Does anyone has idea how to setup MySQL connection using SSL and certs? I've read the answer below and imported my ca.pem into the keystore, but still not working? Connect Splunk DB Connect to MariaDB with SSL and cert 1 answer https://answers.splunk.com/answers/611126/connect-splunk-db-connect-to-mariadb-with-ssl-and.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev I've also search the web regarding jdbc connections using ssl certs, but still unable to see which or how am I suppose to load these certs into the app so I can connect to my database and the db_connections.conf.spec.example from README folder included in the app doesn't have MySQL usage in it I have ssl-ca=ca.pem ssl-cert=server-cert.pem ssl-key=server-key.pem which of these should I import into keystore/truststore? ... View more

My Splunk DB Connect seems to have some data lost issue connecting to a MSSQL server where the DB is used as customer service loggings. Has anyone face the same problem while tailing a datetime column and missing a few rows comparing data in Splunk and database? ... View more

There are actually 2 parts in my question i want to do an field extraction based on my existing field i have read some of the questions on the answers, and found some possible solutions to my problem but was still unable to the it working correctly i tried with n-level transforms.conf and props.conf way using delims as i think it should be an easy way to separate my field since the data is not fixed with the number of different sections it might have another way my also be using rex but i also found out that i was not able to point out exactly where i want to extract my category i listed out both of my source and my props.conf/transforms.conf example here example.log date,number,/我愛你/你愛他,last,xx12345 date,number,/我愛你/你愛他/他愛他,last,xx12345 date,number,/我愛你/你愛他/他愛他/他愛我,last,xx12345 props.conf [example.log] REPORT-sourcefields = source-fields REPORT-sourcefield3 = source-field3 transforms.conf [source-fields] DELIMS = "," FIELDS = field1,field2,field3,field4,field5 [source-field3] SOURCE_KEY = field3 DELIMS = "/" FIELDS = Category1,Category2,Category3,Category4,Category5,Category6 when using sourcetye="example.log" | rex field=field3 (? ^/{1}\w+) in my search command, i found that it will not recognize my Chinese characters when i use \w+ but it works well in my regex tool anyone has answers to this problem? maybe my regex isn't correct, but i am really exhausted these days...unable to think straight at the moment ... View more

is there any ways to display different static picture on dashboard depends on different search result. this is sort of like an if-then scenario, which can be crucial to my live dashboard the single event icon color can be changed, so i m wondering if it is possible to display different picture for conditional results. Such as, critical should display pic01 in the my dashboard, low should display pic02 in my dashboard, so on... ... View more