cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
dkmcclory
Explorer
Member since: ‎01-12-2022
2 weeks ago
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎01-12-2022
View All

Re: Splunk App Development - Scheduling API calls

by in Splunk Dev
2 weeks ago
2 weeks ago
I've read the documentation for how to accept input for things like "Interval" (typically in seconds) which I think is your point #1.  That explains how to get the settings configured, but not how to actually achieve the scheduled interval when running your API calls. As for alerts and scheduled reports - it seems like what you are saying is one approach is to write some code that will generate custom SPL functions that will call your API, then use the normal search scheduler to make that custom function run on a regular basis.  That sounds oddly difficult - is that a common approach that technical app developers use for scheduling their API calls? ... View more

Splunk App Development - Scheduling API calls

by in Splunk Dev
2 weeks ago
2 weeks ago
I'm trying to understand how Splunk apps that interface with other systems via an API get their API calls scheduled.  I'm not a Splunk app developer - just an admin curious about how the apps loaded on my Splunk environment work.   When you install and configure an app that has a polling interval configured within it, how does Splunk normally control the periodic execution of that API call?  Does it use the Splunk scheduler, or does each app have to write some kind of cron service or compute a pause interval between each invocation of the API?   Seems to me like the scheduler would be the obvious choice, but I can't find anything in the Splunk documentation to tell me for certain that the scheduler is used for apps to periodically call polled features. ... View more

Re: HEC Token Authentication Failures

by in Getting Data In
‎03-04-2024 07:09 AM
‎03-04-2024 07:09 AM
This is a really old post but I had the same problem.  A search query that appears to be helping me find these problems is: index=_internal sourcetype=splunkd log_level=ERROR component=HttpInputDataHandler The results are imperfect because they don't exactly match what's shown in the authentication failures, but in my case, it appears the errors are being caused by a source that is sending in blank/missing tokens. ... View more

Azure MFA ingestion into Splunk - does "Splunk Add...

by in Getting Data In
‎02-13-2024 12:20 PM
‎02-13-2024 12:20 PM
My company is transitioning from an on-premise MFA setup within ADFS to the Azure MFA setup.  What's the best approach to getting those MFA events into Splunk?  Does the Splunk Addon for Microsoft Azure (splunkbase 3757) meet that goal?   ... View more
Labels

Re: When a user queries he gets "insufficient perm...

by in Splunk Search
‎07-24-2023 01:13 PM
1 Karma
‎07-24-2023 01:13 PM
1 Karma
This ticket has been open a long time, but just in case someone else runs into it... Some people include workload  specifications with the URL of a search they've done. When  this occurs, and they share the link with others, then they can get this  error if the other person does not have the right granted to them to select a workload pool. This most often happens when a Splunk admin shares  a link with a non-admin.  The fix is to remove any reference to a workload pool  from the URL.  Or, alternately, you can grant the role of the person running the search to allow them to list  and select workload pools.  But if you do the second one, then anyone with that role can select which workload pool they run in. ... View more
Contact Me
Online Status
Offline
Date Last Visited
2 weeks ago
Karma from
View All
Karma given to
View All