×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
azer271
Path Finder
Member since: ‎02-15-2024
‎10-23-2025
Community Statistics
Posts 19
Solutions 1
Karma Given 20
Karma Received 0
Member Since ‎02-15-2024
Activity Feed
Topics I've Started
View All

Re: Stuck at Analytics Story Onboarding Assistant ...

by in Splunk Enterprise Security
‎09-09-2025 11:06 AM
‎09-09-2025 11:06 AM
It's all 200 status. However, 99+ error messages appeared in developer tools when I pressed Enable. (mostly mentioning that the error is in es cloud url/static/@xxxx/app/DA-ESS-ContentUpdate/pages/onboarding.js)   Errors:   Error enabling saved search: TypeError: can't access property "split", document.cookie.split(...).find(...) is undefined Error enabling saved search: TypeError: can't access property "split" of undefined Cookie “splunkweb_csrf_token_8443” has been rejected because its expiration date is over the limit. Thanks.      ... View more

Re: Indexer Cluster Fixup Tasks Stuck (fsck failed...

by in Getting Data In
‎08-27-2025 10:32 AM
‎08-27-2025 10:32 AM
An update to this old topic since it takes time to apply for performing a restart for my client. I fixed the issue by performing a bundle restart in the Splunk cluster master. I also increased the "max_peer_build_load" and "max_peer_rep_load" values in the server.conf file to clear up existing bucket fixup tasks more quickly. Still not sure what "fsck failed exit code 24" means tho. Probably just an issue of network delay or low cpu. Reference: https://splunk.my.site.com/customer/s/article/Bucket-fixup-tasks-status-Missing-enough-suitable-candidate-to-create-searchable-copy-to-order-to-meet-replication-policy         ... View more

Re: Questions about data retention in Splunk Cloud...

by in Deployment Architecture
‎07-20-2025 10:21 PM
‎07-20-2025 10:21 PM
Thank you for your help! The provided URLs are very useful. ... View more

Re: Sentinel One Integration with Splunk

by in Splunk Enterprise
‎03-28-2025 05:56 AM
‎03-28-2025 05:56 AM
I solved the issue by unchecking the inputs in the app, since they are disabled by default and making sure the API permissions in Sentinel One. In my case, i just create a new service user in Sentinel One and use the api generated from the service user. The user has the scope of access to the site. ... View more

Re: Why are some fields not extracted properly at ...

by in All Apps and Add-ons
‎03-28-2025 05:49 AM
‎03-28-2025 05:49 AM
thanks. i get it now! ... View more

Re: Cluster Architecture Splunk Best Practice

by SplunkTrust in Deployment Architecture
‎03-06-2025 06:51 AM
‎03-06-2025 06:51 AM
Hi @azer271 , let me know if I can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated 😉 ... View more

Re: Splunk Self-signed Certificate Error. Error se...

by in Deployment Architecture
‎05-20-2024 10:12 AM
‎05-20-2024 10:12 AM
So this initially looks like the sender does not have certs, what is 192.168.100.1? (The client sending should now have the TLS certs - what does the outputs from client (UF ) look like? Test from the client openssl s_client -connect <hostname>:9997 Or  /opt/splunkforwarder/bin/splunk cmd openssl s_client -connect <hostname>:9997 ... View more

Re: Splunk Connect For Syslog - Sending syslog usi...

by in Getting Data In
‎05-06-2024 07:25 PM
‎05-06-2024 07:25 PM
I checked with tcpdump and wireshark. I can clearly see the TCP packets, but not the UDP packets. However, I can see the traffic by echoing the message (TCP and UDP as well) to SC4S server. I believe its the issue of the Kiwi Syslog Message Generator.  Thanks guys. 😊 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-23-2025 11:53 PM
Karma given to