Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About realsplunk
realsplunk
Builder
Member since:
05-26-2016
Tuesday
Community Statistics
| Posts | 300 |
| Solutions | 13 |
| Karma Given | 336 |
| Karma Received | 19 |
| Member Since | 05-26-2016 |
Activity Feed
- Karma Re: Show only duplicated fields for yannK. Tuesday
- Got Karma for Re: User can't share report / saved search even with write access on app. a week ago
- Karma Re: How to get the Windows host name in Forwarder Management on the deployment server to appear as the FQDN? for pellegrini. 2 weeks ago
- Posted Re: User can't share report / saved search even with write access on app on Splunk Enterprise. 2 weeks ago
- Posted User can't share report / saved search even with write access on app on Splunk Enterprise. 2 weeks ago
- Karma Re: Accuracy of metadata command in large environments? for pj. 2 weeks ago
- Karma Re: Accuracy of metadata command in large environments? for lguinn2. 2 weeks ago
- Karma Re: Accuracy of metadata command in large environments? for pj. 2 weeks ago
- Karma Re: Accuracy of metadata command in large environments? for martin_mueller. 2 weeks ago
- Karma Accuracy of metadata command in large environments? for lguinn2. 2 weeks ago
- Posted Re: how long metadata last, retention policy? on Splunk Search. 2 weeks ago
- Karma Re: how long metadata last, retention policy? for scelikok. 2 weeks ago
- Posted how long metadata last, retention policy? on Splunk Search. 2 weeks ago
- Karma Re: Search on an eval variable - find filenames with yesterday's date for martin_mueller. 2 weeks ago
- Karma Re: How to check if new hosts get added to instance & get alerted? for inventsekar. 2 weeks ago
- Got Karma for Re: Unable to view thawed data. 2 weeks ago
- Karma Re: Why are my json fields extracted twice? for yannK. 3 weeks ago
- Karma Re: Why is a value appearing twice in a table but only occurs once in the event data? for somesoni2. 3 weeks ago
- Posted Re: Forwarder Management troubleshooting client errors on Deployment Architecture. 4 weeks ago
- Posted Re: How can I find out what the deployment errors are? on Deployment Architecture. 4 weeks ago
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
2 weeks ago
1 Karma
Hello, I created another user with same capability, same issue. I tried on test environment and it works, however not same configuration/deployments. Support is on it. Thanks.
... View more
2 weeks ago
Hello guys, Custom app is pushed from deployer, ACL are then set from the SHC GUI. User can't share his own report. local.meta shows role has read+write access. Thanks for your help. Splunk 7.3.4 user error admin view on app
... View more
Labels
- Labels:
-
configuration
2 weeks ago
Hello, I'm using metadata on hosts to get their first event time etc, are they accurate even on oldest records? | metadata type=hosts By the way where are they stored? Thanks 🙂
... View more
03-08-2021
12:22 AM
Hello, good idea 🙂 This applies to all Pearsonvue exams, at least Splunk candidates won't fail 🙂
... View more
02-23-2021
01:32 AM
Hello, could someone explain the purpose of this setting, does it serve tcp-ssl inputs.conf for instance AND/OR securing internal Splunk 8089 port in server.conf? https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/SIEM-specific-instruction.htm sslRootCAPath = /etc/ssl/my-certs/RootCA.pem on the other side : https://docs.splunk.com/Documentation/Splunk/7.3.4/Security/Securingyourdeploymentserverandclients sslRootCAPath = <full path to the operating system root CA certificate> Thanks.
... View more
Labels
- Labels:
-
inputs.conf
02-16-2021
07:04 AM
Hello, thanks for this information, looks like it depends on the data, also license usage can increase if UF resends several times. Did you find a valid solution to find the volume of a specific data/search (other than index/host/source breakdown)? Best regards.
... View more
02-15-2021
08:02 AM
Hello Rich, it's our case and seeing no major problem with same VM for DS/CM with Splunk Enterprise 7.3.4, 900+ UF, 3 indexers, ~250 gb/day. However in the docs : https://docs.splunk.com/Documentation/Splunk/8.1.2/Updating/Planadeployment#Deployment_server_and_other_roles A cluster manager node and a deployment server both consume significant system resources while performing their tasks. The manager node needs reliable and continuous access to resources to perform the ongoing management of the cluster, and the deployment server can easily overwhelm those resources while deploying updates to its deployment clients. Do you think no problem when we'll upgrade to Splunk 8.1? Thanks.
... View more
02-10-2021
12:44 PM
Hello guys, Just noticed on preproduction environment local sslPassword on cluster member has not been updated when pushed new sslPassword. It seems it didn't trig restart which updates and encrypts sslPassword. Splunk enterprise 7.3.4 Thanks.
... View more
Labels
- Labels:
-
encryption
02-02-2021
01:30 AM
Thanks it works 🙂 I used requireClientCert = false as certification is not dedicated to my host otherwise do you mean we should distribute the certificates to deployment clients, this would be time-consuming and out of Splunk scope (deploy certs through Puppet/Ansible for instance)?
... View more
02-01-2021
10:23 AM
Hello guys, tried to update server.conf but Splunk crashed with handshake failure accessing https://localhost:8089 [sslConfig] #sslPassword = $7$OXZyp5GzoeMoXOIUSMqIFC+4Od7JKUacyjpUPBRobqwXbKYgAoObNg== serverCert = $SPLUNK_HOME/etc/apps/APP_OUTPUTS/default/preproduction-server.pem sslPassword = xxx sslRootCAPath = $SPLUNK_HOME/etc/apps/APP_OUTPUTS/default/preproduction-cacert.pem requireClientCert = true Is it necessary to also update web.conf according to https://docs.splunk.com/Documentation/Splunk/7.3.4/Security/Securingyourdeploymentserverandclients? May it break the deployment server / DS clients? Also does it impact implementation of [tcp-ssl] port? Thanks.
... View more
Labels
- Labels:
-
SSL
01-30-2021
01:50 AM
Hello, isn't Splunk default certificate considered as selfsigned? Thanks.
... View more
01-26-2021
07:06 AM
Hello, found this INFO in UFs internal logs, what does it mean? The forwarder is working fine and connected to DS. Management network port on the forwarder is disabled for security reason. UF 7.1.4 / Splunk Enterprise 7.3.4 Thanks.
... View more
Labels
- Labels:
-
universal forwarder
01-15-2021
07:14 AM
Hello, is there any better solution than copying indexes.conf based in /etc/master-apps to the deployment server apps in order to use the "Settings/Add data/Forward (data from a Splunk forwarder)" GUI? The copy is just there to get list of indexes and use the web interface to configure new data to add and deploy to forwarders? Thanks.
... View more
Labels
- Labels:
-
index
-
inputs.conf
-
monitor
-
universal forwarder
01-12-2021
07:02 AM
About 250 gb daily ingestion, 20 users daily, 3 indexers and 3 search heads (only 2 for users) the VM has 8 cpu/8 gb RAM however sometimes we have latencies with huge queries.
... View more
01-12-2021
04:24 AM
Hello, our architecture in production was created years ago, we have Deployment Server and Cluster Master on same machine (linux vm) running Splunk Enterprise 7.3.4 fine. Is there any specific risk keeping this architecture if we migrate to Splunk 8? Thanks for your help.
... View more
Labels
- Labels:
-
deployment server
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Tuesday
|
Karma from
| User | Karma Count |
|---|---|
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
