I'm having the same issue! Before it was possible to change the email, the field was editable. However it's not anymore. I have my splunk account for 6 years already, changed company 2 times and I was able to change the email those 2 times because the companies were Splunk partners. Now having left, I need to revert to my personal account. I don't want to create a new account as I have a lot of things associated to my current account, like answers on Splunk Community. On the certifications part, I was already able to request a change to education team. Now I want to contact support to change it, but apparently there's no contact besides the phone. This should really be re-think. Thanks, Tiago ... View more

This works, thanks! ... View more

Worked for me! The issue is indeed with the add-on Splunk_TA_cisco_asa on default/props.conf. This is what is should look like, but it's fixed by adding to local/props.conf: LOOKUP-cisco_asa_action_lookup_1 = cisco_asa_action_lookup vendor_action AS action OUTPUT action AS Cisco_ASA_action ... View more

The exact same thing happened to me. Was updating an indexer from 7.3.9 to 8.1.6, using the new parameter on kvstore stanza: [kvstore] storageEngineMigration=true But the kvstore wasn't migrating, giving this error: Starting KV Store storage engine upgrade: Phase 1 (dump) of 2: ERROR: Failed to migrate to storage engine wiredTiger, reason=KVStore service will not start because kvstore process terminated It was nothing more nothing less than the certificate that had expired 5 days ago! Thanks for the tip! ... View more

Same issue here on a RHEL 8.4 server with Splunk 7.3.9 Java version: openjdk version "1.8.0_292" Also saw this: Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits: RSA 1024 bit key used with certificate: EMAILADDRESS=support@splunk.com, CN=SplunkCommonCA, O=Splunk, L=San Francisco, ST=CA, C=US They should probably be using a RSA 2048 bit key already ... View more

Hi,  So basically I have tested this in 3 different Splunk SHs. One with 7.3.9 where all is working fine, another with 8.0.4.1 with same configurations (csv and lookup definition) , and another with 8.0.8, that I have upgraded to 8.1.3, also with same configuration. I have tried before matching directly with IP and it works, but not with cidr field. There's no extra whitespaces, the same lookup works properly on 7.3.9 matching cidr field.  I have configured the lookup fresh via gui on both Splunk 8.X SHs and it didn't work anyway. Tried in search time use the cidrmatch function and it works. So basically the only thing not working is CIDR in lookup definition. Hope this clarifies.   Thanks  ... View more

From: https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverclassconf restartSplunkd = <boolean> * If true, restarts splunkd on the client when a member app or a directly configured app is updated. * Can be overridden at the serverClass level and the serverClass:app level. * Default: false issueReload = <boolean> * If true, triggers a reload of internal processors at the client when a member app or a directly configured app is updated. * If you don't want to immediately start using an app that is pushed to a client, you should set this to false. * Default: false Here you have the behavior of combining the options: https://docs.splunk.com/Documentation/Splunk/8.0.6/Updating/Useserverclass.conf Interaction of restartSplunkd and issueReload The behavior of the client varies depending on the settings of restartSplunkd and issueReload. These are the options: issueReload restartSplunkd Behavior true false Reload only. No restart. It might be necessary to issue a manual restart to fully activate the downloaded apps. true true Client reloads. If some app components require a restart to activate, the client restarts. false false The downloaded apps are not activated. false true The client always restarts after app updates.   ... View more

It's not working for me. Maybe something changed since 2016? ... View more

After cleaning cache and cookies, all went well.  ... View more

Yup that one works as intended! Thanks ... View more

worked for me! Thanks ... View more

Worked for me! Thanks ... View more

That works really well, thanks! ... View more

If you want to renew MongoDB certificates on Windows, this is the command you need: C:\'Program Files'\Splunk\bin\splunk createssl server-cert -d C:\'Program Files'\Splunk\etc\auth -n server **** -c -l 2048 replace by the actual hostname of the server and it's done! ... View more

-debug and -app ... View more

The app needs to be shares globally before you can share you extractions globally too. ... View more