Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About afx
afx
Contributor
Member since:
05-02-2019
11-12-2021
Community Statistics
| Posts | 139 |
| Solutions | 7 |
| Karma Given | 9 |
| Karma Received | 20 |
| Member Since | 05-02-2019 |
Activity Feed
- Got Karma for Limit DB Connect Query Seever to localhost. 4 weeks ago
- Posted Re: How to Splunk the SAP Security Audit Log on Getting Data In. 11-12-2021 05:13 AM
- Got Karma for Re: Why does splunk need to be installed as root?. 08-02-2021 01:57 AM
- Got Karma for How to Splunk the SAP Security Audit Log. 04-21-2021 01:12 PM
- Posted Re: Documentation for Knowledge Object Overview App for Splunk on All Apps and Add-ons. 03-11-2021 04:30 AM
- Posted Re: Documentation for Knowledge Object Overview App for Splunk on All Apps and Add-ons. 03-10-2021 06:59 AM
- Posted Documentation for Knowledge Object Overview App for Splunk on All Apps and Add-ons. 03-10-2021 12:45 AM
- Posted Re: CMMaster - Unable to send scheduled jobs on Splunk Enterprise. 03-05-2021 12:31 AM
- Posted Re: JRE/JDK shipped with Splunk Enterprise? on Installation. 01-25-2021 08:53 AM
- Posted Re: JRE/JDK shipped with Splunk Enterprise? on Installation. 01-25-2021 04:45 AM
- Posted Re: JRE/JDK shipped with Splunk Enterprise? on Installation. 01-25-2021 12:39 AM
- Posted Re: JRE/JDK shipped with Splunk Enterprise? on Installation. 01-22-2021 06:37 AM
- Posted JRE/JDK shipped with Splunk Enterprise? on Installation. 01-22-2021 12:52 AM
- Tagged JRE/JDK shipped with Splunk Enterprise? on Installation. 01-22-2021 12:52 AM
- Got Karma for Alert Manager: How to suppress follow on alerts. 12-30-2020 11:42 PM
- Posted How to access x509 objects in Splunk 8 / Python 3? on Building for the Splunk Platform. 12-05-2020 11:14 AM
- Posted _introspection shows wrong memory usage for the deployment server on Monitoring Splunk. 11-30-2020 12:34 AM
- Posted Re: Alert Manager: How to suppress follow on alerts on All Apps and Add-ons. 11-29-2020 11:48 PM
- Posted Alert Manager: How to suppress follow on alerts on All Apps and Add-ons. 11-25-2020 02:57 AM
- Karma Re: How can i change the time format in Splunk web? for grijhwani. 11-24-2020 09:36 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
03-11-2021
04:30 AM
Brilliant. One gets pointed to the app on splunk ideas by splunk employees that claim this app already fulfills part of the requirements for better audit and state this is step one of what they are working on. Not really confidence inspiring.
... View more
03-10-2021
06:59 AM
Well, I would think Splunk documents their own apps.
... View more
03-10-2021
12:45 AM
Hi, So where is the documentation for this app? https://splunkbase.splunk.com/app/5399/ The overview comes up with many empty items, there is no required configuration step, so I wonder how useful/reliable this is. thx afx
... View more
Labels
- Labels:
-
administration
-
configuration
01-25-2021
08:53 AM
Splunk definitely did ship OpenJDK in 8.0.4.1, just download the RPM and check. It is gone in 8.1.1. That's why I had those artifacts and the reports from our compliance team.
... View more
01-25-2021
04:45 AM
Then please explain the OpenJDK artefacts from splunk_archiver under var/run. They make no sense for stuff that is just kept in case it is needed. Our compliance team found the following executable at some time: /splunk/var/run/searchpeers/splunkds-1608544850/apps/splunk_archiver/java-bin/jars/vendors/java/OpenJDK8U-jre_x64_linux_hotspot_8u242b08/bin/java Right now it is gone. Only the directory up to /splunk/var/run/searchpeers/splunkds-1608544850/apps/splunk_archiver/java-bin/jars/ still exists, the bin subdirectory is gone right now.
... View more
01-25-2021
12:39 AM
Even more puzzling then isn't it? Add the artifacts viewable under var/run it becomes a real mystery. This all popped up because our compliance guys ran scans for java runtimes and found them on my splunk servers but they seem to show up only temporarily. My current assumption is that they are unpacked from some place in Splunk at runtime.
... View more
01-22-2021
06:37 AM
Got to /splunk/bin and check the jars directory. Then go to /splunk/apps/splunk_archiver and check there. Or grep for jar in the manifest. All shipped with Splunk.
... View more
01-22-2021
12:52 AM
Hi, Is Splunk Enterprise shipped with a JRE? IT contains a lot of JARs.. Did not find a typical JRE though. If yes do I find the exact version? How often does Splunk update it? If no, why all the JARs? When looking under var/run/searchpeers I see references from the splunk archiver to OpenJDK8U but only directories, no binaries. thx afx
... View more
Labels
- Labels:
-
other
12-05-2020
11:14 AM
Hi, I am trying to port an app that needs access to x509 details to python 3. Splunk does not ship OpenSSL for python3, only python2 and the new way seems to be using cryptography. But that is also not shipped with Splunk 8. On the other hand. Looking at the modules shipped with Python 3 in Splunk 8 I see that they do reference cryptography as a dependency (pyopenssl). Looks a bit weird to me. Theoretically I could just dump cryptography in my app directory. But that also would include a shared object file which seems to be counterproductive when wanting to publish the module outside my organization. Any ideas on how to resolve this? thx afx
... View more
11-30-2020
12:34 AM
Hi, _introspection reports a higher value for existing memory than the real memory of the machine and also the memory used is wrong (and close to the fake max). OS Tools report the real values which are way lower. Any idea why and how to fix this? If I see this correctly, _introspection is fed by splunkd. A reboot fixed this for now, but what should be done to prevent this from re-apperauing? thx afx
... View more
Labels
11-29-2020
11:48 PM
Absolutely yes please. So far I have only been toying with Alert manager. That feature would make it production worthy 😉 thx afx
... View more
11-25-2020
02:57 AM
1 Karma
Hi, looks like I am missing something. I have a Splunk alert that is a bit spammy. I would like to use the Alert Manager app to give me one alert a day, basically the first time this alert shows up. And be quiet for the rest of the day, just increase the duplicate counter. I can get alerts to be counted as duplicates, but I still get e-mails for all of them. I have not found a way in the suppression rules to hide follow on alerts. thx afx
... View more
Labels
- Labels:
-
administration
-
configuration
10-04-2020
11:35 PM
Sorry, no idea. To me the posted example feels like it was preprocessed somehow. And from the SAP blog post, it should not matter whether RSAU or SM19 control.
... View more
08-13-2020
04:38 AM
I recently switched over my Splunk 8 server to Python 3. Definitely not a nice experience as not just Python itself changed but also some libraries got dropped, most notable OpenSSL. I can understand upgrades like switching from urllib2 to urllib3, but dropping OpenSSL completely? That is rather weird. So I wonder what other silly surprises are lurking and what they are thinking dropping pretty essential libraries. For the time being I switched back. But on the long run, that is not a viable strategy. cheers afx
... View more
Labels
- Labels:
-
development
-
upgrade
07-31-2020
01:30 AM
Thank you, that seems to work out of the Box. Some simple use cases without password ran on the first try. thx afx
... View more
07-30-2020
12:51 AM
Hi, I just installed the "App for REST Lookup" https://splunkbase.splunk.com/app/4253/ on my Splunk 8 SH. The details talk about a setup screen but I do not see any. But I see loads of error in the log: 07-30-2020 09:47:43.591 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/DBData/bin/dbdata.py" raise RuntimeError('Failed to parse transport header: {}'.format(header))
07-30-2020 09:47:43.591 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/DBData/bin/dbdata.py" File "/opt/splunk/etc/apps/DBData/bin/splunklib/searchcommands/search_command.py", line 866, in _read_chunk
07-30-2020 09:47:43.591 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/DBData/bin/dbdata.py" metadata, body = self._read_chunk(ifile)
07-30-2020 09:47:43.591 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/DBData/bin/dbdata.py" File "/opt/splunk/etc/apps/DBData/bin/splunklib/searchcommands/search_command.py", line 658, in _process_protocol_v2
07-30-2020 09:47:43.591 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/DBData/bin/dbdata.py" Traceback:
07-30-2020 09:47:43.591 +0200 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/DBData/bin/dbdata.py" RuntimeError at "/opt/splunk/etc/apps/DBData/bin/splunklib/searchcommands/search_command.py", line 866 : Failed to parse transport header: U_i7UanLSoQNucQe9p8fvoPRxcC3dy_WKnCtgqt1_gVhrVCwyDW_z2yXBPu7xZbJXJQh6P^q0_gVSO4Ni9MF_nifVBNrTYwDkdk2ND3RqlJQxM4BDyz1^8pFfo0 Has anyone used that App with Splunk 8? thx afx
... View more
Labels
- Labels:
-
configuration
-
troubleshooting
07-06-2020
08:01 AM
Hi, I see error messages from the exec processor on my Splunk DB Connect installs where dbxquery complains about input that suspiciously looks like stuff from Nessus. So it seems that dbxquery is listening on the Ethernet. How can I stop that? Me thinks it should listen only on localhost if it needs to listen at all. thx afx
... View more
Labels
- Labels:
-
configuration
07-06-2020
06:47 AM
Thanks! interesting that this worked in v7. I always thought I had to have a values without field to get any data at all from the model. thx afx
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-12-2021
10:49 AM
|
Karma from
Karma given to
