cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
brendanmacooper
Explorer
Member since: ‎10-10-2017
‎06-09-2020
Community Statistics
Posts 5
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎10-10-2017
Topics I've Started
No posts to display.
View All

Re: Can't perform a GET action with this add-on

by in All Apps and Add-ons
‎04-28-2020 12:31 AM
‎04-28-2020 12:31 AM
@pwild_splunk Can you try setting the ingestion index. There was a bug where this option needed to be set even if it wasn't used. I have a new version for Splunk 8 coming out soon™ that will fix this and a couple of other issues ... View more

Re: Is there any documentation that can help with ...

by in All Apps and Add-ons
‎11-21-2019 09:07 PM
‎11-21-2019 09:07 PM
I personally use the excellent RequestBin.com site to test all my config. Endpoint = https://xxxxxxxxxxx.x.pipedream.net/ Query string params (optional) - Query string is commonly denoted keyvalues after a question mark. IE www.example.splunkcloud.com/en-GB/account/login?loginType=splunk. In this example loginType=splunk is a querystring. Custom headers (optional) = These allow you to add custom headers. This is most commonly used for basic authentication. Payload = If your search returns the fields Test & Source then you could specify source={source};test={test}. To send JSON in this version of the app. You must construct the JSON string in your SPL search IE |eval json="{source:'".source."',test:'".test."'}" and then reference that field IE Payload = {json} I admit this is clunky and would be hard to maintain for long JSON values; I'd suggest a purpose-built app if your JSON is complex or nested. HTTP Method =POST Ingest response to index = If you wish you ingest the response, specific the index here Ingest Safety Max Size = This is the safety net to stop ingesting values greater than expected. If you don't want to ingest the response, set the value to 0 Should be able to identify errors with the following search. "index=_internal sourcetype=splunkd component=sendmodalert action="send_custom_rest_request" ... View more

Re: Cluster master in the cloud?

by in Deployment Architecture
‎07-24-2019 10:59 PM
‎07-24-2019 10:59 PM
Hi Jeremy, The Splunk Validated Architectures document is great place to start with these kind of questions. If you truly need full HA between DCs you might need a multi-site cluster. This will allow you to specify how many copies of the data you want to keep in each site (DC). In the SVA, the examples start with 'M'. That being said doing multi-site cluster with only 3 indexers is overkill so I'd question whether you truly need it. A normal clustered environment might better suit your requirements if you can accept the risk. ... View more

Re: How to monitor the HTTP Alert Action?

by in All Apps and Add-ons
‎07-24-2019 05:22 PM
‎07-24-2019 05:22 PM
@mihenn Can you confirm whether adding the ingestion_safety fixed the issue? ... View more

Re: How to monitor the HTTP Alert Action?

by in All Apps and Add-ons
‎07-23-2019 06:49 AM
‎07-23-2019 06:49 AM
Can you try setting the ingestion_safety variable. There's a known issue with version 1.1 which has been fixed in the yet to be released version 1.2 action.send_custom_rest_request.param.ingestion_safety_max_size = 0 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-09-2020 10:59 PM