Hello Splunkers, I have one requirement where have 3 sites and planning to keep the search factor to 2 and replication factor to 3. Current Config: ( SF=3 and RF=3 ) [clustering] site_replication_factor = origin:1,site1:1,site2:1,site3:1,total:3 site_search_factor = origin:1,site1:1,site2:1,site3:1,total:3   To making into the Search Factor to 2 in any sites will the below settings works? [clustering] site_replication_factor = origin:1,site1:1,site2:1,site3:1,total:3 site_search_factor = origin:1,site1:1,site2:1,site3:1,total:2 To reduce to SF=2 what all steps involved? Cheers, Arun Sunny       ... View more

Hi, Splunk_TA_microsoft-cloudservices/bin/splunktamscs/ca_certs_locater.py TEMP_CERT_FILE_NAME = 'httplib2_merged_certificates_{}.crt' Whenever the inputs run this script creates the cert file under /tmp/ directory and it will never get deleted and making /tmp/ directory full. Is this a bug with the App? OR It's required to create a cert file while running inputs? Regards, Arun Sunny ... View more

Hi I am looking for a script to perform the rolling restart of Splunk service on multiple servers from the Centralised server where it has ssh access to the slave servers. Is anybody have the script? Thanks, Arun Sunny ... View more

For example I have a table like below: Col1 Col2. OnlineTestLink AA 1 link BB 2 link CC 3 link Here I need a hyperlink. So how to add? ... View more

Hey, Can we write multiple Options in one /etc/sysconfig/snmptrapd ? Also, For Example -> I have a requirement where I need to receive SNMP traps from two different sources and write those traps messages into two different log files? Please suggest what is the best way to do this? Thanks, Arun ... View more

Hey Ninjas, I'm getting the below-parsing error when indexing the JSON formatted events. ERROR LineBreakingProcessor - Line breaking regex has no capturing groups: \"} Below are the sample JSON events. {"timestamp":"2018-06-06T19:13:28.459+00:00","message":"Response time for Mongo query {\"method\":\"find\",\"collection\":\"XXXXXXX\",\"query\":{\"$and\":[{\"region.isoCountryCode\":\"GB\"},{\"abc.branchNumber\":5184},{\"classification.category\":{\"$in\":[\"Store\"]}}],\"status.currentStatus\":{\"$ne\":\"Hidden\"}},\"fields\":{}} with offset: 0, limit: 10, fields: {} is 9 ms","className":"XXXXXXXXXX","threadName":"XXXXXXXX","level":"INFO","HOSTNAME":"ip-1-0-0-0","traceId":"XXXXxXXX"} {"timestamp":"2018-06-05T14:46:53.919+00:00","message":"Response time for request: 2 ms","className":"XXXXXX","threadName":"XXXXXX","level":"INFO","HOSTNAME":"ip-0-0-0-0","traceId":"xxxxxx"} I have already tried with below props configuration but no luck. [test1] SHOULD_LINEMERGE=true NO_BINARY_CHECK=true CHARSET=UTF-8 INDEXED_EXTRACTIONS=json KV_MODE=none category=Structured description=JavaScript Object Notation format. For more information, visit http://json.org/ disabled=false pulldown_type=true [test2] BREAK_ONLY_BEFORE=^{ CHARSET=UTF-8 SHOULD_LINEMERGE=true category=Structured description=A variant of the JSON source type, with support for nonexistent timestamps disabled=false pulldown_type=true TIME_FORMAT=%Y-%m-%dT%H:%M:%S.%3N TIME_PREFIX=^{\"timestamp\":\" [test3] BREAK_ONLY_BEFORE=^{ CHARSET=UTF-8 SHOULD_LINEMERGE=true category=Structured description=A variant of the JSON source type, with support for nonexistent timestamps disabled=false pulldown_type=true TIME_FORMAT=%Y-%m-%dT%H:%M:%S.%3N TIME_PREFIX=^{\"timestamp\":\" LINE_BREAKER=\"traceId\":\"[\w\d-]+\"} Please let me know anyone come across on this issue ..... ... View more