Activity Feed
- Posted Re: How Splunk SVCs getting calculated? on Splunk Cloud Platform. 09-12-2024 01:43 AM
- Posted How Splunk SVCs getting calculated? on Splunk Cloud Platform. 09-11-2024 11:02 PM
- Tagged How Splunk SVCs getting calculated? on Splunk Cloud Platform. 09-11-2024 11:02 PM
- Got Karma for Why is Pagerduty integration with Splunk not working and returning the following error code?: "Error in 'sendalert' command: Alert script returned error code 1". 09-09-2024 03:45 AM
- Got Karma for Re: Why am I getting error "libssl.so.1.0.0: cannot open shared object file: No such file or directory" trying to implement a custom search command in Python?. 02-20-2024 08:37 AM
- Posted Re: Does disabling an App or Add-on also disables its respective objects/configurations? on All Apps and Add-ons. 06-13-2023 06:12 AM
- Karma Re: Does disabling an App or Add-on also disables its respective objects/configurations? for richgalloway. 06-13-2023 06:07 AM
- Posted Does disabling an App or Add-on also disables its respective objects/configurations? on All Apps and Add-ons. 06-13-2023 03:10 AM
- Got Karma for Why is Pagerduty integration with Splunk not working and returning the following error code?: "Error in 'sendalert' command: Alert script returned error code 1". 12-14-2022 08:27 AM
- Got Karma for Re: Why am I getting error "libssl.so.1.0.0: cannot open shared object file: No such file or directory" trying to implement a custom search command in Python?. 10-19-2022 07:20 AM
- Posted Re: Splunk Add on for McAfee DAM (Database Activity Monitor) on Getting Data In. 08-03-2022 06:16 AM
- Karma Re: How to show the key from an inputlookup command from a KVStore? for elliotproebstel. 10-13-2021 09:13 AM
- Posted Splunk Apps/TAs permission changes post deployment on Deployment Architecture. 06-17-2021 11:33 PM
- Karma Re: How to search a list of sourcetypes by index and save it as a dashboard panel? for MuS. 06-16-2021 09:32 PM
- Posted Re: Unable to get complete users list from | rest /services/authentication/users on Splunk Enterprise. 04-24-2021 07:23 PM
- Posted Unable to get complete users list from | rest /services/authentication/users on Splunk Enterprise. 04-24-2021 12:36 AM
- Tagged Unable to get complete users list from | rest /services/authentication/users on Splunk Enterprise. 04-24-2021 12:36 AM
- Tagged Unable to get complete users list from | rest /services/authentication/users on Splunk Enterprise. 04-24-2021 12:36 AM
- Tagged Unable to get complete users list from | rest /services/authentication/users on Splunk Enterprise. 04-24-2021 12:36 AM
- Posted cve-lookup app not fetching CVE-2021 data from nvd on All Apps and Add-ons. 02-01-2021 07:15 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
09-12-2024
01:43 AM
@deepakc Already gone thru this. But like I said need examples on how SVC figure is actually getting calculated
... View more
09-11-2024
11:02 PM
Good day guys, Need to know how SVCs are actually getting calculated? With examples please! I have already gone thru splunk docs n yt vids but still wanted to know how SVCs figure are getting concluded? Kindly suggest Thanks in advance
... View more
Labels
06-13-2023
06:12 AM
Hi @richgalloway .. Thanks .. I already know that it will disable all its configurations as well. Also I did test it and showed output but that's not enough with my current engagement hence looking for any link which supports it as I need to showcase the same that its something which is coming directly from Splunk (vendor).. anyways karma given for considering my query 🙂
... View more
06-13-2023
03:10 AM
Dear Techies, Does disabling an App or Add-on also disables its respective objects/configurations in Splunk Cloud/Enterprise? Please share links to support your answers if any as I would be needing it. -Thanks
... View more
Labels
- Labels:
-
administration
-
configuration
08-03-2022
06:16 AM
Hi @aruncp333 .. i know its a big gap since you have raised it but could you please confirm if you got any answer/solution for the same and if you can share the same. Thanks
... View more
06-17-2021
11:33 PM
Good Day Guys, I am facing strange issue on my 8.1.0 version Splunk cluster environment. In our Splunk cluster environment built on linux, whenever any app (be it standard from splunkbase or some custom) is getting pushed from either masternode or deployer, the app permission gets changed on respectve members. For ex: On deployer under $SPLUNK_HOME/etc/shcluster/apps/test_app has 755 or 777 permission. But when it gets pushed to searchhead members, permission of app gets changed to 600. P.S. it doesn't seems to be an OS issue but Splunk issue only as I have already get it checked thoroughly with system administrator Also I can see one SPL is already in place (SP-109430) but its specific to windows. Waiting for your valuable feedback/comments on this issue. Thanks in advance,
... View more
04-24-2021
07:23 PM
Hi @richgalloway Thanks but both rest queries are meant to perform same operations. And so even with this query I am getting same results
... View more
04-24-2021
12:36 AM
Hi All, We are having multisite splunk architecture (version 8.1.0) and using LDAP for users authentication. We are not getting complete list of users using | rest /services/authentication/users. Although I checked on each SH member and able to see all users inside /opt/splunk/etc/users/ I already checked few technotes: https://community.splunk.com/t5/Security/Users-missing-from-Access-Control/m-p/487058 Wrt above technote, we don't have those two attributes (edit_roles_grantable, grantableRoles) enabled already, so the above technote is of no use for my issue. Also I did rolling restart but still users are not reflecting in rest search query. Please suggest? Thanks,
... View more
Labels
02-01-2021
07:15 AM
Hello there, We have CVE lookup App installed in our environment. We are able to see CVE data from nvd page in our Splunk via CVE-lookup but only till 2020. CVE-2021 data is not getting fetched. When checked over splunkbase we saw below notes: https://splunkbase.splunk.com/app/4540/ "Now supports latest nvd 1.1 json feed Supports year 2018,2019 and 2020 Removed vendor/product specific information because of the updated nvd 1.1 feed Contains scripted input which may affect deployment to distributed environments" Any suggestions please on how to resolve this. Meanwhile I have already dropped email to Developer of this app.
... View more
- Tags:
- cve
- cve-lookup
- nvd
Labels
- Labels:
-
troubleshooting
12-01-2020
08:12 PM
@gcusello thank you and happy splunking 🙂
... View more
12-01-2020
08:11 PM
Hi @ramarcsight , I know its pretty old but just wanted to check if by any chance did you manage to resolve it? As I am facing similar issue now post upgrading environment to 8.1.X -Thanks
... View more
12-01-2020
02:35 AM
Thank you @gcusello . I will go for Splunk_TA_nix option
... View more
11-30-2020
11:25 PM
Hi Guys,
In my project environment, every splunkd is installed using splunk user. So I need to create an alert if any splunkd on any splunk server (enterprise or UF) gets started with root or any other user post boot or if anyone starts it with any other user than splunk.
Please suggest.
-Thanks
... View more
Labels
- Labels:
-
forwarder
-
indexer clustering
-
splunkd
08-30-2020
06:34 PM
Hi @jmallorquin Could you please tell me how it got resolved as even I am facing same issue. -Thanks in advance
... View more
05-10-2020
07:47 PM
Guys, Any clue?
... View more
04-29-2020
10:14 PM
Hello,
Very frequently we getting below two errors in _internal logs in our Splunk Cloud Managed environment:
04-30-2020 05:09:05.513 +0000 ERROR DataModelValidator - '-12undefined' is not a time string. 04-30-2020 05:09:05.513 +0000 ERROR AdminManagerValidation - '-12undefined' is not a time string.
Not sure how to get in detail of it? Any clue guys?
Thanks in advance
... View more
Labels
- Labels:
-
error
03-25-2020
10:38 PM
@damann thank you
... View more
10-25-2019
03:16 AM
Thank you once again
... View more
10-25-2019
02:11 AM
Thank you @broberg
So is there anything I need to take care wrt ES and ITSI on same multisite architecture apart from implementing/configuring them on separate searchhead cluster??
... View more
10-25-2019
01:46 AM
Hi @broberg
Could you please also let me know the data volume per day in your environment is?
... View more
10-24-2019
06:24 PM
Hello Experts,
Checking if we can plan and implement splunk itsi (on a separate sh cluster) and splunk es(on a separate sh cluster) both pointing to same set of indexer cluster?
Please provide links if there's any available justifying above
... View more
10-10-2019
06:26 PM
Hi @skrajkumar_splunk
Thanks but I already carried out both the approaches and both are not useful when it comes to SAI.
Be it winhostmon or wmi, once you have configured, it will forward the events to SAI, but you won't find any alerting option on such event based metrics, while rest all metrics of SAI shows alerting option. Also it will be attached to SAI as a count query which is not at all useful as it neither shows service name nor if its up or down.
And now the second cons is wrt wmi. In general let say we are not doing it for SAI but to get the service status and apply alerting using searh query or to create dashboard/reports; in that case too Wmi cons are more impacting than its pros. No doubt wmi provides flexibility to choose the specific services but it won't extract complete name of Services (be it DisplayName or Name field) but will only extract first name
So neither of the approach is useful when it comes to SAI.
Thanks,
@kundanbbisht
... View more
10-09-2019
08:16 PM
Hi @DUThibault , did you get any scope on where we can change this Interesting field filtering percentage?
... View more
10-09-2019
05:16 AM
Dear Splunkers,
I have Splunk App for Infrastructure installed on Splunk Cloud and have already onboarded windows details using easy install script but no where I can see Services data to perform real time monitoring of services.msc
Could you please guide here?
... View more
09-04-2019
02:50 AM
Hi Readers,
In my Splunk Cloud environment, we using HWF on Windows to fetch inputs via REST API (for example using Solarwinds Add-On for Splunk).
We not using any UF as its not required.
Wanted to know if there's any workaround/solution (be it splunk provided or third party) to implement HA for HWF
Thanks in advance
... View more
