You can safely ignore this error message. it will not impact anything in your environment. if you prefer to make it go away, you can edit that file (ssl.conf) and make put "/dev/null" in place of "c:\path\to\cert /path/to/cert" ... View more

I had the same issue after copying a known working server.conf file (with encrypted pass4symmkey) to new peer, and once i had it on the new peer I updated the password (so that it wasnt encrypted) and saved.     BUT then i realized it was in "DOS" format, and I used vim command ":set ff=unix" and then saved.  Switching from DOS to UNIX file format is what mangled it so that it could no longer be used. To resolve, i opened server.conf and removed the encrypted pass4symmkey and replace it with the unencrypted value and restarted. ... View more

Hey first off, nice work everyone! I'd love to help but I don't have a lab to test this in anymore.  Certainly does sound something changed on their end, but without a lab, I can't develop a solution. You can use the contact the developer button on splunkbase to email me and we can discuss your options if you like. ... View more

There have been several attempts made by others, but I haven't tried yet. ... View more

run_in_preview = <boolean> * Whether or not to run this command if generating results just for preview rather than for final output. * Default: true ... View more

https://docs.splunk.com/Documentation/Splunk/8.2.0/Admin/Commandsconf ... View more

Unfortunately I have not enabled the proxy for individual inputs.  You can make an enhancement request on the apps GitHub repo if you like. ... View more

Does the error cause any other issues?  You have the data... sounds like the app works, it's just missing the conf.spec file or something.  I wouldn't worry too much about it if I were you, and I'm happy to add it to the bug list ... View more

Where does this error appear?  ... View more

If you're using server.pem in any of those config files then yes. ... View more

Auto mode only scans for certs that are in use in your default and local conf files that possibly contain links to pem files. that is to say, if you're using the cert in web, server, inputs, outputs,  Distsearch, conf files, the ssl checker app in auto mode, will discover you have specified a cert in one of those files and index its expiration date. ... View more

For the restor.sh, change splunkExePath to splunkBinPath everywhere you see it mentioned. ... View more

If they are all in the same index you can do this:      index=index | stats count by message_subject OR      index=index message_subject="[TNT-" OR message_subject="[CyberIntel Confidential]" OR message_subject="[CyFin" | stats count by message_subject   If they are in different indexes, you can do this:      index=index1 message_subject="[TNT-" OR index=index2 message_subject="[CyberIntel Confidential]" OR index=index3 message_subject="[CyFin" | stats count by message_subject ... View more

Lol, I'll do what I can!  Trying not to leave you holding a bag of bolts! ... View more

Im interested enough to spend some time on it tonight / tomorrow morning. This is a common issue and we need to nail it down. If you submit the issue on github i will share the "fame" with you  / give you "credit" for reporting the bug.  If things happen in my life (and they do often due to big family)... i might get distracted though.  So having the issue there serves as a reminder. Thanks, JKat54 ... View more

Yeah, its something to do with SPL filter mechanisms and nested dictionaries in json. Can you file a issue over on our github? https://github.com/bentleymi/TA-webtools/issues If you'll submit it with all the same details we will get to it as soon as we can. ... View more