Hi All, We have a daily scheduled report, we are triggering csv file to the User over the Email. Nowadays csv file volume is exceeding and the user is not getting csv file in mailbox due to the limitation in the user mailbox. We are trying to implement below 2 solutions and tried some ways but nothing is coming up: 1> To Compress the CSV file before sending the email to the user 2>To SPlit the csv file in chunks and then automatically user got that over the Email. we tried below solution: answers.splunk.com/answers/682915/can-you-compress-splunk-reports-before-sending-the.html docs.splunk.com/Documentation/Splunk/latest/Alert/Configuringscriptedalerts Please help me to get it fixed as we are sharing Manual report to the customer every day. Thanks ... View more

Hi Splunkers, we are using clustered enviornment, we having 3 SH .We have notified by infra team that one of our searchheads certficate is expiring on this month. this is cert.pem under $splunk_home/etc/auth/splunkweb.We have to create the Splunkweb selefsigned certificate for the same. we will follow the below steps provided in doc: https://docs.splunk.com/Documentation/Splunk/7.2.4/Security/SecureSplunkWebusingasignedcertificate we also have to change the web.conf file , as per below document it says in case of deployment manger we have to change the path of certificate over there: https://docs.splunk.com/Documentation/Splunk/7.2.4/Security/SecureSplunkWebusingasignedcertificate My Question is : 1:As we are changing the web.conf file in deployer , it will applicable for all 3 SH, so we have to create self-signed certs in all 3 SH ? 1. what is our approach for Splunkweb certs in case of Clustered enviornmant . please help !! Thanks ... View more

Hi all , We are using a clustered environment. We have the SSL certificate enable, which default shipped by Splunk. They are expiring this month. I checked the web.conf file — over there SSL is enabled, but no certificate path is mentioned. It looks like below, as SSL is enabled but no path is mentioned. Which certificate is it taking ?? [settings] enableSplunkWebSSL = 1 As per documents, we should have a stanza like below under web.conf. Turn on SSL: enableSplunkWebSSL = true absolute paths may be used here. privKeyPath = /home/user/certs/myprivatekey.pem serverCert = /home/user/certs/mycacert.pem Does Above stanza we have to write when we generate the self signed certificate ? Thanks Rohit Joshi ... View more

Hi all, We have checked the Splunk certificate on the below 2 locations: 1.$splunk_Home/etc/auth/server.pem 2.$splunk_Home/etc/auth/spunkweb/cert.pem All the certs are showing enddate this month. This I saw in all my Indexers,SH,CM,LS,Deployer,DM. Can you please help me to understand the impact due to this? What is the process I have to follow to renew the cert? ... View more

Hi All , We are running a scheduled search everyday and we are sending generated CSV file to users via splunk using email action. Now data volume is increased and user Mailbox is not accepting file more then 15 GB and they can't incerase that factor as well. We are planning to compress the file after schedule is completed and then email is triggered. I have chacked some solution but it is not working for me, can someonehelp me to sort-out this issue. Thanks ... View more