Activity Feed
- Got Karma for Re: If there are multiple outputs.conf files (apps vs system), how do they merge, or which one takes precedence?. 07-10-2024 08:21 AM
- Posted Re: How can I share a lookup script with other apps? on Splunk Search. 05-02-2023 12:02 PM
- Karma Re: Dynamic Dropdown Using Timepicker for niketn. 03-15-2022 08:45 AM
- Got Karma for Re: Issue while updating Splunk custom command permission from UI. 11-04-2021 02:20 AM
- Posted Re: Issue while updating Splunk custom command permission from UI on Dashboards & Visualizations. 07-06-2021 02:17 PM
- Karma Re: Issue while updating Splunk custom command permission from UI for sh1pit76. 07-06-2021 02:16 PM
- Posted Re: SPL2 for onpremise on Splunk Search. 02-05-2021 01:15 PM
- Got Karma for Re: Create Oracle Connection: Cannot load connection class because of underlying exception: com.mysql.cj.exceptions.WrongArgumentException: Malformed database URL, failed to parse the main URL sections.. 06-05-2020 12:50 AM
- Got Karma for Refresh queue job: ['5da491033e5b6c4c9510ecf2', '5da491033e5b6c4c9510ecf3'] is stuck. 06-05-2020 12:50 AM
- Karma Re: Splunk DB Connect: Can I run 2 versions on the same server to avoid migrating database inputs to an upgrade? (v2.3.0 and v3) for FlavioKoch. 06-05-2020 12:49 AM
- Got Karma for Splunk DB Connect: Can I run 2 versions on the same server to avoid migrating database inputs to an upgrade? (v2.3.0 and v3). 06-05-2020 12:49 AM
- Got Karma for Re: Splunk DB Connect: Error in 'dbxquery' command: Invalid message received. 06-05-2020 12:49 AM
- Got Karma for Re: Splunk DB Connect: Error in 'dbxquery' command: Invalid message received. 06-05-2020 12:49 AM
- Got Karma for Re: Splunk DB Connect: Error in 'dbxquery' command: Invalid message received. 06-05-2020 12:49 AM
- Karma Re: Splunk local account login to splunkweb when SAML authentication is enabled? for suarezry. 06-05-2020 12:48 AM
- Karma DB Connect 2.2.0 not working in SHC for ishaanshekhar. 06-05-2020 12:48 AM
- Karma Re: DB Connect 2.2.0 not working in SHC for BP9906. 06-05-2020 12:48 AM
- Karma Re: How to set a timezone token in a dashboard to display a user's timezone in a time chart? for martin_mueller. 06-05-2020 12:48 AM
- Got Karma for Re: Migrate DB Connect from 1.1.0 to 2.4.0 - Security Enhancements - Allow user to only view SQL results. 06-05-2020 12:48 AM
- Got Karma for Re: Splunk 6.6 upgrade seems to have permissions issues. 06-05-2020 12:48 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-06-2021
02:17 PM
1 Karma
Same issue Splunk 8.0.7
... View more
02-05-2021
01:15 PM
I have the same question. It's rather surprising that I have to dig for the answer to this question.
... View more
10-14-2019
08:52 AM
1 Karma
ITSI gives me messages like this frequently:
Refresh queue job: ['5da491033e5b6c4c9510ecf2', '5da491033e5b6c4c9510ecf3'] is stuck. Please confirm and manually delete this job from the queue.
Note: The values inside of the brackets vary but, the rest of the message is always the same. I've noticed some KPI base searches seem to just quit working which I'm thinking is probably related to this message.
I've searched all over the place for instructions and also opened a ticket. It seems that nobody knows the mysterious process referenced in the message to "confirm and manually delete this job from the queue". What am I confirming? How do I delete the job from the queue?
I have no idea what this is telling me or how to perform the recommended action.
... View more
08-09-2019
07:40 AM
1 Karma
This appears to be related - https://bugs.mysql.com/bug.php?id=87600
Bug #87600 Connector throws 'Malformed database URL' on non mysql connection-urls
Incidentally, only one of may many Oracle databases is having this issue and it only started following an Oracle upgrade.
... View more
08-09-2019
07:33 AM
I'm having the same issue and it only started after an Oracle database upgrade. An existing working database input started displaying this message and stopped working.
... View more
11-16-2018
01:47 PM
Incidentally, The official examples from https://www.w3schools.com/graphics/svg_text.asp don't work with ITSI.
... View more
11-16-2018
01:44 PM
Me too but, I have no idea what this says other than, " ITSI GlassTable icon does not recognize SVG file."
Google Translated...
SVG file creation guide does not exist separately.
However, if you use basic shapes such as and when creating an SVG file, you may not be able to display them properly when registering as a custom icon in the Glass Table.
When creating the SVG file using the tag, the problem does not occur.
If you are creating an icon using Adobe Illustrator, first select it, then choose Object> Path> Outline Stroke from the top menu and export it to the Glass Table.
... View more
Most excellent, ty
Search to indicate what roles can search the index:
| rest /services/authorization/roles splunk_server=local | table id, srchIndexesAllowed | mvexpand srchIndexesAllowed | search srchIndexesAllowed="IndexName"
Search to indicate what roles can search all indexes
| rest /services/authorization/roles splunk_server=local | table id, srchIndexesAllowed | mvexpand srchIndexesAllowed | where match(srchIndexesAllowed,"[*]")
... View more
06-04-2018
05:55 AM
Thank you. I'm upvoting even though I upgraded long ago.
... View more
11-09-2017
11:00 AM
1 Karma
Reference bug ticket DBX-4449
... View more
11-08-2017
10:29 AM
2 Karma
I've been told that Db Connect 3.1.1 isn't compatible with Splunk version 7. You may be wasting your time trying to get it to work. I downgraded to Splunk 6 and DbConnect 3.1.1 seems fine so far.
... View more
11-02-2017
07:34 AM
Same issue here. Actually, every search produces the same result. Inputs or ad-hoc. Splunk 7 dbconnect 3.1.1
... View more
10-05-2017
08:37 AM
Consider using btool to verify that the setting that you changed is the one actually being used.
... View more
10-05-2017
08:33 AM
Your terminology could use some work. Traffic in a WAN is no less routable than traffic in a LAN.
... View more
10-03-2017
07:49 AM
1 Karma
I am currently running DbConnect version 2.3.0 and I would like to upgrade to DbConnect version 3. My issue is that I have maybe 40 database inputs and various other uses of DbConnect that would make a migration difficult. What I would like to do is install both versions on the same server and slowly migrate and test one input at a time.
Is it possible to run DbConnect version 2 and version 3 on the same server?
... View more
05-08-2017
11:56 AM
1 Karma
I resolved my own issue...
/opt/splunk/bin/splunk createssl server-cert -d /opt/splunk/etc/auth -n server -c zzzz-zzzz.zzz.zzzz.com -l 2048
Note: I edited the FQDN in the above example
... View more
05-08-2017
09:00 AM
A related link: https://answers.splunk.com/answers/457893/after-upgrading-to-650-kv-store-will-not-start.html
Which led me to this...
[root@zzz]# tail /opt/splunk/var/log/splunk/mongod.log
2017-05-08T14:35:11.400Z W CONTROL No SSL certificate validation can be performed since no CA file has been provided; please specify an sslCAFile parameter
2017-05-08T14:35:11.416Z F NETWORK The provided SSL certificate is expired or not yet valid.
2017-05-08T14:35:11.416Z I - Fatal Assertion 28652
2017-05-08T14:35:11.416Z I -
***aborting after fassert() failure
and this...
[root@zzzzz]# openssl x509 -enddate -noout -in ./server.pem
notAfter=Apr 13 20:57:57 2017 GMT
Still not entirely sure what to do
... View more
05-08-2017
08:33 AM
Short answer, no. dbxquery is probably what you're looking for here. It will ALWAYS be up to date. http://docs.splunk.com/Documentation/DBX/3.0.2/DeployDBX/Commands
... View more
05-08-2017
08:29 AM
I have had the same issue countless times. The only work around that I've came up with is to modify the search to add a record. Typically when modifying an existing input, I roll back the rising column by 1 and add the last record again as a duplicate entry.
... View more
05-08-2017
07:07 AM
After doing an rpm upgrade to 6.6 I'm having some pretty big issues that appear to be permission related.
Examples:
Failed to start KV Store process. See mongod.log and splunkd.log for details.
When I tried to search the splunkd log I received more errors...
•Error 'Could not find all of the specified destination fields in the lookup table.' for conf 'pan:config' and lookup table 'pan_vendor_info_lookup'.
•Error 'Could not find all of the specified destination fields in the lookup table.' for conf 'pan:hipmatch' and lookup table 'pan_vendor_info_lookup'.
•Error 'Could not find all of the specified destination fields in the lookup table.' for conf 'pan:system' and lookup table 'pan_vendor_info_lookup'.
•Error 'Could not find all of the specified destination fields in the lookup table.' for conf 'pan:threat' and lookup table 'pan_vendor_info_lookup'.
•Error 'Could not find all of the specified destination fields in the lookup table.' for conf 'pan:traffic' and lookup table 'pan_vendor_info_lookup'.
•Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'pan:threat' and lookup table 'threat_lookup'.
Fortunately, this is on my dev box.
... View more
03-29-2017
06:07 AM
1 Karma
btool is your friend - https://docs.splunk.com/Documentation/Splunk/6.5.2/Troubleshooting/Usebtooltotroubleshootconfigurations
IMO, it is the best way to validate what values are set to.
... View more
03-29-2017
06:04 AM
I'm not sure if I understand the question but this seems to call for a join. Reference: https://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Join
... View more
02-09-2017
06:03 AM
1 Karma
sure, I would be happy to elaborate....
There are two scenarios that I mentioned:
1) Moving data to an index as referenced by SloshBurch
2) Changing the database side (this is outside of Splunk)
So, what do I mean by item #2? If you only want users to see a sub-set of the data stored in database x, create a new database user, create a view that can only see that specific data on the database, modify the user so they can only see that view. Create a Splunk user using those permissions and it's capability to see X will be tied to the subset exposed by the view. https://www.codeproject.com/Tips/639239/Creating-and-Usage-of-View-in-SQL - Note: this doesn't stop them from running dbquery but, it does lock down the scope of what they can search to the scope of the view.
... View more
02-08-2017
06:58 AM
If I understand your post correctly, are you saying that you can't even open the dbconnect operations page? In other words, it has an issue before you even get the chance to add an input? If that's the case then, something sounds off with your install. I'm assuming that you restarted splunk after installing DbConnect.
... View more
