×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Pcktech
Explorer
Member since: ‎11-11-2020
‎01-27-2026
Community Statistics
Posts 7
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎11-11-2020
Activity Feed
View All

Re: Splunk DB Connect: How to resolve "Can not com...

by in All Apps and Add-ons
‎04-15-2025 01:55 AM
‎04-15-2025 01:55 AM
Short documentation reminder: https://docs.splunk.com/Documentation/DBX/3.18.2/DeployDBX/Prerequisites "KV store must also be active and working properly as of DB Connect version 3.10.0 and higher" ... View more

Re: Encore / eStreamer Client 4.8.1 Hex Flood or F...

by in All Apps and Add-ons
‎11-08-2021 06:35 AM
‎11-08-2021 06:35 AM
Looks like you're right. It wasn't the issue. I added your whitelist suggestion to help keep the hex out when/if the issue ever occurs again. It didn't help fix the problem, but it kept the garbage out. I also followed the _internal suggestion of increasing the inputs.conf initCrcLength value for the stanza from its default of 256 bytes to 1024 bytes (nice round number). This seemed to help restore data collection after the issue returned today following a restart of Splunk services (and subsequent restarts again didn't help). Hopefully this'll help prevent the issue from recurring. ... View more

Re: Run Adaptive Response & Azure SAML's Lack of A...

by Splunk Employee in Splunk Enterprise Security
‎02-18-2021 01:10 PM
‎02-18-2021 01:10 PM
@Pcktech  Hi! This issue was fixed in 6.4.1. Happy Splunkin! ... View more

Re: Error in 'apply' command: Failed to load model...

by in Splunk Enterprise Security
‎11-11-2020 01:57 PM
1 Karma
‎11-11-2020 01:57 PM
1 Karma
Not sure if you still have this question, but I had the same one and don't like unanswered forum questions (never know who is in need of an answer)... Go to Search, Reports, & Alerts, and find "ESCU - Baseline of SMB Traffic - MLTK" (thanks to https://docs.splunksecurityessentials.com/content-detail/smb_traffic_spike_-_mltk/ for this thread to pull). Enable this saved search, and schedule it hourly (or change its time window from -70/-10min to whatever you like). If you run it manually, be aware that it will save smb_pdfmodel under your user context. So, if you want to test the Correlation Rule before the next scheduled run time: run the saved search "ESCU - Baseline of SMB Traffic - MLTK" and then go to Lookups > Lookup Tables. Look for "smb_pdfmodel" under all Apps and Owners. Click Change Permissions and set it to Global with desired permissions (E.g. everyone read). This should move the smb_pdfmodel to the DA-ESS-ContentUpdate app context. Now the Correlation Rule "SMB Traffic Spike - MLTK" will run successfully.   FYI: You can also find the file at /opt/splunk/etc/apps/DA-ESS-ContentUpdate/lookups/__mlspl_smb_pdfmodel.mlmodel ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-27-2026 06:21 AM
Karma from
View All
Karma given to
View All