Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About aguilard
aguilard
Explorer
Member since:
12-12-2023
01-04-2024
Community Statistics
| Posts | 9 |
| Solutions | 1 |
| Karma Given | 5 |
| Karma Received | 0 |
| Member Since | 12-12-2023 |
Activity Feed
- Posted After upgrade to 9.1.2 all users try to execute "admin_all_objects" on Splunk Enterprise. 01-04-2024 01:48 AM
- Tagged After upgrade to 9.1.2 all users try to execute "admin_all_objects" on Splunk Enterprise. 01-04-2024 01:48 AM
- Tagged After upgrade to 9.1.2 all users try to execute "admin_all_objects" on Splunk Enterprise. 01-04-2024 01:48 AM
- Karma Re: Open multiple receiving ports on a indexer cluster for gcusello. 12-19-2023 05:42 AM
- Karma Re: Open multiple receiving ports on a indexer cluster for gcusello. 12-19-2023 05:10 AM
- Karma Re: Open multiple receiving ports on a indexer cluster for gcusello. 12-19-2023 05:10 AM
- Posted Re: Open multiple receiving ports on a indexer cluster on Installation. 12-19-2023 04:36 AM
- Posted Re: Open multiple receiving ports on a indexer cluster on Installation. 12-19-2023 04:17 AM
- Posted Re: Open multiple receiving ports on a indexer cluster on Installation. 12-19-2023 03:52 AM
- Posted Open multiple receiving ports on a indexer cluster on Installation. 12-19-2023 02:40 AM
- Tagged Open multiple receiving ports on a indexer cluster on Installation. 12-19-2023 02:40 AM
- Tagged Open multiple receiving ports on a indexer cluster on Installation. 12-19-2023 02:40 AM
- Karma Re: Search Head Cluster Deployer doesn't push ITSI apps for gcusello. 12-19-2023 02:29 AM
- Karma Re: Search Head Cluster Deployer doesn't push ITSI apps for gcusello. 12-19-2023 02:29 AM
- Posted Re: Search Head Cluster Deployer doesn't push ITSI apps on Installation. 12-16-2023 03:43 AM
- Posted Re: Search Head Cluster Deployer doesn't push ITSI apps on Installation. 12-13-2023 03:35 AM
- Posted Re: Search Head Cluster Deployer doesn't push ITSI apps on Installation. 12-13-2023 01:05 AM
- Posted Search Head Cluster Deployer doesn't push ITSI apps on Installation. 12-12-2023 12:14 PM
- Tagged Search Head Cluster Deployer doesn't push ITSI apps on Installation. 12-12-2023 12:14 PM
- Tagged Search Head Cluster Deployer doesn't push ITSI apps on Installation. 12-12-2023 12:14 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
01-04-2024
01:48 AM
Hi, Yesterday I upgraded a splunk instance from 8.2.6 to 9.1.2. Afterwards all users that have the role "user" are logging every 10 milliseconds this log: 01-04-2024 08:53:44.220 +0000 INFO AuditLogger - Audit:[timestamp=01-04-2024 08:53:44.220, user=test_user, action=admin_all_objects, info=denied ] This issue is filling the index _audit very fast and I had to reduce the index size as a workaround but I doesn't resolve the problem. Have you ever have these problem in your enviroment?
... View more
Labels
12-19-2023
04:36 AM
Hi @gcusello I think I understand now... Yes I want to receive logs from UFW. In that case I only need to set the inputs.conf file as you said and in the UFWs set the values for index and sourcetype, right? Thank you.
... View more
12-19-2023
04:17 AM
Thanks for your response @gcusello Maybe I do not understand some splunk concepts very well. All I want is if an event arrives to the port 9998 it should be indexed in the index iscore_test. As if it the event arrives to the port the event should be indexed in the index iscore_prod. The inputs.conf that I setted for this app would be correct?
... View more
12-19-2023
03:52 AM
The indexes.conf is it copied succesfully and the indexer create the indexes correctly, the problem is the inputs.conf that is not working properly.
... View more
12-19-2023
02:40 AM
Hello, I would like to separate my data streams by opening three receving ports. I have a multisite indexer cluster and I have created an app with this default inputs.conf file [tcp://9998]
disabled = 0
index = iscore_test
sourcetype = iscore_test
connection_host = ip
[tcp://9999]
disabled = 0
index = iscore_prod
sourcetype = iscore_prod
connection_host = ip But when I check the receiving ports on the indexer it only shows the 9997 (that I would like to use just for splunk internal logs) I think there is a faster way to do this rather than set the receiving ports manually in each indexer. I already checked and the app that I created was successfully copied to the indexers.
... View more
Labels
- Labels:
-
indexer
12-16-2023
03:43 AM
I fixed the problem simply restarting the cluster and I worked 🙂 Thanks 🙂
... View more
12-13-2023
03:35 AM
Ciao @gcusello , Maybe I didn't explain myself correctly. I meant that when the deployer moves the apps to /opt/splunk/var/run/splunk/deploy/apps it created the apps with "-local" But i just discovered that it was for a misconfiguration in the app.conf file deploy mode. I already fixed it and now the SHs have all the ITSI apps on the etc/apps directory. But I'm facing a new problem, when I start ITSI I got this message But it has no sense because it is the first installation... Thanks for your response and time
... View more
12-13-2023
01:05 AM
Hello @gcusello , I do not have error messages on the Deployer. I have plenty of space in the disk of the Deployer, I already checked. The owner of the files is splunk and it's been installed and ran with user Splunk. The thing that I noticed 20 minutes ago and I do not why is when the deployer pushes the ITSI apps to /opt/splunk/var/run/splunk/apps it adds at the of the folder the word "-local" and I just checked that in other installations that I manage it doesn't occur. Thanks for the response
... View more
12-12-2023
12:14 PM
Hello, I'm trying to install Splunk ITSI 4.17.1 in a Search Head Cluster with Splunk Enterprise 9.1.2. I already extract the .spl in the directory $SPLUNK_HOME$/etc/shcluster/apps but when I execute the command splunk apply shcluster-bundle it shows that it has deployed everything correctly but when I go to the Search Heads none of the ITSI apps are deployed. i just made a test deploying another simple app just for testing purposes and it worked. Do you have any idea?
... View more
Labels
- Labels:
-
Linux
-
search head
