Hello I have a question about using python library in the algorithm of Splunk ML Toolkit. Open the ARIMA.py file in the path splunk/etc/apps/Splunk_ML_Toolkit/bin/algos as below. === Contents === [root@master algos]# pwd /opt/splunk/etc/apps/Splunk_ML_Toolkit/bin/algos [root@master algos]# [root@master algos]# more ARIMA.py #!/usr/bin/env python import datetime import pandas as pd import numpy as np from statsmodels.tsa.arima.model import ARIMA as _ARIMA from statsmodels.tools.sm_exceptions import MissingDataError ========================= Among the contents of ARIMA.py , it says import pandas aspd Where is Pandas bringing up the library in? When I run ARIMA.py as below, I get a message that the module is not found. === Execution Results === [root@master algos]# python3 ARIMA.py Traceback (most recent call last): File "ARIMA.py", line 5, in <module> import pandas as pd ModuleNotFoundError: No module named 'pandas' [root@master algos]# ... View more

Hi I recently upgraded from Splunk 9.1.5 to 9.3.2. In the 9.1.5 Splunk/bin/scripts directory, there were .sh and .py files, but after upgrading to 9.3.2, they were moved to the splunk/quarantine_file path. Why were the files moved? Was the files in the splunk/bin/scripts path only moved? ... View more

Hi To transfer TLS from Deep Security to Splunk I think Privatekey, Certificate, and Certificatechain should be created in the splunk. Please kindly explain the procedure for creating Privatekey, Certificate, and Certificatechain. And what settings do I need to set up when I receive TCP from Splunk? ... View more

Hi How can I check the cherrypy version for Splunk 7.3.8? There are no cherrypy related files in splunk/share/3rdparty. Thank you. ... View more

  Hi, I'm trying to get the Guard duty log using the Splunk Add-on for AWS app. The input method is Generic S3, and logs from cloudtrail or WAF come in well, but the Guard duty log is not coming in. Of course, the data is in the S3 bucket. I'm attaching the guard duty.log.   Thank you. ... View more

Hello My lookup table has fields of src_ip, dst_ip, and description. src_ip=192.168.1.1 dst_ip=192.168.1.100 description="internal IP" I want to convert the src_ip field and dst_ip to decimal. If you know how to convert it, please add a reply.   Thank you ... View more

Hello I'm collecting cloudtrail logs by installing Splunk add on AWS in the Splunk heavy forwarder. The following logs are occurring in the aws:cloudtrail:log source type in the _internal index. " ~ level=WARNING pid=3386853 tid=Thread-7090 logger=urllib3.connectionpool pos=connectionpool.py:_put_conn:308 | Connection pool is full, discarding connection: bucket.vpce-abc1234.s3.ap-northeast-2.vpce.amazonaws.com. Connection pool size: 10" Should Splunk add on AWS increase the Connection pool size? How can I increase the Connection pool size? Curiously, I would like to know the solution for this log. Thank you. ... View more

Hello   I'm using Splunk 9.1.1 . Like the title, I am looking for a way to check the cherrypy version of the Splunk. How can I check it? I look forward to hearing from you. ... View more

<html> Hello If you look at the search manual, one of the restrictions is the inputlookup command. [Search manual] Restrictions for standard mode federated search Standard mode federated search does not support the following: Generating commands other than search, from, loadjob, mstats, or tstats. For example, federated searches cannot include the datamodel or inputlookup commands. You can find a list of generating commands in Command types, in the Search Reference. Is this inputlookup a constraint on local Splunk? Or is it a remote restriction? Thank you </html> ... View more

Hello The Splunk release note states that version 8.2.10 was released on February 14, 2023. This installation file does not exist on the download page. Is there any other reason? When will it be available for download? ... View more

Hello I want to ask a question about subsearch. When submitting a fed command without using it, an error message occurs as follows. Before setting federated search ] index=fw | join src_ip [ sourcetype=ips | stats count by src_ip ] >> Result : OK After setting federated search ] index=fw | join src_ip [ sourcetype=ips | stats count by src_ip ] >> Result : NG Error : Search command can only accept one federated index. Is there any solution? ... View more

Hello The deployment-client setting is required for the remote Universal Forwarder. And then I want to restart Universal Forwarder. I know the ID/PW. Can I set it up in My Deployment-Server?   ... View more

Hello Multiple PCs can access the same ID when connecting the web to the splunk. Even if I connect to multiple PCs with the same ID, I only keep the last session I accessed, and the PCs I logged in to before are looking for a way to disconnect the session I accessed. In a single instance, the session could be cut off as follows. ./splunk _internal call "/services/authentication/httpauth-tokens/[SESSION_ID]" -method DELETE  The above SESSION_ID used the other field value of the splunk ui access log. However, this method does not work in a search header cluster. Can I have a search header cluster maintain only the last session I accessed when connecting from multiple PCs with the same ID? I look forward to hearing from you.   ... View more

Hello Logs are being collected through Cisco eStreamer. I want to convert hex of packet field to ASCII. If you know how to convert the packet field of Cisco eStreamer to ASCII, please share it. Thank you. ... View more