×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
scentoni_splunk
Splunk Employee
Member since: ‎02-17-2015
‎05-29-2025
Community Statistics
Posts 5
Solutions 0
Karma Given 17
Karma Received 4
Member Since ‎02-17-2015
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Why am I getting error "Data channel is missin...

by Splunk Employee in Splunk Enterprise
‎07-28-2023 04:30 PM
‎07-28-2023 04:30 PM
From About HTTP Event Collector Indexer Acknowledgment: Channels are designed so that you assign a unique channel to each client that sends data to HEC. Each channel has a channel identifier (ID), which must be a Globally Unique Identifier (GUID) but can be randomly generated. You assign channel IDs simply by including them in requests as shown in the examples above. When Splunk Enterprise sees a new channel identifier, it creates a new channel.  One way to create unique GUIDs is with the Python module uuid. Here is an example of how to do that with a GUID constructed from the local machine's hostname: export HEC_CHANNEL=$(python3 -c "import os, uuid; print(str(uuid.uuid3(uuid.NAMESPACE_DNS, os.uname()[1])))") curl \ -k \ https://$HEC_HOST:8088/services/collector/event \ -H "Authorization: Splunk $HEC_TOKEN" \ -H "X-Splunk-Request-Channel: $HEC_CHANNEL" \ -d '{"sourcetype": "mysourcetype", "event": "http auth ftw! with ACKS"}'   ... View more

Re: Matching tcpdump data

by Splunk Employee in Splunk Search
‎07-10-2023 06:22 PM
‎07-10-2023 06:22 PM
Sorry this is probably too late to help you, but maybe it will help others trying to do this: | eval channel=if( srcip . srcport < dstip . dstport, printf("%s:%s-%s:%s",srcip,srcport,dstip,dstport), printf("%s:%s-%s:%s",dstip,dstport,srcip,srcport)) | transaction channel What you want to compare is not exactly a 4-tuple but a set of two 2-tuples. Since the directionality is not relevant, we arbitrarily sort the list of two (ip,port) 2-tuples {src, dst} so that the first one is less than the second one. ... View more

Re: RPM GPG signing key

by Splunk Employee in Installation
‎05-01-2018 05:38 PM
1 Karma
‎05-01-2018 05:38 PM
1 Karma
You can view the public key and installation instructions at the PGP Public Key documentation page http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey you can download the public key using curl -O https://docs.splunk.com/images/6/6b/SplunkPGPKey.pub ... View more

Re: How to configure for ISO 8601 date and time di...

by Splunk Employee in Getting Data In
‎06-24-2015 02:06 PM
2 Karma
‎06-24-2015 02:06 PM
2 Karma
This is not the answer you want, but may help others that are looking to format a field in ISO 8601 format. Try sourcetype="access_combined" |eval iso8601time=strftime(_time,"%Y-%m-%dT%H:%M:%S%z") |table _time, iso8601time _time iso8601time 2015-06-24 14:01:59 2015-06-24T14:01:59-0700 2015-06-24 14:01:40 2015-06-24T14:01:40-0700 2015-06-24 14:01:31 2015-06-24T14:01:31-0700 ... View more

Re: Capitalize the first character of a string val...

by Splunk Employee in Splunk Search
‎06-23-2015 03:56 PM
1 Karma
‎06-23-2015 03:56 PM
1 Karma
Try this | eval myfield = upper(substr(myfield,1,1)).lower(substr(myfield,2)) ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-29-2025 12:40 PM
Karma given to