Hello @jkat54 noticed in splunkbase release notes "-Removed ability to specify user and pass with the command, use splunkpasswdname & splunkpasswdcontext OR token=<token> OR splunkauth=true instead." You should update the curl commands on Details tab of splunkbase app as this is misleading. For the moment using v3.1.2 could only make work using token not username/password. Getting error 401 when it works correctly with CLI curl command. I'm using "REST storage/passwords Manager for Splunk"   syntax: | curl method=get uri="https://xxx/internalqueries?queryguid={3A798982-3D8F-465C-BB01-9E90CE4D3B4D}&filterguid={73B09AC4-6C...}" splunkpasswdname="api.xxx" splunkauth=f   I could make it work using v3.1.0 so maybe there is a bug with latest version?   Thanks for your help and thank you for this app! ... View more

Hello, like username/password is it possible to hide tokens? This could help secure @jkat54 Webtools add-on. Thanks for your help! ... View more

Hello, in ssh CLI running Redhat linux, how to launch splunk offline on indexers and on splunk manager node, enable or disable maintenance-mode without credentials (it asks for local admin username and password)? This way we could automate OS updates by properly stop services. Thanks for your help.   ... View more

Hello, is this query valid to check incoming network traffic to heavyforwarders? index=_internal source=*metrics.log* group=tcpin_connections (host=s*HF*) | eval mb=floor(kb/1024) | timechart sum(mb) as mb span=5min useother=f usenull=f by host Thanks. ... View more

Hello, is Splunk opencti addon compatible on Splunk cluster (shc)? From 2/3 search heads we are getting this error: "2025-10-09 16:22:56,618 ERROR pid=31312 tid=MainThread file=base_modinput.py:log_error:309 | Error in ListenStream loop, exit, reason: HTTPSConnectionPool(host='sXXX.XXX.XXX', port=8080): Max retries exceeded with url: /stream/4484559f-66f8-4107-9afc-1d9c141377fb?recover=2025-07-22T10:27:24Z (Caused by SSLError(SSLError(1, '[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1143)')))" Even if we are not configured as SSL. Thanks. ... View more

Hello, anyone knows when will Splunk Enterprise Security 8 training be available (with instructor)? Thanks! ... View more

Hello guys, since 08/20/2025 we have issues in ES downloading these feeds from Splunk servers. When we try with curl then it doesn't return any data. No error. We use proxy. Thanks for your help!   phishtank https://data.phishtank.com/data/online-valid.csv.gz iblocklist_piratebay https://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb iblocklist_web_attacker https://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag iblocklist_tor https://list.iblocklist.com/?list=tor iblocklist_logmein https://list.iblocklist.com/?list=logmein iblocklist_proxy https://list.iblocklist.com/?list=bt_proxy iblocklist_rapidshare https://list.iblocklist.com/?list=zfucwtjkfwkalytktyiw mozilla_public_suffix_list https://publicsuffix.org/list/effective_tld_names.dat ... View more

Hello, is it possible in Splunk HEC from Kafka to receive raw events on HF in order to parse fields with addons? It seems we can only receive json data with "event" field and may not be able to extract fields within standard addons? The HEC event may also contain target index and sourcetype. Thanks.   ... View more

Hello, I put this regex on SHC inline extraction :  "<(?<pri>\d+)>1\s(?<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?[+-]\d{2}:\d{2})\s(?<hostname>[^\s]+)\s(?<appname>[^\s]+)\s(?<procid>[^\s]+)\s(?<msgid>[^\s]+)\s(?<structured_data>\S+)\s(?<json_msg>\{.*\})" however json_msg needs | spath input=json_msg Is it possible to auto extract fields contained in json_msg to avoid adding | spath input=json_msg at search time? Thanks.  ... View more