05-19-2016
01:39 AM
1 Karma
Also one can go to Settings > Data inputs > Files & directories > Click New
Then one can see all the data inputs also.
... View more
05-19-2016
12:08 AM
Thanks jcoates for the reply. So I have configured kafka add-on from CLI. But can you tell me the command to run it in SplunkWeb GUI.
Also,
Can I able to write correlation rules on it?
Basically I have 30 kafka topics that is to be streamed into splunk. My aim is only to insert the payload in splunk and have correlation rules on it.
... View more
