Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About duartet
duartet
Path Finder
Member since:
06-24-2016
Tuesday
Community Statistics
| Posts | 33 |
| Solutions | 1 |
| Karma Given | 77 |
| Karma Received | 4 |
| Member Since | 06-24-2016 |
Activity Feed
- Posted Re: Does Splunk support fields with whitespace from custom drill-down on Dashboards & Visualizations. Tuesday
- Karma Re: Does Splunk support fields with whitespace from custom drill-down for mrgibbon. Tuesday
- Got Karma for Re: Cannot expand lookup field due to a reference cycle in the lookup configuration.. 01-10-2022 02:55 PM
- Got Karma for Re: Cannot expand lookup field due to a reference cycle in the lookup configuration.. 12-09-2021 05:40 PM
- Posted Re: Cannot expand lookup field due to a reference cycle in the lookup configuration. on Splunk Cloud Platform. 10-13-2021 06:42 AM
- Karma Re: Cannot expand lookup field due to a reference cycle in the lookup configuration. for sean_wong. 10-13-2021 06:40 AM
- Posted Re: How to resolve issues with mongod startup such as "Failed to start KV Store process" error? on Knowledge Management. 09-30-2021 04:27 AM
- Karma Re: How to resolve issues with mongod startup such as "Failed to start KV Store process" error? for jotne. 09-30-2021 04:24 AM
- Posted Re: DB Connect - Cannot communicate with task server, please check your settings on All Apps and Add-ons. 06-04-2021 12:56 AM
- Tagged Re: DB Connect - Cannot communicate with task server, please check your settings on All Apps and Add-ons. 06-04-2021 12:56 AM
- Karma Re: DB Connect - Cannot communicate with task server, please check your settings for jeremyhagand61. 06-04-2021 12:50 AM
- Posted Re: CIDR match not working on Splunk 8.X on Splunk Search. 04-18-2021 02:54 AM
- Tagged CIDR match not working on Splunk 8.X on Splunk Search. 04-14-2021 06:22 AM
- Tagged CIDR match not working on Splunk 8.X on Splunk Search. 04-14-2021 06:22 AM
- Posted CIDR match not working on Splunk 8.X on Splunk Search. 04-14-2021 06:18 AM
- Got Karma for Re: How do I remove an app?. 03-18-2021 10:41 AM
- Got Karma for Re: How do I remove an app?. 01-18-2021 12:01 PM
- Karma Splunk DB connect error on first launch and wont load,unable to launch Splunk DB cxonnect. for lvarley91. 01-16-2021 02:30 AM
- Karma Re: How to use date in filename as the timestamp for each event? for mthomas_splunk. 12-14-2020 12:46 AM
- Posted Re: whats the difference between issueReload and restartSplunkd in serverclass.conf ? on Deployment Architecture. 09-24-2020 02:05 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
10-13-2021
06:42 AM
2 Karma
Worked for me! The issue is indeed with the add-on Splunk_TA_cisco_asa on default/props.conf. This is what is should look like, but it's fixed by adding to local/props.conf: LOOKUP-cisco_asa_action_lookup_1 = cisco_asa_action_lookup vendor_action AS action OUTPUT action AS Cisco_ASA_action
... View more
09-30-2021
04:27 AM
The exact same thing happened to me. Was updating an indexer from 7.3.9 to 8.1.6, using the new parameter on kvstore stanza: [kvstore]
storageEngineMigration=true But the kvstore wasn't migrating, giving this error: Starting KV Store storage engine upgrade: Phase 1 (dump) of 2: ERROR: Failed to migrate to storage engine wiredTiger, reason=KVStore service will not start because kvstore process terminated It was nothing more nothing less than the certificate that had expired 5 days ago! Thanks for the tip!
... View more
06-04-2021
12:56 AM
Same issue here on a RHEL 8.4 server with Splunk 7.3.9 Java version: openjdk version "1.8.0_292" Also saw this: Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits: RSA 1024 bit key used with certificate: EMAILADDRESS=support@splunk.com, CN=SplunkCommonCA, O=Splunk, L=San Francisco, ST=CA, C=US They should probably be using a RSA 2048 bit key already
... View more
- Tags:
- same
04-18-2021
02:54 AM
Hi, So basically I have tested this in 3 different Splunk SHs. One with 7.3.9 where all is working fine, another with 8.0.4.1 with same configurations (csv and lookup definition) , and another with 8.0.8, that I have upgraded to 8.1.3, also with same configuration. I have tried before matching directly with IP and it works, but not with cidr field. There's no extra whitespaces, the same lookup works properly on 7.3.9 matching cidr field. I have configured the lookup fresh via gui on both Splunk 8.X SHs and it didn't work anyway. Tried in search time use the cidrmatch function and it works. So basically the only thing not working is CIDR in lookup definition. Hope this clarifies. Thanks
... View more
04-14-2021
06:18 AM
Hi, We have been migrating objects from Splunk 7.3.9 to Splunk 8.X and have found some strange issue, hope someone has a clue. So basically we have a lookup file with a definition using cidr match. The csv contains, among other fields, an ip, cidr and subnet columns. Ex: ip cidr subnet 10.1.1.2 10.1.1.2/32 10.1.1.0/24 This is on "Lookup Definition" match type: CIDR(cidr) However if I try to do this simple query: | makeresults | eval ip="10.1.1.2" | table ip | lookup <lookup_name> cidr as ip OUTPUT subnet, it doesn't work. The exact same thing is working properly in splunk 7.3.9. Any clue? Kind regards, Tiago
... View more
Labels
- Labels:
-
lookup
09-24-2020
02:05 AM
From: https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverclassconf restartSplunkd = <boolean>
* If true, restarts splunkd on the client when a member app or a directly
configured app is updated.
* Can be overridden at the serverClass level and the serverClass:app level.
* Default: false
issueReload = <boolean>
* If true, triggers a reload of internal processors at the client when a
member app or a directly configured app is updated.
* If you don't want to immediately start using an app that is pushed to a
client, you should set this to false.
* Default: false Here you have the behavior of combining the options: https://docs.splunk.com/Documentation/Splunk/8.0.6/Updating/Useserverclass.conf Interaction of restartSplunkd and issueReload The behavior of the client varies depending on the settings of restartSplunkd and issueReload. These are the options: issueReload restartSplunkd Behavior true false Reload only. No restart. It might be necessary to issue a manual restart to fully activate the downloaded apps. true true Client reloads. If some app components require a restart to activate, the client restarts. false false The downloaded apps are not activated. false true The client always restarts after app updates.
... View more
07-22-2020
03:56 AM
It's not working for me. Maybe something changed since 2016?
... View more
07-21-2020
02:59 PM
After cleaning cache and cookies, all went well.
... View more
07-21-2020
02:07 AM
Just tried now on a different browser and it worked fine (tried in edge). Also tried using an incognito tab on chrome and it also worked fined. Maybe some cookies issue.
... View more
07-21-2020
01:56 AM
Since we updated Lookup Editor to version 3.4.5 and then 3.4.6, horizontal scrollbar disappeared and we cannot go to the right. Also there's some issues scrolling down, where it goes to line 100 and blocks, then only with the arrows of the keyboard can we go down. Thanks
... View more
- Tags:
- Lookup Editor
Labels
- Labels:
-
other
02-28-2020
04:29 AM
Yup that one works as intended! Thanks
... View more
02-06-2020
06:47 AM
worked for me! Thanks
... View more
04-16-2019
06:47 AM
That works really well, thanks!
... View more
01-16-2019
02:33 AM
If you want to renew MongoDB certificates on Windows, this is the command you need:
C:\'Program Files'\Splunk\bin\splunk createssl server-cert -d C:\'Program Files'\Splunk\etc\auth -n server **** -c -l 2048
replace by the actual hostname of the server and it's done!
... View more
09-21-2018
03:07 AM
The app needs to be shares globally before you can share you extractions globally too.
... View more
09-18-2018
05:17 AM
You can also go to Settings > Server Settings > Email settings
and change "Link hostname" to the url you want.
... View more
08-29-2018
05:40 AM
The file name should be collections.conf instead of collection.conf
... View more
