Yes I mean a separate Splunk instance. In terms on managing the connection, if I understand you correctly this "Active Drive" is using NFS or something. In that case the dedicated host simply has that drive mounted at all times. Is that how your application works? Or is there some other technology in play. ... View more

So...... Seems there was a couple of issues at play here, with a syntax error being the one to stump me for a while. Thanks jplumsdaine22 for your input - only one to offer anything on the topic. Seems you were 100% on the money. After modifying the inputs to include crcSalt = , rather than crcSalt = , everything is working as expected. ... View more

If you need to perform CRUD operations on Splunk Applications (replaces need for admin_all_objects). If you need to install ES ... View more

Hi ptang Running btool gives me the following outputs (only included those relevant): /opt/splunk/etc/apps/config_SH_webconf/local/web.conf privKeyPath = etc/auth/healthCerts/HealthSearcheadPrivateKey.key /opt/splunk/etc/apps/config_SH_webconf/local/web.conf serverCert = etc/auth/healthCerts/searchheadcertcombined.pem /opt/splunk/etc/apps/config_SH_webconf/local/web.conf sslVersions = tls1.2 Path and directory listing below match the above output: -bash-4.2$ ls -la /opt/splunk/etc/auth/healthCerts/ total 44 drwxr-xr-x. 2 splunk splunk 4096 Apr 24 11:15 . drwx------. 8 splunk splunk 4096 May 28 12:05 .. -rw-r--r--. 1 splunk splunk 1704 Apr 24 11:15 HealthSearcheadPrivateKey.key -rw-r--r--. 1 splunk splunk 6261 Apr 24 11:15 searchheadcertcombined.pem -rw-r--r--. 1 splunk splunk 2894 Apr 24 11:15 searchheadcert.pem -rw-r--r--. 1 splunk splunk 631 Apr 24 11:15 splunkCertConfig.conf -rw-r--r--. 1 splunk splunk 1435 Apr 24 11:15 splunksec.csr -rw-r--r--. 1 splunk splunk 8843 Apr 24 11:15 splunkweb.pem MuS, Thanks for the extra info - I agree with your thought on btool so ran your command as well - just to compare: relevant entries: privKeyPath=etc/auth/healthCerts/HealthSearcheadPrivateKey.key serverCert=etc/auth/healthCerts/searchheadcertcombined.pem sslVersions=tls1.2 From this - I can only assume that things are configured correctly - yet, it's not using this cert. Any other thoughts on why not? ... View more

Thanks for that - while a valid pickup in terms of pass through, which I think has resolved part of my issues with the pass-through URL, it's not helping my tokens generating correctly. ... View more

Hi Kozanic, Do you mean at the time that it indexes the file? If so, I don't think you can, but it can be used in search queries, Otherwise I think you could use this solution; http://answers.splunk.com/answers/525/how-can-i-change-the-time-format-in-splunk-web.html Hope this helps 🙂 ... View more