cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
gowthammahes
Path Finder
Member since: ‎08-24-2022
‎08-20-2024
Community Statistics
Posts 26
Solutions 0
Karma Given 22
Karma Received 4
Member Since ‎08-24-2022
Activity Feed
Topics I've Started
View All

Re: restrict the search for specific time

by SplunkTrust in Splunk Search
‎08-20-2024 07:40 AM
1 Karma
‎08-20-2024 07:40 AM
1 Karma
Hi @gowthammahes , if you want to limit the time access for some users, you can apply a limit to the role of these users. Ciao. Giuseppe ... View more

Re: Splunk db connect onboarding data

by in Getting Data In
‎07-02-2024 03:58 AM
‎07-02-2024 03:58 AM
  It sounds like some sort of setting related to connection issue: A few thinsg to check: Is there a firewall between your DB connect server and the HEC server? Ensure the port(s) are availble Ensure on Splunk HEC server, you have global settings enabled: Click Settings > Data Inputs. Click HTTP Event Collector. Click Global Settings. In the All Tokens toggle button, select Enabled. Some other aspects to check and troubleshoot: #Check if the Hec collector is healthy curl -k -X GET -u admin:mypassword https://MY_Splunk_HEC_SERVER:8088/services/collector/health/1.0 #Check if HEC stanzas with config are configured /opt/splunk/bin/splunk http-event-collector list -uri https://MY_Splunk_HEC_SERVER:8089 #Check the settings using btool /opt/splunk/bin/splunk cmd btool inputs list --debug http ... View more

Re: Logs are not getting indexed

by in Getting Data In
‎05-28-2024 01:49 AM
1 Karma
‎05-28-2024 01:49 AM
1 Karma
The issue has been resolved. Actually there was two tcp out indexer groups caused the issue. Adding _tcp_routing fixed the issue. ... View more

Re: Splunk dashboard not showing up the results

by SplunkTrust in Getting Data In
‎03-26-2024 05:07 AM
1 Karma
‎03-26-2024 05:07 AM
1 Karma
Try adding a table command to your base search <search id="base_srch"> <query>index=prod sourcetype=auth_logs | table ip</query> ... View more

Re: Logs are not getting ingested

by SplunkTrust in Getting Data In
‎02-24-2024 12:03 AM
1 Karma
‎02-24-2024 12:03 AM
1 Karma
Apart from what @Richfez said, crcSalt is rarely useful. It's often better to raise the size of the chunk of data used to calculate file's crc (the crcLength option if memory serves me right). And just to be on the safe side - where are you putting those transforms? They should not be on the UF but on the first "heavy" component - HF or indexer - in event's path. ... View more

Error in upgrading forwarder using ansible

by in Installation
‎07-27-2023 05:04 AM
‎07-27-2023 05:04 AM
Hi All, We are trying to upgrade the splunk universal forwarder from version 8.1.0 to 9.0.3 using ansible scripts. But we are getting error when the script tries to start the forwarder. Herewith attached error and ansible playbook. Ansible playbook: - name: Splunk Upgrade | Copy tgz to target copy: src: /pub/splunk/splunkpackages/{{ splunk_package }} dest: /tmp/{{ splunk_package }} - name: Splunk Upgrade | Check for SYSV scripts stat: path: /etc/rc.d/init.d/splunk register: splunk_sysv - name: Splunk Upgrade | Stop Splunk shell: | {{ splunk_home }}/bin/splunk stop tar -cvf /opt/splunk_config_backup.tar {{ splunk_home }}/etc/ - name: Splunk Upgrade | Clean up SYSV scripts shell: | rm /etc/rc.d/init.d/splunk /opt/splunkforwarder/bin/splunk disable boot-start when: splunk_sysv.stat.exists ignore_errors: yes - name: Splunk Upgrade | Upgrade Forwarder and restart ==> in this task it getting failed shell: | cd /opt tar -xzvf /tmp/{{ splunk_package }} chown -R splunk:splunk /opt/splunkforwarder {{ splunk_home }}/bin/splunk start --accept-license --answer-yes --no-prompt register: splunk_upgrade - name: Splunk Upgrade | Convert SYSV to Systemd shell: | {{ splunk_home }}/bin/splunk stop chown -R splunk:splunk /opt/splunkforwarder /opt/splunkforwarder/bin/splunk enable boot-start -user splunk when: splunk_sysv.stat.exists - name: Splunk Upgrade | start and enable splunk service: name: SplunkForwarder.service enabled: true state: started - name: Splunk Upgrade | Cleanup tgz file: state: absent path: /tmp/{{ splunk_package }}   Error in splunk forwarder log:   ... View more

Re: Event mismatch in data. event count is higher ...

by SplunkTrust in Getting Data In
‎05-12-2023 06:59 AM
‎05-12-2023 06:59 AM
That's not much for a prop.conf stanza.  It's hard to be certain without seeing sample data, but you may need additional settings.  Consider adding the "Magic Six" attributes. TIME_PREFIX TIME_FORMAT MAX_TIMESTAMP_LOOKAHEAD SHOULD_LINEMERGE LINE_BREAKER TRUNCATE ... View more

Re: Search peer SSL config check- How to resolve t...

by in Security
‎01-12-2023 11:24 AM
‎01-12-2023 11:24 AM
I'm getting these same errors when running the upgrade readiness app. Do these need to be fixed prior to upgrading to 9.0? I'm on 8.2 today. ... View more

How to open an additional non-ssl HTTP REST port a...

by in Security
‎11-03-2022 11:18 AM
‎11-03-2022 11:18 AM
Hi, I have requirement to open an additional non ssl http rest port in splunk and bind it to localhost for my splunk security issue. In splunk documentation server. conf file they have mentioned as below. How to open non ssl port and bound to localhost?  ############################################################################ # Open an additional non-SSL HTTP REST port, bound to the localhost # interface (and therefore not accessible from outside the machine) Local # REST clients like the CLI can use this to avoid SSL overhead when not # sending data across the network. ############################################################################ [httpServerListener:127.0.0.1:8090] ssl = false    ... View more
Labels

Re: Splunk findout openssl version used

by in Security
‎11-01-2022 11:28 AM
‎11-01-2022 11:28 AM
My testing shows Splunkforwarder 9.0.1 isn't running the vulnerable OpenSSL 3.0 [root@localhost opt]# export LD_LIBRARY_PATH=/opt/splunkforwarder/lib [root@localhost opt]# /opt/splunkforwarder/bin/openssl version WARNING: can't open config file: /opt/splunk-home/openssl/openssl.cnf OpenSSL 1.0.2zf-fips 21 Jun 2022    ... View more

Re: How to configure Splunk to use a custom CA SSL...

by in Security
‎10-23-2022 06:37 AM
‎10-23-2022 06:37 AM
thankyou. it worked  ... View more

Why is data not getting indexed?

by in Getting Data In
‎10-07-2022 05:42 AM
‎10-07-2022 05:42 AM
Hi everyone, i have a splunk universal forwarder installed in linux machine and configured some log files to forward to indexer. But i am getting below error and data not getting ingested in splunk. input type: File Error: 0100 ERROR Metrics - Metric with name thruput:thruput already registered 0100 ERROR Metrics - Metric with name thruput:idxSummary already registered   ... View more
Labels

Re: Allow user to access only part of data in an i...

by in Dashboards & Visualizations
‎08-24-2022 07:43 AM
‎08-24-2022 07:43 AM
HI @gcusello , Thankyou so much for the detailed explanation. let me try the solution which is given by you and @ITWhisperer    Thanks, Gowtham ... View more

Re: How to restrict the user to access part of dat...

by SplunkTrust in Security
‎08-24-2022 07:35 AM
1 Karma
‎08-24-2022 07:35 AM
1 Karma
You could consider using summary indexes. Summary indexes do not count against your licence (they used prior to version 4) Use summary indexing for increased search efficiency - Splunk Documentation ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-20-2024 12:59 PM
Karma from
View All
Karma given to