Activity Feed
- Posted Re: splunk index search is not working on Splunk Search. 09-16-2022 08:58 AM
- Posted Re: splunk index search is not working on Splunk Search. 09-16-2022 08:50 AM
- Posted Re: splunk index search is not working on Splunk Search. 09-16-2022 01:37 AM
- Posted Why is my Splunk index showing "0"? on Splunk Search. 09-14-2022 01:22 AM
- Tagged Why is my Splunk index showing "0"? on Splunk Search. 09-14-2022 01:22 AM
- Posted Re: Spunk search with index not working on Alerting. 09-13-2022 04:50 AM
- Tagged Re: Spunk search with index not working on Alerting. 09-13-2022 04:50 AM
- Posted Re: Spunk search with index not working on Alerting. 09-13-2022 04:20 AM
- Posted Re: Spunk search with index not working on Alerting. 09-13-2022 04:17 AM
- Posted Re: Spunk search with index not working on Alerting. 09-13-2022 04:13 AM
- Tagged Re: Spunk search with index not working on Alerting. 09-13-2022 04:13 AM
- Posted Why is Spunk search with index not working? on Alerting. 09-13-2022 03:54 AM
- Posted Re: how to get splunk event logs by using rest api on Splunk Cloud Platform. 06-30-2022 03:29 AM
- Posted Re: how to get splunk event logs by using rest api on Splunk Cloud Platform. 06-30-2022 03:06 AM
- Posted Re: how to get splunk event logs by using rest api on Splunk Cloud Platform. 06-30-2022 02:55 AM
- Karma Re: how to get splunk event logs by using rest api for VatsalJagani. 06-30-2022 02:53 AM
- Karma Re: how to get splunk event logs by using rest api for VatsalJagani. 06-30-2022 02:47 AM
- Posted Re: how to get splunk event logs by using rest api on Splunk Cloud Platform. 06-30-2022 02:46 AM
- Posted Re: how to get splunk event logs by using rest api on Splunk Cloud Platform. 06-30-2022 02:42 AM
- Posted How to get splunk event logs by using rest api? on Splunk Cloud Platform. 06-30-2022 02:07 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
09-16-2022
08:58 AM
this is my splunkd.log 09-16-2022 15:56:08.184 +0000 ERROR ExecProcessor [25121 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/phantom/bin/scripts/phantom_retry.py" File "/opt/splunk/etc/apps/phantom/bin/phantom_splunk.py", line 190, in rest 09-16-2022 15:56:08.184 +0000 ERROR ExecProcessor [25121 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/phantom/bin/scripts/phantom_retry.py" raise splunk.AuthorizationFailed('Error talking to Splunk: {} {}: {}'.format(method, path, str(e))) 09-16-2022 15:56:08.184 +0000 ERROR ExecProcessor [25121 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/phantom/bin/scripts/phantom_retry.py" splunk.AuthorizationFailed: [HTTP 403] Error talking to Splunk: GET /servicesNS/nobody/phantom/configs/conf-phantom: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/phantom/configs/conf-phantom?count=-1&output_mode=json 09-16-2022 15:56:22.605 +0000 INFO ExecProcessor [25121 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:228] [get_server_roles] [26822] Fetched server roles, roles=['universal_forwarder', 'license_master', 'license_manager'] 09-16-2022 15:56:22.611 +0000 INFO ExecProcessor [25121 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:256] [get_cluster_mode] [26822] Fetched cluster mode, mode=disabled 09-16-2022 15:56:22.611 +0000 INFO ExecProcessor [25121 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:30] [should_run] [26822] should run test, sh=False 09-16-2022 15:56:37.433 +0000 INFO ExecProcessor [25121 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:228] [get_server_roles] [26832] Fetched server roles, roles=['universal_forwarder', 'license_master', 'license_manager'] 09-16-2022 15:56:37.445 +0000 INFO ExecProcessor [25121 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:256] [get_cluster_mode] [26832] Fetched cluster mode, mode=disabled 09-16-2022 15:56:37.445 +0000 INFO ExecProcessor [25121 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_assist/bin/instance_id_modular_input.py" [assist::instance_id_modular_input.py:30] [should_run] [26832] should run test, sh=False
... View more
09-16-2022
08:50 AM
i have tried with /services/collector/raw also but no luck the data is not correct indexed.i checked with /services/collector/ack.
... View more
09-16-2022
01:37 AM
yes im getting the response 200 { "text": "Success", "code": 0 } like and im using same index token. i have checked the index manager the event count is zero and tha data is not stored in db.what are required changes i need to do ?
... View more
09-14-2022
01:22 AM
I push the logs to splunk using hec method using this end point "/services/collector" that index data showing in 1 MB in index manger but im search through the index the events are always showing "0". only default configtracker events are showing.
... View more
- Tags:
- events
09-13-2022
04:20 AM
09-13-2022
04:17 AM
09-13-2022
04:13 AM
i have tried with same index="_sl1index" and index="_*sl1index" but its not working
... View more
- Tags:
- ave
09-13-2022
03:54 AM
Spunk search with index not working only "index=_configtracker" index is working
... View more
06-30-2022
03:29 AM
Im using HEC method .I post the data to Splunk cloud using this URL https://localhost:8088/services/collector/event then I want fetch that event data ? I'm using token for authentications not using my username and password . if I use 8089 as my port number it is not connected to server using 8088 https://localhost:8088/services/search/jobs?search="search *" the response is { "text": "The requested URL was not found on this server.", "code": 404 }
... View more
06-30-2022
03:06 AM
8089 is also not working.
... View more
06-30-2022
02:55 AM
I changed and tried different ports numbers and in my global setting is the port number is 8088
... View more
06-30-2022
02:46 AM
Thanks for your quick response. I have tried same just I have replaced the my URL and credentials but im getting the this below json response My request: curl -u test:test -k https://test:8088/services/search/jobs -d search="search *" Response: { "text": "The requested URL was not found on this server.", "code": 404 }
... View more
06-30-2022
02:42 AM
Thanks for your quick response. I have tried same just I have replaced the my URL and credentials but im getting the this below json response My request: curl -u test:test -k https://test:8088/services/search/jobs -d search="search *" Response: { "text": "The requested URL was not found on this server.", "code": 404 }
... View more
06-30-2022
02:07 AM
Hi Team,
I'm using Splunk cloud REST API "/services/collector/event" used to post the data to Splunk cloud .what is the Get API for fetch the data ?
... View more
Labels
- Labels:
-
using Splunk Cloud
