×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
scentoni_splunk
Splunk Employee
Member since: ‎02-17-2015
a month ago
Community Statistics
Posts 5
Solutions 0
Karma Given 16
Karma Received 4
Member Since ‎02-17-2015
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Why am I getting error "Data channel is missin...

by Splunk Employee in Splunk Enterprise
‎07-28-2023 04:30 PM
‎07-28-2023 04:30 PM
From About HTTP Event Collector Indexer Acknowledgment: Channels are designed so that you assign a unique channel to each client that sends data to HEC. Each channel has a channel identifier (ID), which must be a Globally Unique Identifier (GUID) but can be randomly generated. You assign channel IDs simply by including them in requests as shown in the examples above. When Splunk Enterprise sees a new channel identifier, it creates a new channel.  One way to create unique GUIDs is with the Python module uuid. Here is an example of how to do that with a GUID constructed from the local machine's hostname: export HEC_CHANNEL=$(python3 -c "import os, uuid; print(str(uuid.uuid3(uuid.NAMESPACE_DNS, os.uname()[1])))") curl \ -k \ https://$HEC_HOST:8088/services/collector/event \ -H "Authorization: Splunk $HEC_TOKEN" \ -H "X-Splunk-Request-Channel: $HEC_CHANNEL" \ -d '{"sourcetype": "mysourcetype", "event": "http auth ftw! with ACKS"}'   ... View more

Re: Matching tcpdump data

by Splunk Employee in Splunk Search
‎07-10-2023 06:22 PM
‎07-10-2023 06:22 PM
Sorry this is probably too late to help you, but maybe it will help others trying to do this: | eval channel=if( srcip . srcport < dstip . dstport, printf("%s:%s-%s:%s",srcip,srcport,dstip,dstport), printf("%s:%s-%s:%s",dstip,dstport,srcip,srcport)) | transaction channel What you want to compare is not exactly a 4-tuple but a set of two 2-tuples. Since the directionality is not relevant, we arbitrarily sort the list of two (ip,port) 2-tuples {src, dst} so that the first one is less than the second one. ... View more

Re: RPM GPG signing key

by Splunk Employee in Installation
‎05-01-2018 05:38 PM
1 Karma
‎05-01-2018 05:38 PM
1 Karma
You can view the public key and installation instructions at the PGP Public Key documentation page http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey you can download the public key using curl -O https://docs.splunk.com/images/6/6b/SplunkPGPKey.pub ... View more

Re: How to configure for ISO 8601 date and time di...

by Splunk Employee in Getting Data In
‎06-24-2015 02:06 PM
2 Karma
‎06-24-2015 02:06 PM
2 Karma
This is not the answer you want, but may help others that are looking to format a field in ISO 8601 format. Try sourcetype="access_combined" |eval iso8601time=strftime(_time,"%Y-%m-%dT%H:%M:%S%z") |table _time, iso8601time _time iso8601time 2015-06-24 14:01:59 2015-06-24T14:01:59-0700 2015-06-24 14:01:40 2015-06-24T14:01:40-0700 2015-06-24 14:01:31 2015-06-24T14:01:31-0700 ... View more

Re: Capitalize the first character of a string val...

by Splunk Employee in Splunk Search
‎06-23-2015 03:56 PM
1 Karma
‎06-23-2015 03:56 PM
1 Karma
Try this | eval myfield = upper(substr(myfield,1,1)).lower(substr(myfield,2)) ... View more
Contact Me
Online Status
Offline
Date Last Visited
a month ago
Karma given to