Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Tony4688
Tony4688
Explorer
Member since:
10-13-2021
11-14-2021
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 1 |
| Member Since | 10-13-2021 |
Activity Feed
- Posted Re: Issue with Telegram Alert Action: Can not configure the action on Monitoring Splunk. 11-14-2021 08:04 PM
- Posted Issue with Telegram Alert Action: Can not configure the action on Monitoring Splunk. 11-07-2021 08:53 PM
- Tagged Issue with Telegram Alert Action: Can not configure the action on Monitoring Splunk. 11-07-2021 08:53 PM
- Tagged Issue with Telegram Alert Action: Can not configure the action on Monitoring Splunk. 11-07-2021 08:53 PM
- Got Karma for Re: How to troubleshoot when KVStore is failed. 10-14-2021 09:43 AM
- Posted Re: How to troubleshoot when KVStore is failed on Splunk Enterprise Security. 10-14-2021 08:42 AM
- Karma Re: How to troubleshoot when KVStore is failed for Stefanie. 10-14-2021 08:35 AM
- Posted Re: How to troubleshoot when KVStore is failed on Splunk Enterprise Security. 10-14-2021 07:33 AM
- Karma Re: How to troubleshoot when KVStore is failed for Stefanie. 10-14-2021 07:28 AM
- Posted Re: How to troubleshoot when KVStore is failed on Splunk Enterprise Security. 10-14-2021 03:56 AM
- Posted Re: How to troubleshoot when KVStore is failed on Splunk Enterprise Security. 10-14-2021 03:28 AM
- Posted Re: How to troubleshoot when KVStore is failed on Splunk Enterprise Security. 10-14-2021 01:29 AM
- Posted Re: How to troubleshoot when KVStore is failed on Splunk Enterprise Security. 10-13-2021 07:43 PM
- Posted Re: How to troubleshoot when KVStore is failed on Splunk Enterprise Security. 10-13-2021 07:32 PM
- Karma Re: How to troubleshoot when KVStore is failed for Stefanie. 10-13-2021 07:21 PM
- Posted How to troubleshoot when KVStore is failed on Splunk Enterprise Security. 10-13-2021 04:23 AM
- Tagged How to troubleshoot when KVStore is failed on Splunk Enterprise Security. 10-13-2021 04:23 AM
Topics I've Started
11-14-2021
08:04 PM
I had solved the issue by this way: 1> Add the Telegram alert action for the alerts in Web UI, and Save the changes. 2> Make SSH session to SearchHead server, find and open the file that contains configurations of the alerts that were added Telegram alert action, and add more 5 lines below the line "action.telegram = 1" and save the changes: action.telegram.param.bot_id = Bot-ID action.telegram.param.chat_id = Chat-ID action.telegram.param.severity = Low/Medium/High/Critical action.telegram.param.event_title = Alert title action.telegram.param.message = Alert message 3> Finally, reload/restart Splunk in SH server, and enjoy the results! Anyway, thanks for your helps!
... View more
11-07-2021
08:53 PM
Hello everyone, I installed Telegram Alert Action app (https://splunkbase.splunk.com/app/3703/) for my SearchHead server (Splunk Enterprise 8.0.6) successfully. But when i add Telegram Alert action for all alerts, i can not see any its configurations as below image: Could any one tell me what is this issue? Thanks very much!
... View more
Labels
10-14-2021
08:42 AM
1 Karma
As i said, KvStore-MongoDB made overload inode and it's failed. After i restart Splunk, MongoDB and KvStore work properly now, but i have to take care the inode indication from now to sure KvStore won't be failed again (i have increased disk capacity to increased disk inode from 16M to 97M). Anyway, thanks for your helps!
... View more
10-14-2021
07:33 AM
I use "df -hT" and "df -hiP" commands to check SH server and see everything is normal, but i think inode is full when KvStore still run normal before it's failed. I 'll try to only restart Splunk in SH server and will see what happend then tell you later, thanks!
... View more
10-14-2021
03:56 AM
I see these messages in mongod.log: 2021-10-12T09:14:58.012Z W FTDC [ftdc] Uncaught exception in 'FileNotOpen: Failed to open interim file /opt/splunk/var/lib/splunk/kvstore/mongo/diagnostic.data/metrics.interim.temp' in full-time diagnostic data capture subsystem. Shutting down the full-time diagnostic data capture subsystem. 2021-10-12T09:15:06.842Z I CONTROL [journal writer] LogFile::synchronousAppend failed with 8192 bytes unwritten out of 8192 bytes; b=0x5612eed8a000 No space left on device 2021-10-12T09:15:06.842Z F - [journal writer] Fatal Assertion 13515 at src/mongo/db/storage/mmap_v1/logfile.cpp 250 2021-10-12T09:15:06.842Z F - [journal writer] ***aborting after fassert() failure 2021-10-12T09:15:06.859Z F - [journal writer] Got signal: 6 (Aborted).
... View more
10-14-2021
03:28 AM
I found a message that could be the reason to make KvStore failed as below: Configuration file settings may be duplicated in multiple apps: stanza="[App-stanza-name] ALERT: Login firewall failure" conf_type="savedsearches" apps="app-name,app-name"
... View more
10-14-2021
01:29 AM
Do you think the reason has relation with update domain process of feature "Threat intelligent" of app "Enterprise Security" ?
... View more
10-13-2021
07:43 PM
Do you think the reason has relation with update domain process of feature "Threat intelligent" of app "Enterprise Security" ?
... View more
10-13-2021
07:32 PM
Hi Stefanie, Restart Splunk in SH is the last solution, i want to resolve issue perpectly. I found the issue has relation with feature "Threat intelligent" of app "Enterprise Security" as attached images. Could you check the images to investigate more detailed? Many thanks!
... View more
10-13-2021
04:23 AM
Hi, I deployed Splunk distributed topology. Now my server Search Head has issue: KVStore is on failed state (it make app "Enterperise Security" failed too). I checked "/opt/splunk/var/log/splunk/splunkd.log" and found the below logs: ========================================== 10-13-2021 18:14:03.127 +0700 ERROR DataModelObject - Failed to parse baseSearch. err=Error in 'inputlookup' command: External command based lookup 'correlationsearches_lookup' is not available because KV Store initialization has failed. Contact your system administrator., object=Correlation_Search_Lookups, baseSearch=| inputlookup append=T correlationsearches_lookup | eval source=_key | eval lookup="correlationsearches_lookup" | append [| `notable_owners`] | fillnull value="notable_owners_lookup" lookup | append [| `reviewstatuses`] | fillnull value="reviewstatuses_lookup" lookup | append [| `security_domains`] | fillnull value="security_domain_lookup" lookup | append [| `urgency`] | fillnull value="urgency_lookup" lookup 10-13-2021 18:14:30.350 +0700 ERROR KVStorageProvider - An error occurred during the last operation ('replSetGetStatus', domain: '15', code: '13053'): No suitable servers found (`serverSelectionTryOnce` set): [connection closed calling ismaster on '127.0.0.1:8191'] 10-13-2021 18:14:30.350 +0700 ERROR KVStoreAdminHandler - An error occurred. =============================== Could anyone help me to troubleshoot this issue to solve it? Thanks so much!
... View more
- Tags:
- kvstore
Labels
