One thing I have noticed is that if there is an error anywhere in the outputs.conf file, Splunk will not hash the password. Also, contrary to what some have said, you must have the password in plaintext, and let the splunk instance hash the password on startup. Even if you are copying the SSL certs from another forwarder and try to just copy the outputs.conf file, for us at least we needed to re-enter the password again in plaintext.
Might not help you, but I'd be sure to look in the splunkd logs and other logs for errors centered around the outputs.conf file and SSL connection. Banged my head for a day looking for the cause of this only to find that due to a syntax error in my outputs.conf file the parsing failed and the password was never even read.
We are using 6.2.1 btw.
... View more
I am wondering if it is possible to have a Splunk alert trigger a script that sends an SNMP message to a waiting Windows client that will then display a pop-up? We have operators who are monitoring our systems on Windows machines using SNMP already, but we would like for a pop-up to be displayed alerting them that there is an alert in Splunk, without them having to manually refresh the web GUI to see that there is one.
Examples of both the client and server side scripts would be appreciated as I am new to this kind of scripting. Also, it would be difficult (not impossible however) to arbitrarily install new software onto the monitoring Windows machines our operators are using, which is why I stressed batch scripts.
Ideally we'd like to have a pop-up in the browser since that seems like an easier to implement solution since that would only require work on the Splunk server side, but so far I have not found any indication that this would be possible in Splunk.
... View more