cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sarmstrong_splu
Splunk Employee
Member since: ‎07-02-2012
‎03-28-2022
Community Statistics
Posts 6
Solutions 0
Karma Given 53
Karma Received 24
Member Since ‎07-02-2012
Activity Feed
View All

Re: Splunk 7.2.0 - Field Aliases incorrect behavio...

by Splunk Employee in Splunk Dev
‎12-06-2019 09:06 AM
‎12-06-2019 09:06 AM
Do you mean to say to use the coalesce in place of the fieldalias definition? ... View more

Re: After upgrading to Splunk 6.3, why is the Splu...

by Splunk Employee in All Apps and Add-ons
‎01-13-2016 12:08 PM
1 Karma
‎01-13-2016 12:08 PM
1 Karma
Here is how to modify SA-ldapsearch for non-distributed mode: http://docs.splunk.com/Documentation/SA-LdapSearch/2.1.2/User/Workaroundfordefaultconfigstanzaerrorsindistributedenvironments ... View more

Re: Splunk Support for Active Directory: "ERROR Th...

by Splunk Employee in All Apps and Add-ons
‎11-30-2015 07:40 AM
9 Karma
‎11-30-2015 07:40 AM
9 Karma
Assuming that (1) you're on Splunk 6.3 and (2) the SH has got access to ActiveDirectory this problem is easily solved by a one line change to each of the files: sa-ldapsearch/bin/ {ldapfilter.py,ldapgroup.py,ldapsearch.py,ldapfetch.py, ldaptestconnection.py} Here’s the change to make in each file: Change this: @Configuration() to: @Configuration(local=True) [If you already have something within the ()'s, just add the local=True to what's already there.] If you’re running on Splunk 6.2 or lower, you should add this line to each stanza in sa-ldapsearch/default/command.conf: local = true Save the files and restart the Splunk instance on the Search Head(s). Retest to verify the workaround worked. ... View more

Re: WinEventLog:Security/Application/System events...

by Splunk Employee in All Apps and Add-ons
‎07-01-2013 08:54 AM
8 Karma
‎07-01-2013 08:54 AM
8 Karma
The issue appears to a comment that was left in the default/inputs.conf file. I've filed bug MSAPP-1200 to get it fixed for the next update. Removing this comment and restarting the instance resolves the issue. # # Perfmon Collection #[perfmon://Processor] <----- This is the issue. object = Processor counters = * instances = * interval = 10 disabled = 0 index=perfmon [perfmon://Memory] object = Memory counters = * interval = 10 disabled = 0 index=perfmon [perfmon://Network_Interface] object = Network Interface counters = * instances = * interval = 10 disabled = 0 index=perfmon [perfmon://DNS] object = DNS counters = * interval = 10 disabled = 0 index=perfmon ... View more

WinEventLog:Security/Application/System events are...

by Splunk Employee in All Apps and Add-ons
‎07-01-2013 08:47 AM
2 Karma
‎07-01-2013 08:47 AM
2 Karma
When using the TA-DNSServer-NT6 TA from the Splunk for AD app (1.2.0) on a DC, the windows events from that server are not going into the 'winevents' index as they should be, instead going to the 'perfmon' index. ... View more

Re: splunkd crash during startup - Assertion `byte...

by Splunk Employee in Monitoring Splunk
‎03-05-2013 09:53 AM
4 Karma
‎03-05-2013 09:53 AM
4 Karma
Possible workaround for this bug: Check your props.conf files on the instance that is crashing due to this bug, and if there are any 'CHECK_METHOD = modtime or entire_md5, comment them out and restart the instance. Be sure to check under the app contexts as well. A customer found one under the *nix app, and that was the only occurrence he found (not under the default, that is). After commenting it out, it started up as expected. (The fix for SPL-58292 is expected to come in an upcoming maintenance release) ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-28-2022 02:08 PM