About DerekB

DerekB · ‎01-25-2017

If I have thousands of unix hosts, will I run into a problem with the Unix app working correctly? Is there some kind of limit of number of hosts for this app to work successfully?

DerekB · ‎08-25-2016

Double check your Account and/or Input names do not have any spaces in them. If they do, delete and recreate without spaces and you should be able to get this certificate to generate successfully.

DerekB · ‎08-25-2016

I'm going through the process of setting up the Splunk Add-on for Microsoft Cloud Services and when I get to the certificate piece, I constantly get the "Auto-generated but invalid" message. I've tried both custom and auto generated and it's always this error. What can I do to fix this?

DerekB · ‎07-26-2016

This is a known bug and fixed in 6.3.2. Try the latest release and see if that helps you.

DerekB · ‎07-26-2016

This is a known bug SPL-108433 and fixed in 6.3.2. Try the latest version and see if that helps.

DerekB · ‎01-26-2016

Ubuntu was the OS.

DerekB · ‎01-26-2016

Check your TLS setting. In this case, it was found that the "TLS" delivery had been set for email settings. No credentials or target defined. Reset the TLS delivery to "none" and that restored e-mail flow from Search Head

DerekB · ‎01-26-2016

I have a scheduled alert configured and I am not receiving any email from it. The search is valid and matches records. I have the proper permissions. Alert history shows 'successful' result and job inspection shows e-mail was sent. Where is my email?

DerekB · ‎09-15-2015

Take a look at the python_modular_input.log file. This will give you clues as to what is happening. In this case, a field called _time was created and that is not allowed. I saw this error message: ERROR pid=7888 tid=identity file=lookup_modinput.py:streaming_merge_task:283 | status="Exception when reading input files" exc=Field names cannot start with an underscore: '_time' Once the field was corrected to not start with an underscore, things worked fine.

DerekB · ‎09-15-2015

If I run: | inputlookup identities.csv xxxx results That shows a different count in the results than | datamodel("Identity_Management", "All_Identities") yyyy results What is going on? I thought I built my indentities.csv correctly.

DerekB · ‎09-04-2015

Just sent you an email from a support ticket to help get this fixed.

DerekB · ‎04-15-2015

The problem here is because the multikv.conf file that is located in the Splunk_TA_aws does not exist on the indexer. In this case, it was only installed on the search head. To remove the error, either install the Splunk_TA_aws on the indexer or copy the multikv.conf file located in etc/apps/Splunk_TA_aws/default from the search head to the indexer and then restart the splunk service.

DerekB · ‎04-15-2015

If I click through the Data Summary box and select sourcetype = cloudwatch, I receive the following error message from my indexers: Failed to find a valid configuration for multikv stanza = 'tsv_cloudwatch'

DerekB · ‎02-26-2015

This is acting like it's missing the ListQueues permission. Review the AWS permissions that are configured and make sure the following are setup: Required permission for the SQS subscribed to the S3 bucket that collects CloudTrail logs: ReceiveMessage, SendMessage, ListQueues, GetQueueUri Per this doc page: http://docs.splunk.com/Documentation/AddOns/latest/AWS/ConfigureAWSpermissions

DerekB · ‎02-26-2015

I'm trying to configure Cloudtrail in the Splunk for AWS app. I fill in my fields and click on the SQS queue name drop down field and I get the following error: Failed to fetch data: In handler 'splunk_ta_aws_sqs_queue_names': Unexpected error "" from python handler: "'SSLError' object has no attribute 'status'". See splunkd.log for more details. Why? (This is a work in progress, no final answer yet.)

Posts	62
Solutions	20
Karma Given	279
Karma Received	168
Member Since	‎07-06-2012

Online Status	Offline
Date Last Visited	‎02-21-2023 01:54 PM

With the latest version of the Splunk App for Unix...

Getting an "invalid certificate" error when using ...

Why is my scheduled alert not sending email?

An update was made to the identities.csv and now I...

Why am I seeing this error? Failed to find a valid...

Clicking on the "SQS queue name" field in the Splu...

When trying to start Splunk, I'm getting an "execv...

How can I change the default hostname in Splunk?

How can I tell what version of python my Splunk in...

I upgraded to 6.1 and now Splunk is crashing while...

With the latest version of the Splunk App for Unix...

Re: Getting an "invalid certificate" error when us...

Getting an "invalid certificate" error when using ...

Re: How do I set permissions for 'View Results in ...

Re: Why am I getting "The view you requested could...

Re: Why is my scheduled alert not sending email?

Re: Why is my scheduled alert not sending email?

Why is my scheduled alert not sending email?

Re: An update was made to the identities.csv and n...

An update was made to the identities.csv and now I...

Re: Splunk Cloud user invitation login

Re: Why am I seeing this error? Failed to find a v...

Why am I seeing this error? Failed to find a valid...

Re: Clicking on the "SQS queue name" field in the ...

Clicking on the "SQS queue name" field in the Splu...