cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
plaxosi
Explorer
Member since: ‎10-04-2017
‎05-30-2022
Community Statistics
Posts 8
Solutions 1
Karma Given 1
Karma Received 7
Member Since ‎10-04-2017
Activity Feed
View All

How to access OUTPUT variables from Stored Procedu...

by in All Apps and Add-ons
‎05-30-2022 07:28 AM
‎05-30-2022 07:28 AM
I am calling a Stored Procedure in MS SQL using dbxquery:     The Stored Procedure is configured with:   EXECUTE @RC = [dbo].[getSomeData] @time ,@interval ,@retVal OUTPUT ,@retErrorMessage OUTPUT GO   Am I able to access the values returned in the OUTPUT variables, i.e. retVal and retErrorMessage, from the stored procedure? All help and insight is appreciated. Thanks ... View more
Labels

Is there any way to get TA-webtools curl to use a ...

by in All Apps and Add-ons
‎02-21-2022 09:22 AM
‎02-21-2022 09:22 AM
I have seen a couple of answers about use of proxies by "curl" where it is stated that it is not possible to specify a specific proxy for each request, but it was not clear to me whether it is possible to use a proxy configured at the system level. I see in the code that you write "### Doesnt use the HTTP_PROXY or HTTPS_PROXY defined in splunk-launch.conf". But is there a way to get the "requests" call to pick up another proxy config, e.g. in Splunk's server.conf/proxyConfig or in Linux's /etc/environment? In short is there any way to get TA-webtools curl to use a proxy? Thanks ... View more
Labels

Re: CSRF problem with a reverse proxy

by in Splunk Enterprise
‎09-08-2019 07:49 AM
3 Karma
‎09-08-2019 07:49 AM
3 Karma
I have the answer to my own question. It turned out that a reverse proxy before the searchhead was changing the flags on the cookies, specifically in this case it was setting the HTTPOnly flag. Once that security feature on the reverse proxy was disable it all worked fine. ... View more

MS Log Analytics Add-On checkpointer error

by in All Apps and Add-ons
‎06-14-2019 07:01 AM
1 Karma
‎06-14-2019 07:01 AM
1 Karma
After defining a new input (named AzureMetrics) I see the following error every 60 seconds (i.e. the configured interval): DEBUG pid=XXXX tid=MainThread file=connectionpool.py:_make_request:387 | "GET /servicesNS/nobody/TA-ms-loganalytics/storage/collections/data/TA_ms_loganalytics_checkpointer/AzureMetrics HTTP/1.1" 404 140 After the 404 error there are no other DEBUG messages for the pid. A previously configured input works fine, i.e. gets a 200 response code when fetching the last checkpoint and then fetches the LogAnalytics data (and produces more DEBUG messages for the same pid). Looking in the KVStore I see that there is no entry for _key=AzureMetrics, hence the 404, whereas there is an entry for the input that works. It seems like an initial checkpoint entry should be written to the KV Store. I have tried changing the configured "start date" for the input, but that does not help. Is there something else I need to do here? ... View more

Any clues as to how to fix the header setting prob...

by in Splunk Enterprise
‎04-29-2019 07:42 AM
3 Karma
‎04-29-2019 07:42 AM
3 Karma
Hi I have a problem when accessing Splunk over a reverse proxy. It seems that the required HTTP Header X-Splunk-Form-Key is not being set by the browser. This is despite the fact that the browser has the cookie splunkweb_csrf_token_8443 from where (I guess) it copies the CSRF token. This results in error messages of the form ERROR UiAuth - Request from 10.0.0.1 to "/splunk/en-GB/splunkd/__raw/servicesNS/userName/appName/search/jobs" failed CSRF validation -- expected "8617041906791058522", but instead cookie had "8617041906791058522" and header had "" When accessing Splunk directly the HTTP header is set correctly and no errors occur. There would be two ways to fix this: 1) find out why the header is not set, or 2) disable CSRF (as a workaround). But I have had no success with either. Disabling CSRF should be possible using web.conf, but I have tried all combinations I can think of. For example, stanzas like this that try to cover all endpoints: [expose:all] methods = GET,POST pattern = ** skipCSRFProtection = 1 or, more for more specific endpoints: [expose:search] methods = GET,POST pattern = search/** skipCSRFProtection = 1 But I continue to get the CSRF validation errors. Any clues as to how to fix the header setting problem, or how to disable CSRF? Thanks ... View more
Labels

Re: How to change column header using lookup file ...

by in All Apps and Add-ons
‎03-18-2019 08:33 AM
‎03-18-2019 08:33 AM
Hi nickhillscpl Thanks for the suggestion. You are right, it is tricky. I was only getting the correct edit box about once every twenty attempts, most of the time I ended up editing the first data cell. What seems to work for most of the time me is right click on the column header and then right click (but not left click) on the "edit" option. ... View more

How to change column header using lookup file edit...

by in All Apps and Add-ons
‎03-18-2019 07:46 AM
‎03-18-2019 07:46 AM
How can I change the column name of a CSV using Lookup File Editor (v3.2.1) on a Splunk (v7.2.4) searchhead cluster. If my memory does not deceive me this was possible using Lookup Editor v2.7.1 by simply double clicking on the column header. With the latest version clicking on the header has the effect of reversing the sort order. Thanks. ... View more

Re: Changing the pass4SymmKey for Search Head Clus...

by in Deployment Architecture
‎11-02-2017 10:45 AM
‎11-02-2017 10:45 AM
Is your server.conf containing the cleartext pass4symmkey in a 'default' directory? If so it will be left in cleartext and the hashed version will be written in the corresponding local/server.conf This is described under "How pass4SymmKey gets encrypted in apps" ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-30-2022 10:48 AM
Karma given to
View All