Hi @Azeemering , In the new Azure Addon version, the interface and settings have been changed. So if you are trying with the old local config like Passwords.conf&ta_ms_aad_settings.conf it will not work in the new version. Try to do a fresh config and erase all the old configs.
... View more
Hi @Marius732 , The best way is to test the custom Alert Action is through the Splunk Add-on builder. I usually create the custom Alert action and test the code with the help of the Addon builder and if there is an issue with the code you can able to find it out while testing. https://splunkbase.splunk.com/app/2962/
... View more
Hi @Marius732 , It is not a Splunk error it is your script error it is saying the Pycurl module unable to identify the curl attribute. c = pycurl.Curl() AttributeError: module 'pycurl' has no attribute 'Curl'
... View more
HI @Marius732 , Try to create one Add-on for the custom alert action. And download the pycurl module package and place it inside the Addon. <Addon name>/bin/<Addon Name>/Place the pycurl module package here And place the custom Alert action script inside <Addon name>/bin/custom_alert_script.py and see if it works or not.
... View more
Hi @anandhalagaras1 , Yes remove the Splunkforwarder package and keep only the Splunk package. In Linux, any Splunk command should run with (./) as a prefix. Whereas in windows you can run the Splunk commands without (./) as a prefix.
... View more
Hi @nc_lks , To resolve this issue first take the data and ingest in splunk through Add-Data option then go to advanced settings and select charset and try all encoding languages one will definitely work.
... View more
Hi @mnagpal87, The fundamentals 1 course validity for only 30 days.After that the course will be expired and you cant access the course modules.
... View more
Hi @Noorzai , Since ITSI is a premium app the download option will not be available for everyone. If your company buys the ITSI premium app then you can request Splunk to provide access for downloading the package. Then download option will be available to you.
... View more
Hi @pavanbmishra , Can you try with the below eval and see the result. EVAL-XYZ = case(src== "AAA", "field1", src== "BBB", "field2" , src== "CCC", "field3") And also make sure you are able to see the mentioned src fields values in the case.
... View more
Hi @pavanbmishra, Did you verify the local.meta of your apps folder? And also the after placing the props.conf in search head can you quickly restart and check if it is a single instance. For distributed search head cluster no restart required. The only eval is not working all other fields are working fine?
... View more
HI @pavanbmishra, The eval -xyz filed name have you used anywhere else in the same props. conf? And where exactly have you placed the props. conf?
... View more
Hi @emallinger, Did you check the connectivity from your forwarder to the deployment server? is it connecting? telnet "ip of deploymentserver" 8089
... View more
https://support.auvik.com/hc/en-us/articles/360048078412-How-to-configure-syslog-on-Cisco-devices-with-Firepower-Management-Center https://www.splunk.com/en_us/blog/tips-and-tricks/using-syslog-ng-with-splunk.html
... View more
Hi @ShihabOmar , You can follow below two options to forward router data to Splunk. 1) Router - > syslog(with the help of splunk agent) -> Splunk indexers 2) Router -> Heavy forwarder(Enable the port for listening) ->Splunk indexer.
... View more
Hi @Pavankumar , 1)Can you run the command ./splunk list inputstatus and check the status for /var/log/messages 2) Is there any error in Splunkd.log? go to /opt/splunkforwarder/var/log/splunk cat splunkd.log | grep -i error (check for any errors) 3)Did u restarted the forwarder after deploying the config? And did u check the permissions are the same for /var/log/secure and /var/log/messages?
... View more
Hi @rpearson , Can you go to /opt/splunk/etc/system/local Take a backup and remove the inputs.conf & server. conf. After that restart the Splunk and check.
... View more