Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About arielpconsolaci
arielpconsolaci
Path Finder
Member since:
03-28-2017
12-06-2022
Community Statistics
| Posts | 45 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 5 |
| Member Since | 03-28-2017 |
Activity Feed
- Posted Re: Load PDF in a Dashboard on Dashboards & Visualizations. 11-29-2022 12:53 AM
- Posted Has anyone used a pdf file to load/open as part of a dashboard? on Dashboards & Visualizations. 11-28-2022 11:56 PM
- Karma Re: Sort Apps by Label in Splunk Cloud for richgalloway. 11-28-2022 11:19 PM
- Posted Re: Sort Apps by Label in Splunk Cloud on Splunk Cloud Platform. 11-16-2022 05:17 PM
- Karma Re: How can I generate a list of users and assigned roles? for somesoni2. 11-15-2022 06:40 PM
- Posted How to sort spps by label in Splunk Cloud? on Splunk Cloud Platform. 11-15-2022 04:40 PM
- Tagged How to sort spps by label in Splunk Cloud? on Splunk Cloud Platform. 11-15-2022 04:40 PM
- Tagged Splunk Cloud App Vetting Failure -Possible resolutions for check_hotlinking_splunk_web_libraries? on Splunk Cloud Platform. 10-19-2022 07:24 PM
- Tagged Splunk Cloud App Vetting Failure -Possible resolutions for check_hotlinking_splunk_web_libraries? on Splunk Cloud Platform. 10-19-2022 07:24 PM
- Posted Splunk Cloud App Vetting Failure -Possible resolutions for check_hotlinking_splunk_web_libraries? on Splunk Cloud Platform. 10-19-2022 07:21 PM
- Posted Re: Splunkbase Website Monitoring Configuration- Only the "Advanced" configuration shows both platforms? on Splunk Cloud Platform. 09-14-2022 07:02 PM
- Posted Splunkbase Website Monitoring Configuration- Only the "Advanced" configuration shows both platforms? on Splunk Cloud Platform. 09-13-2022 10:05 PM
- Tagged Splunkbase Website Monitoring Configuration- Only the "Advanced" configuration shows both platforms? on Splunk Cloud Platform. 09-13-2022 10:05 PM
- Tagged Splunkbase Website Monitoring Configuration- Only the "Advanced" configuration shows both platforms? on Splunk Cloud Platform. 09-13-2022 10:05 PM
- Posted Is there be a way to configure a specific index to be searchable for a specific srchTimeWin? on Splunk Enterprise. 02-13-2022 09:28 PM
- Posted Re: Skipped searches - Searchable rolling restart or upgrade is in progress on Splunk Enterprise. 07-25-2021 07:27 PM
- Karma Re: Skipped searches - Searchable rolling restart or upgrade is in progress for gjanders. 07-25-2021 07:20 PM
- Posted Re: Skipped searches - Searchable rolling restart or upgrade is in progress on Splunk Enterprise. 05-27-2021 05:41 PM
- Posted Re: Skipped searches - Searchable rolling restart or upgrade is in progress on Splunk Enterprise. 05-24-2021 06:58 PM
- Posted Re: Skipped searches - Searchable rolling restart or upgrade is in progress on Splunk Enterprise. 05-24-2021 04:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 |
11-29-2022
12:53 AM
HI @ITWhisperer Yes. That is correct. And iframe is the way I found to load a pdf file. However, it does not seem to work properly. My files are located under the appserver/static directory of the application. Thanks for the advise on web.conf. I failed to mention that the platform is in Splunk Cloud. That conf seems to be intended on system level. Is that right? Best Regards, Ariel
... View more
11-28-2022
11:56 PM
Hi Splunkers,
Has anyone used a pdf file to load/open as part of a dashboard?
(Not a link to the pdf file)
Thanks in advance.
Kind Regards,
Ariel
... View more
Labels
- Labels:
-
dashboard
11-16-2022
05:17 PM
Thanks @richgalloway . Appreciate the response. It worked for me. Now I am just wondrin if the change can be done on a system level. From testing, the change seems to be on a user level only.
... View more
11-15-2022
04:40 PM
Hi fellow Splunkers,
Good day. We are noticing that applications in our Splunk Cloud Platform is not sorted by App Label unlike our Splunk Enterprise platform?
Would anyone be able to suggest if there is a way to sort the apps list dropdown in Splunk Cloud?
Thanks a lot in advance.
Kind Regards!
... View more
- Tags:
- ui
Labels
- Labels:
-
using Splunk Cloud
10-19-2022
07:21 PM
Hi Fellow Splunkers,
Good day. I am currently migrating some applications from On-Prem to Splunk Cloud. From app vetting, would anyone be able to suggest of possible fixes/resolutions for this check_hotlinking_splunk_web_libraries check?
The errors points to JS files that works well in On-Prem and are in their correct location in packaging an application (appserver/static)
Name: check_hotlinking_splunk_web_libraries Description: Check that the app files are not importing files directly from the search head. Details: Embed all your app's front-end JS dependencies in the /appserver directory. If you import files from Splunk Web, your app might fail when Splunk Web updates in the future. Bad imports: ['vizapi/SplunkVisualizationBase', 'vizapi/SplunkVisualizationUtils'] File: /tmp/tmp4bxeox7h/splunk_app/appserver/static/visualizations/VUmeter/src/visualization_source.js
Appreciate any help/advise. Thank you.
... View more
Labels
- Labels:
-
configuration
-
using Splunk Cloud
09-14-2022
07:02 PM
Thanks for the response, and inputs/insights, Luke. These are noted. Appreciate your time for getting back as well.
... View more
09-13-2022
10:05 PM
Hello Splunkers,
I am seeing some some difference in setting up configurations (Configuration tab) in On-Prem vs Splunk Cloud for the Website Monitoring application.
"Proxy Server" and "Proxy Server Authentication" configurations are both available in Splunk On-Prem which aren't in Splunk Cloud.
Only the "Advanced" configuration shows in both platforms. Is anyone seeing the same? or Is this intended since the platform is Splunk Cloud?
The context on this question is doing an app migration to Splunk Cloud and observing the experience compared to On-Prem. Thinking if Proxy Server settings are not anymore needed for the application in Splunk Cloud. Thus this difference.
Thanks in advance.
Kind Regards,
Ariel
... View more
Labels
- Labels:
-
using Splunk Cloud
02-13-2022
09:28 PM
Hi fellow Splunkers,
Good day. Would there be a way to configure a specific index to be searchable for a specific srchTimeWin?
Say the example below.
Scenario:
Splunk User has a user role with a search time win of 1 yr for all non-internal indexes.
We wanted a specific index to be searchable for 2 years only for the same user (the rest by 1yr searchable).
Test already done:
Create a new role and assign to a test user (with the user role) with the new role being searchable to the index of concern with srchTimeWin of 2years. However, all indexes were made searchable to 2 yrs as a result.
Thanks in advance.
Kind Regards,
Ariel
... View more
- Tags:
- srchTimeWin
Labels
- Labels:
-
administration
07-25-2021
07:27 PM
This explains it. Thanks for this!
... View more
05-27-2021
05:41 PM
Thanks once again @isoutamo for answering to my queries. We have 30,000 buckets per indexer (slave/member) in the cluster. How do I check the below? @isoutamo wrote: How many buckets you have in your cluster? Is this 180s enough long time to make all buckets to searchable on another nodes when one node is going down?
... View more
05-24-2021
06:58 PM
Appreciate your response @isoutamo. Yes, I've gone through that document and the best practice in our cluster is observed below. [clustering]
restart_timeout = 600
rolling_restart = searchable_force
decommission_force_timeout = 180 The cluster is in a multi-site cluster. I am running the indexer apply bundle push via backend and I've observed based from logs in the UI that the searchable rolling restart is running.
... View more
05-24-2021
04:47 AM
Hi @isoutamo Thank you for your response. We have 6 search heads and 12 indexers. Enough to avoid such issue.
... View more
05-23-2021
09:29 PM
Hi Splunkers, Good day. My HEC tokens are currently configured in the Indexer Cluster, and during Indexer Bundle Push specifically during bundle reload, the HEC logging drops to 0. Is this normal? HEC logs are indexing during bundle validation, indexer rolling restart, but not during the bundle reload. Bundle Validation -> Bundle Reload -> Indexer Rolling Restart HEC logging is also not distributed properly across indexers. Seeking advise. Thank you and Kind Regards, Ariel
... View more
Labels
- Labels:
-
indexer clustering
05-23-2021
08:45 PM
Hi Splunkers, Good day. I am experiencing an issue in our cluster where the searches are all skipping with the reason "Searchable rolling restart or upgrade is in progress". My understanding is that having a searchable rolling restart enabled in the Cluster Manager (indexer) during bundle push minimizes impact to running searches. However, my case is that all the searches are getting skipped regardless. Seeking advise. Splunk installed in the SH cluster and Indexer Cluster all has the same version at 8.0.2. Thank you in advance.
... View more
Labels
04-14-2021
05:45 PM
Hi Splunk Community. Good day. I am trying to add an AWS EC2 created instance with Splunk installed to it (standalone) as a slave to an on-prem Splunk License server. However, I am getting the error below. ERROR LMTracker - failed to send rows, reason='Unable to connect to license master=https://XXXXXXX:8089 Error connecting: Connection reset by peer' From checking, both Splunk are up in the master and slave. I can see a connection from a curl test in the slave to the master. * Rebuilt URL to: telnet://XXXXXXX:8089/ * Trying 10.XX.XXX.XX... * TCP_NODELAY set * Connected to XXXXXXX (10.XX.XXX.XX) port 8089 (#0) Please help advise. Thanks All. Cheers!
... View more
Labels
- Labels:
-
configuration
01-27-2021
11:27 PM
Thanks @to4kawa . That may work but what I am trying to achieve is that a plain search using the index and sourcetype at search time will return masked data accdg. to the rule set. Thus using a calculated field for _raw. Thanks still for the suggestion.
... View more
01-27-2021
11:25 PM
Thanks again @manjunathmeti . I am trying to observe that for 16 digits numbers be masked with 6#s between the first 6 digits and last 4 digits. while for 15 digit numbers, masking should be just 5#s between the first 6 digits and last 4 digits. Currently, with my current config, masking happens with 6#s. I am trying to get and observe 6#s and 5#s respective what is given (16 digit numbers and 15 digit numbers). From testing, this seems not possible. But let me know if otherwise. Thanks for your time on this.
... View more
01-27-2021
07:57 PM
Thanks @manjunathmeti . I tried this. However, this does not work. Probably because it is the same field _raw. I checked as well via btool and it only reads one of the eval calculations for the same sourcetype.
... View more
01-27-2021
06:38 PM
Hi Splunkers, Good day. I am trying to perform search time masking using a Calculated Field to replace _raw with the required result. This goes fine for me for my particular data of concern. However, it goes complex somehow when that particular field in the same event has to be masked another way. Citing an example below to explain more clearly. Masking - 16 digits 2021/01/21 - 01:15 AM <ACT>1234567890123456</ACT> Result: 2021/01/21 - 01:15 AM <ACT>123456######3456</ACT> However, if I see 15 digits for this field, masking should be 5 ##### rather than 6 for 16digits. Masking - 15 digits 2021/01/25 - 01:15 AM <ACT>987654321012345</ACT> Result: 2021/01/25 - 01:15 AM <ACT>987654#####2345</ACT> Since the same field, _raw, is being worked on. I reckon this is not possible. props.conf [<sourcetype>] EVAL-_raw = replace(_raw,"(\d{6})(\d{5,6})(\d{4})","\1######\3") Please let me know of your thoughts/suggestions. Thanks in adv. Cheers!
... View more
10-02-2018
05:38 AM
1 Karma
Hi All,
We observed ConnectTimeOutException failures for some of our DB Connect Inputs.
Can someone advise what may cause this error and how to resolve it?
[QuartzScheduler_Worker-32] ERROR org.easybatch.core.job.BatchJob - Unable to write records
org.apache.http.conn.ConnectTimeoutException: Connect to X.X.X.X:8088 [/X.X.X.X] failed: Read timed out
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:151)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at com.splunk.dbx.server.dbinput.recordwriter.HttpEventCollector.uploadEventBatch(HttpEventCollector.java:109)
at com.splunk.dbx.server.dbinput.recordwriter.HttpEventCollector.uploadEvents(HttpEventCollector.java:89)
at com.splunk.dbx.server.dbinput.task.processors.HecEventWriter.writeRecords(HecEventWriter.java:48)
at org.easybatch.core.job.BatchJob.writeBatch(BatchJob.java:203)
at org.easybatch.core.job.BatchJob.call(BatchJob.java:79)
at org.easybatch.extensions.quartz.Job.execute(Job.java:59)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Thank you in advance.
Kind Regards,
Ariel
... View more
- Tags:
- splunk-enterprise
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-06-2022
11:27 PM
|
Karma given to
