Can you look at these sample answers and see if it works.
https://answers.splunk.com/answers/41875/online-interactive-regular-expression-tester-for-splunk-regular-expressions.html
https://answers.splunk.com/answers/417488/how-to-configure-props-and-transformsconf-to-renam.html
... View more
can you check inputs.conf and admon.conf to see that stanzas not configured by you are set to 'disabled=1'
This error shows up because Active Directory query is not returning required values.
... View more
Is the private key added to serverCert? if not, follow this:
https://answers.splunk.com/answers/55395/certificate-errors-for-forwarder.html
... View more
Look for [tcp-ssl] stanza in http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf. It should accept data from non-splunk inputs.
To check if certs are valid, verify with openssl :
openssl verify -CAfile [ca-bundle.crt] [certificate.crt]
Please post splunkd.log errors that you see.
... View more
SAML can be configured without SSO, see this for more details:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Security/HowSAMLSSOworks
... View more
you can use new variant of SSO i.e. Proxy SSO. It does not require user to be present in splunk account. More details here:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Security/AboutProxySSO
... View more
Ldap strategy can point to only one ldap server. However, you can specify multiple ldap strategies, one for each of your servers. In this case, strategies will be same except for host.
Specify those strategies in authSettings as comma separated values. Splunk will attempt to connect to all strategies.
https://docs.splunk.com/Documentation/Splunk/6.4.2/Admin/Authenticationconf
... View more
Your server.conf seems to have only apps.splunk.com as the SSL common name. If you want to allow client with CN=cdn.apps.splunk.com then you will have to update applicationsManagement stanza:
https://docs.splunk.com/Documentation/Splunk/6.4.2/Admin/Serverconf
... View more