Hi, my 10.0.3 systems (SH, DS and indexers) send me several hundred postgres errors each day that seem to indicate that there is an initialization issue: IDX & SH: {"time":"2026-03-04T09:23:53.710005158+01:00","level":"ERROR","source":{"function":"postgres-service/package/teleportplugin.(*PostgresPlugin).BootstrapPostgres","file":"postgres-service/package/teleportplugin/postgres.go","line":529},"msg":"Failed to setup databases and users:","Err":"error creating database -- Schema file for setting up database for sidecar service\n-- Version: 1.0\n-- Date: 05/17/2024\n\nCREATE DATABASE search_metadata WITH OWNER = \"do.root.splunk\" CONNECTION LIMIT 5;\nCREATE DATABASE kvstore WITH OWNER = \"kvstore.pdl.splunk\" TEMPLATE = template0 LC_COLLATE = 'C' LC_CTYPE = 'C' CONNECTION LIMIT 5;\nCREATE DATABASE acies_config_service WITH OWNER = \"acc.dbuser.splunk\" CONNECTION LIMIT 5;\nCREATE DATABASE opamp_service WITH OWNER = \"oas.root.splunk\" CONNECTION LIMIT 5;\n: pq: template database \"template1\" has a collation version mismatch\n\tFailed to create database\n\tfailed to create database"} DS: {"time":"2026-03-04T09:26:19.466646819+01:00","level":"ERROR","source":{"function":"postgres-service/package/teleportplugin.(*PostgresPlugin).BootstrapPostgres","file":"postgres-service/package/teleportplugin/postgres.go","line":521},"msg":"Failed to initialize DAL:","Error":"failed to ping PostgreSQL: pq: password authentication failed for user \"postgres_admin\"\n\tFailed to connect to Postgres\n\tFailed to connect to Postgres"} {"time":"2026-03-04T09:26:19.466614486+01:00","level":"ERROR","source":{"function":"postgres-service/internal/db.NewDAL","file":"postgres-service/internal/db/dal.go","line":64},"msg":"Failed to initialize database connection","error":"failed to ping PostgreSQL: pq: password authentication failed for user \"postgres_admin\"\n\tFailed to connect to Postgres"} I am a bit lost on what I need to do to set this up. thx afx ... View more

After upgrading from 9.4.3 to 10.0.1 I run in the following TLS errors from mongod.log: 2025-10-16T08:59:56.224Z I NETWORK [listener] connection accepted from 127.0.0.1:34164 #1490 (1 connection now open) 2025-10-16T08:59:56.233Z E NETWORK [conn1490] SSL peer certificate validation failed: unsupported certificate purpose 2025-10-16T08:59:56.233Z I NETWORK [conn1490] Error receiving request from client: SSLHandshakeFailed: SSL peer certificate validation failed: unsupported certificate purpose. Ending connection from 127.0.0.1:34164 (connection id: 1490) 2025-10-16T08:59:56.233Z I NETWORK [conn1490] end connection 127.0.0.1:34164 (0 connections now open) 2025-10-16T08:59:56.233Z W NETWORK [ReplicaSetMonitor-TaskExecutor] The server certificate does not match the host name. Hostname: 127.0.0.1 does not match SAN(s): For the SAN all Domain names and the IO are listed, but not localhost. Any ideas how to get around the multipurpose requirement? Our CA does not provide them. I can get around the 127.0.0.1 entry via options, but the purpose thing seems to be a showstopper. ... View more

Hi, on a brand new Splunk install, the app tries using urrlib2, but Splunk only has urllib3. There is an exception where a "," is used instead of an "as" (line 388 of splunk_rest_client.py). It tries to use something from a module cStringIO which does not exist in Splunk or the app.     ... View more

Hi, So where is the documentation for this app? https://splunkbase.splunk.com/app/5399/ The overview comes up with many empty items, there is no required configuration step, so I wonder how useful/reliable this is. thx afx ... View more

Hi, I am trying to port an app that needs access to x509 details to python 3. Splunk does not ship OpenSSL for python3, only python2 and the new way seems to be using cryptography. But that is also not shipped with Splunk 8. On the other hand. Looking at the modules shipped with Python 3 in Splunk 8 I see that they do reference cryptography as a dependency (pyopenssl). Looks a bit weird to me. Theoretically I could just dump cryptography in my app directory. But that also would include a shared object file which seems to be counterproductive when wanting to publish the module outside my organization. Any ideas on how to resolve this? thx afx ... View more

Hi, _introspection reports a higher value for existing memory than the real memory of the machine and also the memory used is wrong (and close to the fake max). OS Tools report the real values which are way lower. Any idea why and how to fix this? If I see this correctly, _introspection is fed by splunkd. A reboot fixed this for now, but what should be done to prevent this from re-apperauing? thx afx   ... View more

I recently switched over my Splunk 8 server to Python 3. Definitely not a nice experience as not just Python itself changed but also some libraries got dropped, most notable OpenSSL. I can understand upgrades like switching from urllib2 to urllib3, but dropping OpenSSL completely? That is rather weird. So I wonder what other silly surprises are lurking and what they are thinking dropping pretty essential libraries. For the time being I switched back. But on the long run, that is not a viable strategy. cheers afx ... View more