Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About splunkreal
splunkreal
Motivator
Member since:
05-26-2016
Online
Community Statistics
| Posts | 603 |
| Solutions | 29 |
| Karma Given | 854 |
| Karma Received | 49 |
| Member Since | 05-26-2016 |
Activity Feed
- Posted Re: cim vladiator % DM coverage on Other Usage. 3 hours ago
- Karma Re: Help Needed: SA-cim_validator Returns No Results for marnall. yesterday
- Karma Re: Help Needed: SA-cim_validator Returns No Results for alex_mics. yesterday
- Posted Re: Replace root CA for Splunk cluster on Security. Sunday
- Karma Re: Replace root CA for Splunk cluster for harsmarvania57. Sunday
- Karma Replace root CA for Splunk cluster for HumanPrinter. Sunday
- Karma Re: Adaptive responses upgrading from ES7 to ES8 for livehybrid. a week ago
- Posted Adaptive responses upgrading from ES7 to ES8 on Splunk Enterprise Security. a week ago
- Posted Re: Splunk and TheHive integration on Getting Data In. a week ago
- Posted Deploy/upgrade SHC app to single search head node for testing on Deployment Architecture. 2 weeks ago
- Posted Re: mcp SERVER on All Apps and Add-ons. 2 weeks ago
- Karma Re: mcp SERVER for livehybrid. 2 weeks ago
- Posted Re: Hide specific notables from IR (Incident review) in ES on Splunk Enterprise Security. 2 weeks ago
- Karma Re: Splunk cluster in Docker / Kubernetes (Containerization) for PickleRick. 2 weeks ago
- Posted Re: Splunk cluster in Docker / Kubernetes (Containerization) on Deployment Architecture. 2 weeks ago
- Karma Re: Splunk cluster in Docker / Kubernetes (Containerization) for PickleRick. 2 weeks ago
- Posted Splunk cluster in Docker / Kubernetes (Containerization) on Deployment Architecture. 2 weeks ago
- Posted Re: Hide specific notables from IR (Incident review) in ES on Splunk Enterprise Security. 2 weeks ago
- Karma Re: Why is cluster master reporting "Cannot fix search count as the bucket hasn't rolled yet.", preventing me from meeting my Search Factor? for gjanders. 2 weeks ago
- Karma Re: Why is cluster master reporting "Cannot fix search count as the bucket hasn't rolled yet.", preventing me from meeting my Search Factor? for BP9906. 2 weeks ago
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
3 hours ago
Hi @gcusello same issue here but we can't share all fields globally just for cim vladiator, is there any solution? Thanks!
... View more
- Tags:
- cim
Sunday
Hello, interesting subject, I guess we can work with server.conf sslRootCAPath setting to include old and new root CA? @mdsnmss @harsmarvania57
... View more
a week ago
Hello, if we have adaptive response in ES7 (using third party addon like https://splunkbase.splunk.com/app/5329), is it automatically recreated when upgrading to ES8? Any compatibility issue? Thanks.
... View more
Labels
a week ago
Hello @Bubbleob sorry for late response, using https://splunkbase.splunk.com/app/5329
... View more
2 weeks ago
Hello, is it possible to push/upgrade a SHC app to single search head for testing, in a production cluster? Thanks.
... View more
Labels
- Labels:
-
deployer
-
search head clustering
2 weeks ago
Hello, anyone had experience with containers for Splunk cluster? Does it fit SHC kvstore for instance or indexers? Any risk? Thanks!
... View more
Labels
3 weeks ago
Hello @woodcock we have these settings, should we have "Match Summary Range" for "Summary range" 3 months and Summarization Period each 5 minutes? Thanks.
... View more
3 weeks ago
Hello, anyone managed to use AI toolkit (MLTK) with local Ollama? Does it help writing SPL? How? Thanks!
... View more
Labels
- Labels:
-
administration
-
configuration
-
installation
12-29-2025
08:14 AM
Hello, we would like to have rule_id as rule instead of poluuid as rule in field aliases. Is it adviced to modify original addon field alias in order to get that field in the Network Traffic data model? Modify this: FIELDALIAS-fortigate_traffic_rule = poluuid as rule Fortinet Fortigate Add-on v1.6.7 Thanks!
... View more
Labels
12-25-2025
02:07 AM
Hello, does Splunk self signed (original) certificates work with kvstore upgrade? Looks like it's also a problem with standard Splunk setup : https://splunk.my.site.com/customer/s/article/Certificate-issue-when-Upgrading-to-Splu Thanks.
... View more
- Tags:
- kvstore
Labels
- Labels:
-
installation
-
upgrade
12-22-2025
04:19 PM
Hello, Upgrading Splunk ES 7.3.2 to 8.3.0 how existing correlation searches will be converted with new RBA? Thanks.
... View more
12-18-2025
04:09 AM
This addon is not supported on cluster.
... View more
12-09-2025
06:58 AM
Hello, where do you install the mcp server? On search heads? Does it work on clustered (SHC)? Thanks.
... View more
12-04-2025
06:54 AM
Hello, Does Splunk license slave node with default certificates can communicate with license manager that has custom CA on management port? Is there any ssl verification? Thanks.
... View more
Labels
11-12-2025
08:42 AM
Thanks @richgalloway for being so fast, so it means HF then. It seems for long json logs there is another setting to put.
... View more
11-12-2025
07:34 AM
Hello @verbal_666 on a Splunk distributed or cluster, did you apply on HF, SHC or IDX side(s) then? In our case we receive json logs from HF. @isoutamo what do you think? 🙂 Thanks for your help!
... View more
11-12-2025
07:27 AM
If we index JSON data from HF and want to extend TRUNCATE setting for long logs, should we also do it on (clustered) indexers or HF is enough? Also when looking at https://community.splunk.com/t5/Splunk-Search/Why-are-not-all-field-values-are-extracted-for-long-JSON-files/m-p/573446 it seems TRUNCATE=0 isn't enough? Thanks!
... View more
11-06-2025
02:31 AM
Hello @jkat54 noticed in splunkbase release notes "-Removed ability to specify user and pass with the command, use splunkpasswdname & splunkpasswdcontext OR token=<token> OR splunkauth=true instead." You should update the curl commands on Details tab of splunkbase app as this is misleading. For the moment using v3.1.2 could only make work using token not username/password. Getting error 401 when it works correctly with CLI curl command. I'm using "REST storage/passwords Manager for Splunk" syntax: | curl method=get uri="https://xxx/internalqueries?queryguid={3A798982-3D8F-465C-BB01-9E90CE4D3B4D}&filterguid={73B09AC4-6C...}" splunkpasswdname="api.xxx" splunkauth=f I could make it work using v3.1.0 so maybe there is a bug with latest version? Thanks for your help and thank you for this app!
... View more
Labels
- Labels:
-
administration
-
configuration
11-06-2025
01:54 AM
Hello, like username/password is it possible to hide tokens? This could help secure @jkat54 Webtools add-on. Thanks for your help!
... View more
Labels
- Labels:
-
administration
-
configuration
10-31-2025
07:42 AM
Hello @jkat54 please have a look at https://community.splunk.com/t5/All-Apps-and-Add-ons/Error-401-with-Webtools-v3-1-2-and-username-password/m-p/755264#M82473 thanks for your help!
... View more
Contact Me
| Online Status |
Online
|
| Date Last Visited |
3 hours ago
|
Karma given to
