Hi @ppablo  @oprokhorenko_sp   I want to change my primary account email address. Can you please assist me changing my primary account under my profile.  Regards, Mayana Khan  ... View more

I have a CSV file which first row contains the hear fields and remaining rows contains values as below.  name,application,targeturl,type ABC,Desktop,google.com,chrome XYZ,IOS,facebook.com,App GHI,Andriod,twitter.com,App KLM,Desktop,gmail.com,firefox  I have added props.conf as below. [pp_appeaser] CHARSET=UTF-8 INDEXED_EXTRACTIONS=csv HEADER_FIELD_ACCEPTABLE_SPECIAL_CHARACTERS=_ KV_MODE=none NO_BINARY_CHECK=true SHOULD_LINEMERGE=false category=Structured description=Comma-separated value format. Set header and other settings in "Delimited Settings" disabled=false pulldown_type=true   In search the header fields are getting as fields and as well as values as below.  also i have tried CHECK_FOR_HEADER" and "HEADER_FIELD_LINE_NUMBER=1" stanzas but i have same results.     Can you please suggest how can i resolve this issue, so the name of headers should not index as values.    ... View more

Hi, I am trying to push the problems(alerts) from dynatrace manged solution to Splunk Heavy forwarder on Http Event collector on port 8088. I am getting the "HTTP Response Code: 404 - Not Found". Can any one integrated splunk and dynatrace. ... View more

Hi, I am facing issues in fetching the metrics from dynatrace from splunk using the API through Add-On. Error in internal logs 07-08-2019 11:52:18.471 +0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_Dynatrace/bin/dynatrace_timeseries_single_metric.py" ERRORneed more than 1 value to unpack host = cSPKSRVCI01 source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd 07-08-2019 11:52:18.440 +0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_Dynatrace/bin/dynatrace_timeseries_single_metric.py" ValueError: need more than 1 value to unpack host = cSPKSRVCI01 source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd 07-08-2019 11:52:18.440 +0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_Dynatrace/bin/dynatrace_timeseries_single_metric.py" entityTypeName,entityId = entity.split("-") host = cSPKSRVCI01 source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd 07-08-2019 11:52:18.440 +0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_Dynatrace/bin/dynatrace_timeseries_single_metric.py" File "/opt/splunk/etc/apps/Splunk_TA_Dynatrace/bin/input_module_dynatrace_timeseries_single_metric.py", line 98, in collect_events host = cSPKSRVCI01 source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd 07-08-2019 11:52:18.440 +0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_Dynatrace/bin/dynatrace_timeseries_single_metric.py" input_module.collect_events(self, ew) ... View more

Hi All, In our environment, Already our team installed the "Cisco UCS Add-On" and data is getting into splunk. Now we want to integrate new UCS devices to splunk. I have update the existing conf files with new devices details and taken a restart but data is not coming for both new and existing devices. cisco_ucs_servers.conf /app/splunk/etc/apps/Splunk_TA_cisco-ucs/local [UCS_Odd1] # old device account_name = ****** account_password = ****** description = UCS data from Odd1 server_url = xx.xx.xx.xx [UCS_Even1] #New device account_name = ****** account_password = ****** description = UCS data from even1 server_url = xx.xx.xx.xx cisco_ucs_tasks.conf [UCS_monitoring] description = Monitoring UCS for prod environment disabled = 0 index = cisco-ucs interval = 300 servers = Splunk_TA_cisco-ucs:UCS_Odd1 | Splunk_TA_cisco-ucs:UCS_Even1 sourcetype = cisco:ucs templates = Splunk_TA_cisco-ucs:prod [UCS_NEW_TEST] disabled = 1 index = main interval = 300 servers = Splunk_TA_cisco-ucs:UCS_NEW sourcetype = cisco:ucs templates = Splunk_TA_cisco-ucs:prod passwords.conf [credential:_Splunk_TA_cisco-ucs_account_#Splunk_TA_cisco-ucs#UCS_Odd1:user:] password = $1$qxE5qx8PFP7KMAC8oIxQG46oGG3Oatbd [credential:_Splunk_TA_cisco-ucs_account_#Splunk_TA_cisco-ucs#UCS_Even1:user:] password = Password!@# After restart of splunk server the password for new device is not encrypting and data is not coming to splunk. Can anyone help me here please? ... View more

Hi, Splunk Enterprise can use Open JDK instead of Orace Java. Splunk can run OpenJDK? ... View more

Hi @mayurr98 Will adding hostname to ITSI entities using import CSV option impact the existing entities in ITSI? Does it delete all exiting entities and update with entries in CSV as like importing a lookup file? Regards, Mayana Khan ... View more

Hi How to install the Httpedgegrid on Search heads of Splunk Enterprise Security. @mayurr98 ... View more

Hi , Have to add the 3 dedicated SH to Search Head clustering , We have already 3 SH Clusters and 6 IDXclusters and 1 deployer in our environment. Now we have to add the new 3 dedicated search heads to New SH clusters by using existing deployer ,but it should not affect the old SHClusters, The new one will act a separate SHC by using the existing deployer ? Please suggest how to achieve this Regards. Mayana Khan ... View more

Hi, I have one glass table for multiple jobs, I want to add a button to the glass table which links to existing dashboard/Custom URL. Is there any possibility to add the button to glass table? Regards, Mayana Khan ... View more

I have created one base search and multiple services with entities and also created KPI using the base search. I try to drag the KPI to glass table to get a count of particular service. In search, I get the alert value as 6 but in glass table, it shows as 0 or 10(sum of errors of all servers). The same search is working if add a ad-hoc search in service. Base search index=os sourcetype=port_availability | dedup HostName |search Status!="Connection successful"| table _time HostName port Status| eval Priority="P3" PFA screenshots for your reference, 2: /storage/temp/228771-base-search.jpg ... View more