Hello My lookup table has fields of src_ip, dst_ip, and description. src_ip=192.168.1.1 dst_ip=192.168.1.100 description="internal IP" I want to convert the src_ip field and dst_ip to decimal. If you know how to convert it, please add a reply.   Thank you ... View more

Hello I'm collecting cloudtrail logs by installing Splunk add on AWS in the Splunk heavy forwarder. The following logs are occurring in the aws:cloudtrail:log source type in the _internal index. " ~ level=WARNING pid=3386853 tid=Thread-7090 logger=urllib3.connectionpool pos=connectionpool.py:_put_conn:308 | Connection pool is full, discarding connection: bucket.vpce-abc1234.s3.ap-northeast-2.vpce.amazonaws.com. Connection pool size: 10" Should Splunk add on AWS increase the Connection pool size? How can I increase the Connection pool size? Curiously, I would like to know the solution for this log. Thank you. ... View more

Hello   I'm using Splunk 9.1.1 . Like the title, I am looking for a way to check the cherrypy version of the Splunk. How can I check it? I look forward to hearing from you. ... View more

<html> Hello If you look at the search manual, one of the restrictions is the inputlookup command. [Search manual] Restrictions for standard mode federated search Standard mode federated search does not support the following: Generating commands other than search, from, loadjob, mstats, or tstats. For example, federated searches cannot include the datamodel or inputlookup commands. You can find a list of generating commands in Command types, in the Search Reference. Is this inputlookup a constraint on local Splunk? Or is it a remote restriction? Thank you </html> ... View more

Hello The Splunk release note states that version 8.2.10 was released on February 14, 2023. This installation file does not exist on the download page. Is there any other reason? When will it be available for download? ... View more

Hello I want to ask a question about subsearch. When submitting a fed command without using it, an error message occurs as follows. Before setting federated search ] index=fw | join src_ip [ sourcetype=ips | stats count by src_ip ] >> Result : OK After setting federated search ] index=fw | join src_ip [ sourcetype=ips | stats count by src_ip ] >> Result : NG Error : Search command can only accept one federated index. Is there any solution? ... View more

Hello The deployment-client setting is required for the remote Universal Forwarder. And then I want to restart Universal Forwarder. I know the ID/PW. Can I set it up in My Deployment-Server?   ... View more

Hello Multiple PCs can access the same ID when connecting the web to the splunk. Even if I connect to multiple PCs with the same ID, I only keep the last session I accessed, and the PCs I logged in to before are looking for a way to disconnect the session I accessed. In a single instance, the session could be cut off as follows. ./splunk _internal call "/services/authentication/httpauth-tokens/[SESSION_ID]" -method DELETE  The above SESSION_ID used the other field value of the splunk ui access log. However, this method does not work in a search header cluster. Can I have a search header cluster maintain only the last session I accessed when connecting from multiple PCs with the same ID? I look forward to hearing from you.   ... View more

Hello Logs are being collected through Cisco eStreamer. I want to convert hex of packet field to ASCII. If you know how to convert the packet field of Cisco eStreamer to ASCII, please share it. Thank you. ... View more