Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About cnuguri_ncc
cnuguri_ncc
Path Finder
Member since:
05-25-2017
01-28-2026
Community Statistics
| Posts | 14 |
| Solutions | 1 |
| Karma Given | 8 |
| Karma Received | 2 |
| Member Since | 05-25-2017 |
Activity Feed
- Karma Re: Why am I getting "Missing enough suitable candidates to create a replicated copy" building a multisite ind for woodcock. 10-14-2021 09:41 AM
- Posted Re: CLI "login failed" error on DS on Security. 08-06-2021 02:41 AM
- Posted Re: CLI "login failed" error on DS on Security. 07-27-2021 08:51 AM
- Posted Re: CLI "login failed" error on DS on Security. 07-27-2021 01:17 AM
- Posted CLI "login failed" error on DS on Security. 07-26-2021 01:13 AM
- Got Karma for Re: How to calculate the Average of time in splunk. 01-29-2021 06:48 AM
- Posted Re: How to calculate the Average of time in splunk on Dashboards & Visualizations. 01-29-2021 06:32 AM
- Posted Re: How to calculate the Average of time in splunk on Dashboards & Visualizations. 01-29-2021 06:27 AM
- Got Karma for Re: How to calculate the Average of time in splunk. 01-15-2021 10:03 AM
- Posted Re: Data Onboarding on Getting Data In. 01-15-2021 04:12 AM
- Posted Re: How to calculate the Average of time in splunk on Dashboards & Visualizations. 01-15-2021 04:05 AM
- Posted Re: Getting error with Microsoft Azure Add on for Splunk: Unable to initialize modular input "azure_event_hub" on All Apps and Add-ons. 12-08-2020 10:03 AM
- Karma Re: Symantec email security.cloud to Splunk Cloud for richgalloway. 11-06-2020 08:16 AM
- Posted Re: Symantec email security.cloud to Splunk Cloud on Splunk Cloud Platform. 11-06-2020 06:33 AM
- Karma Re: Symantec email security.cloud to Splunk Cloud for richgalloway. 11-06-2020 06:28 AM
- Posted Symantec email security.cloud to Splunk Cloud on Splunk Cloud Platform. 11-06-2020 04:03 AM
- Tagged Symantec email security.cloud to Splunk Cloud on Splunk Cloud Platform. 11-06-2020 04:03 AM
- Tagged Symantec email security.cloud to Splunk Cloud on Splunk Cloud Platform. 11-06-2020 04:03 AM
- Tagged Symantec email security.cloud to Splunk Cloud on Splunk Cloud Platform. 11-06-2020 04:03 AM
- Karma Re: Has anyone tried using fusemount for frozen storage? for AGLbwa. 09-25-2020 08:57 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
08-06-2021
02:41 AM
Thanks @codebuilder Not exactly sure how, but it started working. I can only think the restart (although a few times) must have fixed this.
... View more
07-27-2021
08:51 AM
Yes, restarted a few times. Splunk is running as "Local System" on Windows.
... View more
07-27-2021
01:17 AM
@codebuilder Sorry for not being clear enough, It fails when I enter the admin login details. The same username and password works with Splunk web though ( this is the admin account created at installation ). And this started after I have setup SSL for splunkd port so wondering if that is affecting the CLI authentication ? Is there a way to setup cert authentication for CLI ? Thanks Chetu
... View more
07-26-2021
01:13 AM
Hello all, Configured custom ssl certificates on Deployment Server (both splunkd and splunk web), and deployment clients are connecting to DS fine on this setup. But, command line login started failing after this while running any commands on DS, Need help in resolving this please ? (we have requireClientCert=false). Thanks in Advance Chetu
... View more
01-29-2021
06:32 AM
1 Karma
@aditsss for your search in the earlier comment, it should be as below. | eval AverageBuildDurationInMinutes=tostring(AvgTimeTaken, "duration")
... View more
01-29-2021
06:27 AM
@aditsss 1. Did you use correct field names with the example I sent ? 2. 00:14:00 - This means 14 mins 00:10:39 - 10 mins 39 secs Is this not what you were expecting ?
... View more
01-15-2021
04:12 AM
@johnlzy0408 Did you check check if the UF service has permissions to read the log file (the user that UF runs as). As @gcusello suggested, if you are receiving internal logs from this UF, you should see permission errors in the logs.
... View more
01-15-2021
04:05 AM
1 Karma
@aditsss you can use tostring() with duration option example: | eval readableAvgTime=tostring(averageTimeInSecs, "duration") Usage from docs tostring(X,"duration") Converts seconds X to the readable time format HH:MM:SS.
... View more
12-08-2020
10:03 AM
I have this error on Mac OS too, Tried on Splunk 8.0 and 8.1, with Add-on 3.0.1. 😐 Edit: Actually my error is slightly different, I get the below when adding the input, and input is not created Argument validation for scheme=azure_event_hub failed: The script returned with exit status 1.
... View more
11-06-2020
06:33 AM
Thanks @richgalloway 👍 I was hoping to hear that Symantec supports HEC or another way of forwarding logs, before taking the on-prem HF route.
... View more
11-06-2020
04:03 AM
Hello, I am looking to onboard Symantec email security.cloud data to Splunk cloud, but the add-on seems not compatible/available on Splunk Cloud ( https://splunkbase.splunk.com/app/3830/ ), could someone please advise if there is another way ? I suppose using an on-prem HF for the add-on and forward data Splunk could work, although trying to avoid on-prem components if it is possible to onboard directly from IDM. Thanks in advance. Chaith
... View more
08-10-2020
02:07 AM
As suggested above, Splunk docs links above are the best place for updated information for exact version you are on. But the below is very useful for SSL setup across all Splunk components, although some configurations are deprecated now and you will need to use the new config as suggested in Splunk docs for those. https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPractices.pdf
... View more
08-10-2020
01:15 AM
Thanks a lot !
... View more
08-07-2020
09:19 AM
Hi All, I have inherited a HF running on a Linux server collecting data from several cloud sources using the inputs from below TAs, that need to be moved to a newly built Linux server (no Splunk version upgrades). azure_event_hub azure_security_center_input digital_shadows_searchlight microsoft_graph_security MS_AAD_audit MS_AAD_signins mscs_azure_audit mscs_azure_resource splunk_ta_o365_management_activity windows_defender_atp_alerts Can you please recommend any procedures and best practices to make sure there is no data duplication ? Thinking of the below ways, will any of these work and which is better ? 1. a. Stop Splunk on old host and copy Splunk directory to new host. b. Change the splunk server/instance name to match the new host. c. Start splunk on the new host. 2. Install fresh Splunk on new host, and configure TAs, is there a way to move any checkpoints (or something similar to fishbuckets ? ) from the old HF, so that the TAs pull data from where it was stopped on the existing HF ? Thanks a lot in advance Chaith
... View more
- Tags:
- migration
Labels
- Labels:
-
heavy forwarder
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-28-2026
05:37 AM
|
Karma given to
