Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About splunkreal
splunkreal
Influencer
Member since:
05-26-2016
Tuesday
Community Statistics
| Posts | 637 |
| Solutions | 33 |
| Karma Given | 892 |
| Karma Received | 51 |
| Member Since | 05-26-2016 |
Activity Feed
- Karma Splunk 7.2.2 - systemd - Root privileges required when starting/stopping Splunk? for whrg. Tuesday
- Got Karma for Re: Edge processor data management issue on fresh splunk core 10.2.4 linux instance. Monday
- Posted Re: Edge processor data management issue on fresh splunk core 10.2.4 linux instance on Deployment Architecture. Monday
- Posted Re: Edge processor data management issue on fresh splunk core 10.2.4 linux instance on Deployment Architecture. Monday
- Posted Re: Edge processor data management issue on fresh splunk core 10.2.4 linux instance on Deployment Architecture. a week ago
- Posted Edge processor data management issue on fresh splunk core 10.2.4 linux instance on Deployment Architecture. a week ago
- Karma Re: AI toolkit (MLTK) & Ollama for VatsalJagani. 05-18-2026 02:49 AM
- Posted Re: Intermediate findings in analyst queue ES v8.3 on Splunk Enterprise Security. 05-18-2026 02:47 AM
- Karma KVStore does not start when running Splunk 9.4 ( WITH A SOLUTION ) for triptraptresko. 04-25-2026 11:02 AM
- Karma Re: Splunk KV store does not start for claudio_manig. 04-20-2026 06:27 AM
- Karma Re: Splunk Add-on for Check Point Log Exporter for kknairr. 04-17-2026 09:00 AM
- Posted Re: How to resolve disk usage show negative value on monitoring console after adding storage. on Splunk Enterprise. 04-16-2026 03:23 AM
- Posted Re: How to resolve disk usage show negative value on monitoring console after adding storage. on Splunk Enterprise. 04-14-2026 09:02 AM
- Posted Re: No result using sourcetype on Splunk Search. 04-08-2026 07:24 AM
- Karma Re: Search by sourcetype returns no results for bmaupin. 04-08-2026 07:24 AM
- Karma Re: Splunk Forwarder SSL unsupported certificate purpose? for cbtadmin. 04-08-2026 02:34 AM
- Karma Re: Indexer/UF SSL: requireClientCert and SSL3_GET_RECORD:wrong version number (7.3.2) for harsmarvania57. 04-07-2026 02:27 PM
- Karma Re: How to quickly validate the metadata files of a given index and of all its buckets? for hexx. 04-06-2026 05:11 AM
- Posted Re: No result using sourcetype on Splunk Search. 03-30-2026 08:11 AM
- Karma Re: No result using sourcetype for isoutamo. 03-30-2026 02:06 AM
Monday
1 Karma
This has been added as known issue of this version : https://help.splunk.com/en/splunk-enterprise/release-notes-and-updates/release-notes/10.2/known-issues-for-this-release/known-issues/splunk-enterprise-10.2.4-known-issues
... View more
a week ago
Hi @richgalloway I can see these errors : "{"level":"FATAL","time":"2026-06-12T14:05:48.105Z","location":"v1/plugin.go:169","message":"error running plugin main method","service":"OpAmp Service","hostname":"splunkserver","error":"workload exit: failed to initialize database client for migrations: failed to establish database connection, max retries exceeded","callstack":"cd.splunkdev.com/libraries/go-teleport-sdk/runtime/v1.Main\n\t/go/pkg/mod/cd.splunkdev.com/libraries/go-teleport-sdk@v0.0.151/runtime/v1/plugin.go:169\nmain.main\n\t/builds/core-services/opamp-service/sidecar/main.go:264\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:285"} {"level":"INFO","time":"2026-06-12T14:05:49.312Z","location":"sidecar/main.go:138","message":"Package data plane on: 127.0.0.1:26539","service":"OpAmp Service","hostname":"splunkserver"} {"level":"INFO","time":"2026-06-12T14:05:49.314Z","location":"datastore/dbclient.go:94","message":"Initializing database client...","service":"OpAmp Service","hostname":"splunkserver","clientConfig":{"Username":"oas.root","Password":"<redacted>","Host":"localhost","Port":"5432","SslMode":"disable","SslRootCert":"","ConnectTimeout":10,"Name":"opamp_service","ConnectRetries":3,"ConnectRetriesSleep":5,"MaxConnLifetime":30,"MaxIdleConns":4,"MaxOpenConns":4,"AWS":{"ConnectUsingIamRole":false,"IamRoleUsername":""}}} {"level":"INFO","time":"2026-06-12T14:05:49.314Z","location":"datastore/dbclient.go:140","message":"Attempting to establish a connection with the database via user credentials...","service":"OpAmp Service","hostname":"splunkserver","user":"oas.root","connectionString":"host=localhost port=5432 dbname=opamp_service user=oas.root password=<redacted> sslmode=disable sslrootcert= connect_timeout=10","sqlDriver":"postgres"} {"level":"INFO","time":"2026-06-12T14:05:49.314Z","location":"datastore/dbclient.go:170","message":"Checking whether database connection is alive...","service":"OpAmp Service","hostname":"splunkserver"} {"level":"WARN","time":"2026-06-12T14:05:49.317Z","location":"datastore/dbclient.go:175","message":"Failed to verify live connection. Retrying...","service":"OpAmp Service","hostname":"splunkserver","maxRetries":3,"attempt":1} {"level":"WARN","time":"2026-06-12T14:05:54.320Z","location":"datastore/dbclient.go:175","message":"Failed to verify live connection. Retrying...","service":"OpAmp Service","hostname":"splunkserver","maxRetries":3,"attempt":2}" ... 2026-06-12 17:16:49.416 CEST [84794] FATAL: no pg_hba.conf entry for host "127.0.0.1", user "oas.root", database "opamp_service", no encryption
... View more
a week ago
Hello, can't add Edge processor, also getting errors on health status regarding data management : Thanks.
... View more
05-18-2026
02:47 AM
Hello @Dpop @diogofgm support answered : "The intermediate findings are not listed/visible in the AQ and this is by design. Whilst a column does exist for intermediate findings it is only populated for risk rules and gives a count of intermediate findings that triggered that risk rule"
... View more
04-16-2026
03:23 AM
Rolling restart of indexers solved.
... View more
04-14-2026
09:02 AM
Hello @elend how did you solve it? Did you restart MN or IDX for instance? Thanks!
... View more
04-08-2026
07:24 AM
Hello, solution was provided by support (Poland), sourcetype:: was missing in the transforms.conf for another sourcetype in same index.
... View more
03-26-2026
04:23 PM
The sourcetype appears on the left side with results... when we click on it then no result.
... View more
03-26-2026
01:44 PM
Hello, when using index=si_cisco we get results however if we add index=si_cisco sourcetype="cisco:ise:syslog" then no result. The data is coming from HF (HEC) from log management system (Kafka). Earlier today it was working with index=test sourcetype="cisco:ise:syslog" but then our log management admin changed the destination index. I suspect props.conf/transforms.conf issue. We use Splunk Add-on for Cisco ISE 4.2.0 Thanks for your help.
... View more
Labels
- Labels:
-
other
03-20-2026
05:13 AM
Yes, just unsupported now?
... View more
03-20-2026
03:35 AM
Hello, we have Splunk Add-on for Check Point Log Exporter ( https://splunkbase.splunk.com/app/5478 ) Built by Splunk LLC. We would like to know if it's supported with Splunk v10 (v10.2 for instance)? Thanks.
... View more
Labels
- Labels:
-
heavy forwarder
-
inputs.conf
-
syslog
03-19-2026
08:03 AM
Hello @tsa which sourcetype did you set? It doesn't look documented at https://open-docs.neuvector.com/integration/splunk/ Something like neuvector:json? Thanks!
... View more
03-12-2026
09:46 AM
Hi @woodcock got this warning after network issues yesterday, applied https://splunk.my.site.com/customer/s/article/The-number-of-extremely-lagged-searches-X-over-the-last-hour-exceeded-the-red-threshold-X-on-this-Splunk-instance but could not find any lagged search. Either wait to be cleared or maybe will need restart of the impacted SHC member...
... View more
03-05-2026
07:48 AM
Hello, On UF I've seen that we put pem certificates in etc/apps/myapp/default/data On our servers however I've seen something like etc/apps/myapp/data Are there rules or both are ok? (they are working but are they best practices?) Thanks!
... View more
Labels
03-02-2026
10:01 AM
Hello, which Splunk 10 version is stable? I've seen there is 10.2 and before 10.0, what happened to 10.1? Also I saw 10.0.4 was released recently, why? Thanks.
... View more
Labels
02-25-2026
09:40 AM
Hello, us there still Intermediate findings column for findings in analyst queue for Event based detections? Thanks.
... View more
Labels
- Labels:
-
administration
-
installation
02-19-2026
08:45 AM
squash_threshold = <positive integer> * Periodically the indexer must report to license manager the data indexed broken down by source, sourcetype, host, and index. If the number of distinct (source, sourcetype, host, index) tuples grows over the 'squash_threshold', the (host, source) values are squashed and only a breakdown by (sourcetype, index) is reported. This is to prevent explosions in memory + license_usage.log lines. * This is an advanced setting. Set it only after consulting a Splunk Support engineer. * This needs to be set on license peers as well as the license manager. * Default: 2000
... View more
02-19-2026
08:45 AM
Hello, if you have license usage error when running a query on license logs, it can be based on Splunk server.conf setup.
... View more
Labels
- Labels:
-
license usage
-
monitoring console
02-16-2026
01:51 AM
Hello @bowesmana had some errors, this way is more reliable but from ssh : find /OPT/splunk/etc/apps -type f -path "*/lookups/*" -exec du -h {} \; | sort -h
... View more
02-16-2026
12:28 AM
Hello @kknairr thanks for detailed explanation, especially sslRootCAPath, no need to put all rootCAs in single file but in the directory then?
... View more
02-15-2026
02:26 PM
Hello @PickleRick thanks, do you mean using sslRootCAPath? By default ssl verify is disabled so is it necessary? Thanks.
... View more
02-12-2026
12:12 AM
Hi @PickleRick thanks but it's almost empty, just ES using it.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Tuesday
|
Karma given to
