Hi Team , We are getting the below internal errors in majority of our indexers "timestamp ERROR KVStorageProvider - An error occurred during the last operation ('replSetGetStatus', domain: '15', code: '13053'): No suitable servers found (`serverSelectionTryOnce` set): [connection closed calling ismaster on '[::1]:8191']"   Can someone explain what that error messages indicates ... View more

Hi , I have search like below where the logs are coming from the fig1,fig4,fig5,fig6 indexes from either of the 2 hosts say host1 and host2.  So at a time 2 hosts won't send logs and only any of the host will be sending the logs actively to fig1 index with source type as abc.     | tstats latest(_time) as latest_time WHERE (index = fig*) (NOT index IN (fig2,fig3,)) sourcetype="abc" by host index sourcetype | eval silent_in_hours=round(( now() - latest_time)/3600,2) | where silent_in_hours>20 | eval latest_time=strftime(latest_time, "%m/%d/%Y %H:%M:%S")     I want to build logic to display if any of the host1 or host2 is sending the logs then the above query should not give any o/p (should not display the silent host because we are getting the log from other host). Thanks in advance ... View more

Hi All, I have created a dashboard which was entirely built on dynamic lookup files in a clustered environment. It basically shows the statistics content and required values of the lookup file in different panels based on the requirement. Now the requirement is to create the same dashboard in another cluster environment where the lookup files were not exist (we are not authorized to upload the necessary lookup files in this SHC). How to accomplish this? Thanks in advance 🙂 ... View more

Hi There , I can see the internal logs error message as below 2020-06-06 09:00:23,441 ERROR pid=2 tid=MainThread file=base_modinput.py:log_error:307 | HTTP Request error: 500 Server Error: Internal Server Error for url: https: ***********   Can someone guide me in fixing the issue so that the logs resume   Thanks in Advance  ... View more

Hi All, We used to get splunk alerts with a subject line defined as splunk alert : $name$ From 2 days onwards , Subject line included a string called [EXTERNAL] in all the Splunk alerts . Ex [EXTERNAL] Splunk Alert : Failure Alert . Unwanted string [EXTERNAL] was added to all the subject lines Why this [EXTERNAL] string is being adding to the splunk alerts ? How to avoid that? Thanks ... View more

Hi All, I had configured an alert with trigger action as Output results to lookup with replace option . Since the alert will run every 1 hour , a .csv will get generated with the results right. Now are there any ways to send that particular lookup file to an external location means to an external remote server location ? Thanks in advance . ... View more

Hi All, In UF installed server ,we have monitor stanza to read the .log file from a particular source named it as one of the sourcetype. I used to get the log feed upto 7 days . But suddenly it stopped and not able to see any log feed from that particular sourcetype only But I am getting the different types of log files nearly from 8 sources from the same UF installed server to indexer I had rebooted the UF but no luck . By running splunk btool command I can see the monitor stanza for the missing sourcetype in inputs.conf along with others Please guide me on this Thanks ... View more