Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About rafamss
rafamss
Contributor
Member since:
08-08-2013
Tuesday
Community Statistics
| Posts | 109 |
| Solutions | 9 |
| Karma Given | 68 |
| Karma Received | 20 |
| Member Since | 08-08-2013 |
Activity Feed
- Posted Re: External handler failed with code '1' and output: 'REST ERROR[400]: Bad Request - Failed to fetch the certificate fr on All Apps and Add-ons. a week ago
- Karma Re: External handler failed with code '1' and output: 'REST ERROR[400]: Bad Request - Failed to fetch the certificate from server'. See splunkd.log for stderr output. for edavisj. a week ago
- Karma Re: How to build a trend chart that compares today's result with previous day, week, and month for the same time frame? for niketnilay. 2 weeks ago
- Karma Re: How to build a trend chart that compares today's result with previous day, week, and month for the same time frame? for gokadroid. 2 weeks ago
- Karma Re: inputlookup in macro for martin_mueller. 08-14-2020 08:22 AM
- Karma Re: Why isn't this regex working on /var/log? for nileena. 06-05-2020 12:49 AM
- Karma Re: Why isn't this regex working on /var/log? for DalJeanis. 06-05-2020 12:49 AM
- Karma Re: Why isn't this regex working on /var/log? for somesoni2. 06-05-2020 12:49 AM
- Karma Re: Why isn't this regex working on /var/log? for woodcock. 06-05-2020 12:49 AM
- Karma Re: Why isn't this regex working on /var/log? for saurabh_tek11. 06-05-2020 12:49 AM
- Karma Re: Why isn't this regex working on /var/log? for saurabh_tek11. 06-05-2020 12:49 AM
- Karma Re: Why isn't this regex working on /var/log? for woodcock. 06-05-2020 12:49 AM
- Karma Re: How to do you change ownership of a lookup file? for richgalloway. 06-05-2020 12:49 AM
- Karma Re: Why isn't this regex working on /var/log? for somesoni2. 06-05-2020 12:49 AM
- Got Karma for Re: Why isn't this regex working on /var/log?. 06-05-2020 12:49 AM
- Got Karma for Re: Why isn't this regex working on /var/log?. 06-05-2020 12:49 AM
- Karma After upgrading Search Head Cluster from 6.3.1 to 6.5.1, how do I resolve multiple "No such file or directory" errors? for guimilare. 06-05-2020 12:48 AM
- Karma Re: What is the maximum Splunk indexing capacity per second? We need indexing speed of 100 MB/s for somesoni2. 06-05-2020 12:48 AM
- Karma Re: How to change a field name? for somesoni2. 06-05-2020 12:48 AM
- Karma Re: What are the hardware requirements for using the Machine Learning Toolkit? for grana_splunk. 06-05-2020 12:48 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 5 | |||
| 0 | |||
| 0 |
a week ago
I've had the same problem and I updated the add-on with this patch from Checkpoint. You could try this @junedec21 . https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=50832
... View more
09-12-2019
05:26 PM
Hi @lbhkshueler ,
First, Are you using the trial Enterprise license? Is it in the period of trial yet? If yes, see this: https://docs.splunk.com/Documentation/MSExchange/3.5.2/DeployMSX/Permissionschecklist
https://docs.splunk.com/Documentation/MSExchange/3.5.2/DeployMSX/WhataSplunkforMicrosoftExchangedeploymentlookslike
Otherwise, please look at this documents:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/TypesofSplunklicenses#Compare_Splunk_Enterprise_license_behavior
https://docs.splunk.com/Documentation/MSExchange/3.5.2/DeployMSX/Platformandhardwarerequirements
Note: A Splunk App for Microsoft Exchange license The Splunk App for Microsoft Exchange requires a license for indexing volume in addition to the license you get for Splunk Enterprise. See Install a license.
... View more
09-02-2019
12:52 PM
@ashikuma,
Do you have Monitoring Console deployed in your environment? In affirmative case, I suggest to you see the Indexer reports to see some important information like indexing pipeline, indexing receiving queue, forwarding issues and the use of hardware resources. Beside that, please see the role assigned to each one of your indexers.
RM
... View more
09-02-2019
09:45 AM
@koskyk, I did the architect re-certification at the last Saturday and here is what I did to achieve this:
I studied hard for almost two weeks (lectures);
Developed a simulated exam with exactly 90 questions (using the official training materials I had);
I did the simulated exam in a clean and quite place with the same rules of the official exam - 90 minutes to 90 questions;
This steps helped me to achieve the re-certification - I didn't do nothing beside this but I'm currently work like an Architect and Admin and it's help as well.
The exam have questions about use of commands, scenarios, types of clustering, components, basically what is described in the Blueprint document: https://www.splunk.com/pdfs/training/Splunk-Test-Blueprint-Architect-v.1.1.pdf
... View more
08-02-2018
08:35 AM
Hey @lakromani,
I use the command like you put above. The only different thing of your command is put the port your Splunk, like this: http://localhost:8000/en-US/debug/refresh . I always use this command every time that I need in my local and remote Splunk with different versions of Splunk and it's works fine.
... View more
12-04-2017
12:03 PM
Hi @kteng2024,
This answer is easily resolved with this other response: https://answers.splunk.com/answers/118859/diagram-of-splunk-common-network-ports.html
[ ]s
RM
... View more
12-04-2017
10:54 AM
1 Karma
Done @woodcock!
... View more
12-04-2017
07:31 AM
1 Karma
Hi Everyone,
All this options above did help me to do the configuration that worked in my environment. Below, follow what I did.
inputs.conf:
[monitor:///var/log]
disabled = false
sourcetype = my_sourcetype
index = main
props.conf:
[my_sourcetype]
TRANSFORMS = null_queue_filter
transforms.conf:
[null_queue_filter]
REGEX = .dbus.
DEST_KEY = queue
FORMAT = nullQueue
Thank all!
... View more
11-29-2017
04:39 AM
Is exactly what I want to do. Drop all events with dbus and store the events that not have this parameter. I'll test your sample and go back here.
... View more
11-29-2017
04:17 AM
Is exactly that @woodcock (I followed this example). But even puting dbus or [dbus] into REGEX option, this still not work.
... View more
11-28-2017
12:06 PM
Sure @somesoni2.
Nov 28 18:02:53 localhost dbus-daemon: dbus[409]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Nov 28 18:02:53 localhost dbus-daemon: dbus[809]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Nov 28 18:02:53 localhost dbus-daemon: dbus[981]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'Nov 28 18:02:53 localhost dbus-daemon: dbus[604]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Nov 28 18:02:53 localhost dbus[605]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Nov 28 18:02:53 localhost dbus[600]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
... View more
11-28-2017
10:59 AM
Each key is on a your line. The code style of answers that put all into a single line @DalJeanis.
... View more
11-28-2017
10:43 AM
As a fact @nileena. In my environment I put the stanza like as below. In the internal index don't have any error that contains references to this.
[monitor:///var/log/messages]
disabled = false
index = main
sourcetype = my_sourcetype
... View more
11-28-2017
09:44 AM
Hi,
I'm using a Single Instance of Splunk 6.6.2 and I've tried filtering some events of my log using the code below, but the filter doesn't work. I put this argument "[\dbus]" into regex because I don't want this to be indexed. What's wrong with this?
inputs.conf:
[source::/var/log/messages]
disabled = 0
index = main
sourcetype = my_sourcetype
props.conf:
[my_sourcetype]
TRANSFORMS-null = setnull
transforms.conf:
[setnull]
REGEX = \[dbus\]
DEST_KEY = queue
FORMAT = nullQueue
... View more
10-12-2017
07:24 AM
Hi @xdp4,
I've passed for the same problem and I resolved this issue enabling the port (9998 or any that you want) in the firewall in my CentOS 7.
firewall-cmd --zone=public --add-port=9998/tcp --permanent
I hope help you.
[ ]s
Rafael Martins
... View more
10-12-2017
07:23 AM
1 Karma
Hi @kyle1407365,
I've passed for the same problem and I resolved this issue enabling the port (9998 or any that you want) in the firewall in my CentOS 7.
firewall-cmd --zone=public --add-port=9998/tcp --permanent
I hope help you.
[ ]s
Rafael Martins
... View more
10-12-2017
07:21 AM
Hi @teddyidc1101,
I've passed for the same problem and I resolved this issue enabling the port (9998 or any that you want) in the firewall in my CentOS 7.
firewall-cmd --zone=public --add-port=9998/tcp --permanent
I hope help you.
[ ]s
Rafael Martins
... View more
10-12-2017
06:42 AM
Hi @jprs032007,
I've passed for the same problem and I resolved this issue enabling the port (9998 or any that you want) in the firewall in my CentOS 7.
firewall-cmd --zone=public --add-port=9998/tcp --permanent
I hope help you.
[ ]s
Rafael Martins
... View more
10-12-2017
06:41 AM
Hi @grittonc,
I've passed for the same problem and I resolved this issue enabling the port (9998 or any that you want) in the firewall in my CentOS 7.
firewall-cmd --zone=public --add-port=9998/tcp --permanent
I hope help you.
[ ]s
Rafael Martins
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Tuesday
|
Karma given to
