Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About inventsekar
inventsekar
Champion
Member since:
06-19-2015
3 weeks ago
Community Statistics
| Posts | 899 |
| Solutions | 114 |
| Karma Given | 71 |
| Karma Received | 204 |
| Member Since | 06-19-2015 |
Activity Feed
- Posted Re: Run Splunk as non-root user on Deployment Architecture. 3 weeks ago
- Got Karma for Re: Need suggestions to deploy HA Splunk Architecture?. a month ago
- Got Karma for Re: Splunk Join command basics / newbie examples. 07-04-2020 03:55 PM
- Posted Re: Splunk Join command basics / newbie examples on Splunk Enterprise. 07-04-2020 11:54 AM
- Posted Re: Fresh splunk install - This site can’t be reached on Splunk Enterprise. 07-04-2020 11:49 AM
- Posted Fresh splunk install - This site can’t be reached on Splunk Enterprise. 07-04-2020 08:36 AM
- Posted Re: Splunk Join command basics / newbie examples on Splunk Enterprise. 06-18-2020 08:17 PM
- Posted Re: Splunk Join command basics / newbie examples on Splunk Enterprise. 06-16-2020 04:37 AM
- Posted Splunk Join command basics / newbie examples on Splunk Enterprise. 06-16-2020 04:30 AM
- Tagged Splunk Join command basics / newbie examples on Splunk Enterprise. 06-16-2020 04:30 AM
- Got Karma for Re: How do I calculate the Enterprise security App license usage ?. 06-14-2020 10:36 PM
- Posted Re: What happened to Answers? The change is for the worse on Feedback. 06-10-2020 03:26 PM
- Karma Re: Splunk Support team and Diag File - Migrate / reproduce a Splunk instance for renjith_nair. 06-05-2020 12:50 AM
- Karma Re: What is the best way to find searches without sourcetype or index defined? for sloshburch. 06-05-2020 12:50 AM
- Karma Re: How can i use the append command based on an If condition ? for FrankVl. 06-05-2020 12:50 AM
- Karma Re: How to Calculate Splunk Organic Growth for Richfez. 06-05-2020 12:50 AM
- Karma Re: Is it possible to Identify splunk forwarder location ? for harsmarvania57. 06-05-2020 12:50 AM
- Karma Re: [SmartStore] How to verify splunk indexer connectivty to remote storage? for rbal_splunk. 06-05-2020 12:50 AM
- Karma Re: Are values() returned by Splunk in a search sorted alphabetically? for morethanyell. 06-05-2020 12:50 AM
- Karma Re: reports time range picker gives invalid time for skoelpin. 06-05-2020 12:50 AM
3 weeks ago
Hi, may i know if you face issue on UF or Light forwarder or splunk enterprise, please. Your splunk version number, pls.
... View more
07-04-2020
11:54 AM
Hi All, the splunk left join and outer join - both are same ah?!?!
... View more
07-04-2020
11:49 AM
Hi @gcusello the local firewall is turned off, ubuntu@sekar:~$ sudo ufw status [sudo] password for ubuntu: Status: inactive ubuntu@sekar:~$ the user running the splunk process is root. the issue is with the hostname "http://sekar.splunk.com:8000" but, its connecting to 127.0.0.1 fine.. (http://127.0.0.1:8000/en-GB/account/login?return_to=%2Fen-GB%2F ) ok, i have setup this around 3 months ago..seems something broken, let me check it, thanks.
... View more
07-04-2020
08:36 AM
Hi, A fresh install of splunk enterprise on my ubuntu: root@sekar:/opt/splunk/var/log/splunk# uname -a Linux sekar.splunk.com 4.15.0-101-generic #102-Ubuntu SMP Mon May 11 10:07:26 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux root@sekar:/opt/splunk/var/log/splunk# install went fine, service is running fine as well.. root@sekar:/opt/splunk/bin# ./splunk status splunkd is running (PID: 5462). splunk helpers are running (PIDs: 5463 5477 5550 5564). root@sekar:/opt/splunk/bin# port 8000 is used by splunkd only.. root@sekar:/opt/splunk/bin# lsof -i :8000 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME splunkd 5462 root 112u IPv4 57851 0t0 TCP *:8000 (LISTEN) root@sekar:/opt/splunk/bin# still, the splunk web page is not loading up.. it says: This site can’t be reached sekar.splunk.com took too long to respond. Try: Checking the connection Checking the proxy and the firewall ERR_CONNECTION_TIMED_OUT please suggest. thanks.
... View more
- Tags:
- freshinstall
- webgui
06-18-2020
08:17 PM
Accepting the above as solution.. Please reply your views, karma points 😉
... View more
06-16-2020
04:37 AM
1 Karma
Lets take 2 simple files: ubuntu@sekar:~$ more /tmp/names1 name=a name=b name=c name=e name=f ubuntu@sekar:~$ more /tmp/names2 name=d name=f name=g name=h name=i ubuntu@sekar:~$ i uploaded these 2 files and used the join command: 1. inner join example: (inner join is the default join method): 2. left join example: 3. outer join example:
... View more
06-16-2020
04:30 AM
Hi All... For those who already know some SQL, the join commands are pretty easy. Some of my teammates who are non-sql members, they were not aware of join, and when they try to read docs, they could not understand easily. Hence i thought to create this post for all. Thanks.
... View more
Labels
06-10-2020
03:26 PM
one more thing... before update, i actually had around 300+ karma points.. but after update, now i have only "201" !!! you guys also faced this ah?!?
... View more
09-12-2019
10:06 PM
Hi, For a testing purposes, can i have few long running search SPL queries please.
Using the search tutorials sample data would be of great help.
I assume subsearches, join would be good fit for long running searches. Can you pls write some simple/basic long running SPL queries. Thx
... View more
- Tags:
- splunk-enterprise
08-31-2019
03:55 PM
Searched, read, tried all options at that doc link at point number 1, but still no luck.
Please provide me step by step configuration for few examples(file output, splunkstream output, replay, any other interesting methods and you can have my 50 karma points. Thanks
... View more
08-31-2019
05:08 AM
Tried that suggestions, but still no luck.
Any other suggestion please
... View more
08-31-2019
05:06 AM
The bundle structure i followed, but still no luck.
... View more
08-29-2019
11:35 PM
i see these logs on splunkd.log:
08-30-2019 05:10:36.475 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Loading module 'output.awss3' from 'awss3.py'"}
08-30-2019 05:10:36.475 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunkeventgen/lib/plugins/output/counter.py'"}
08-30-2019 05:10:36.478 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Loading module 'output.counter' from 'counter.py'"}
08-30-2019 05:10:36.478 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunkeventgen/lib/plugins/output/devnull.py'"}
08-30-2019 05:10:36.481 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Loading module 'output.devnull' from 'devnull.py'"}
08-30-2019 05:10:36.481 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunkeventgen/lib/plugins/output/file.py'"}
08-30-2019 05:10:36.483 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Loading module 'output.file' from 'file.py'"}
08-30-2019 05:10:36.483 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunkeventgen/lib/plugins/output/httpevent.py'"}
08-30-2019 05:10:36.515 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Loading module 'output.httpevent' from 'httpevent.py'"}
08-30-2019 05:10:36.515 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunkeventgen/lib/plugins/output/httpeventcore.py'"}
08-30-2019 05:10:36.515 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Loading module 'output.httpeventcore' from 'httpeventcore.py'"}
08-30-2019 05:10:36.515 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SA-Eventgen/bin/modinputeventgen.py" 2019-08-30 05:10:36 eventgen DEBUG MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunkeventgen/lib/plugins/output/metrichttpevent.py'"}
... View more
08-29-2019
11:23 PM
testapp permissions modified to global. waited for few mins.. but no events yet.
should i restart splunk?
... View more
08-29-2019
10:39 PM
ya, i updated the config file..
[root@ip-address default]# more eventgen.conf
[sample.tutorial1]
mode = replay
sampletype = csv
timeMultiple = 2
backfill = -15m
backfillSearch = index=main sourcetype=splunkd
token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}
token.0.replacementType = timestamp
token.0.replacement = %Y-%m-%d %H:%M:%S,%f
[root@ip-address default]# pwd
/opt/splunk/etc/apps/testapp/default
[root@ip-address default]#
... View more
08-29-2019
10:33 PM
ya, i created this config file,.. modular input has been enabled. but no events yet.
[root@ip-address default]# pwd
/opt/splunk/etc/apps/testapp/default
[root@ip-address default]# more eventgen.conf
[sample.tutorial1]
mode = replay
sampletype = csv
timeMultiple = 2
backfill = -15m
backfillSearch = index=main sourcetype=splunkd
outputMode = splunkstream
splunkHost = localhost
splunkUser = admin
splunkPass = changeme
token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}
token.0.replacementType = timestamp
token.0.replacement = %Y-%m-%d %H:%M:%S,%f
[root@ip-address default]#
... View more
08-29-2019
08:47 AM
Any updates please
... View more
08-29-2019
02:58 AM
Some "search head " has indexes 10 list of it
the other has 15 list in setting -> indexes
-----this part is bit confusing.. could you please write your question once again. thanks.
... View more
08-28-2019
10:31 PM
When I check indexes list in indexer peer node,
every indexer has the same 30 indexes in the list
Only search head got the splunk GUI. the splunk indexer got no splunk GUI.
only indexer will have indexes. the search head handles only the search requests(and few more functionalities)
From Search head, it internally connects to indexer and gets the list of indexer.
i assume yours is a distributed but not clustered environment.
so, it may be possible that, one search head(SH1) connects an indexer(IDX1), whereas another search head(SH2) may connect to another indexer(IDX2). The indexes configured on IDX1 may be different from IDX2.
... View more
08-27-2019
05:27 AM
Hi All,.
i have been following this doc:
http://splunk.github.io/eventgen/
a fresh splunk installation
splunk eventgen installed as a Splunk App.
created a sample app (testapp)
given permission as "All apps (system)"
created this file:
/opt/splunk/etc/apps/testapp/default/eventgen.conf
[sample.tutorial1]
mode = replay
sampletype = csv
timeMultiple = 2
backfill = -15m
backfillSearch = index=main sourcetype=splunkd
outputMode = splunkstream
splunkHost = localhost
splunkUser = admin
splunkPass = changeme
token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}
token.0.replacementType = timestamp
token.0.replacement = %Y-%m-%d %H:%M:%S,%f
updated the password:
splunkUser = admin
splunkPass = changeme
a sample file is already present at
/opt/splunk/etc/apps/SA-Eventgen/samples/sample.tutorial1
restarted the splunk. No events.
copied this above file to testapp
cp /opt/splunk/etc/apps/SA-Eventgen/samples/sample.tutorial1 /opt/splunk/etc/apps/testapp/samples
restarted splunk. NO events.
Any help would be appreciated. thanks!
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
3 weeks ago
|
