Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About NK
NK
Explorer
Member since:
06-10-2010
07-19-2023
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 0 |
| Member Since | 06-10-2010 |
Activity Feed
- Tagged Re: Why are we getting an error "SCRAM-SHA-1 authentication failed" on kvstore? on Getting Data In. 07-19-2023 09:11 AM
- Tagged Re: Why are we getting an error "SCRAM-SHA-1 authentication failed" on kvstore? on Getting Data In. 07-19-2023 09:11 AM
- Tagged Re: Why are we getting an error "SCRAM-SHA-1 authentication failed" on kvstore? on Getting Data In. 07-19-2023 09:11 AM
- Tagged Re: Why are we getting an error "SCRAM-SHA-1 authentication failed" on kvstore? on Getting Data In. 07-19-2023 09:11 AM
- Posted Re: Why are we getting an error "SCRAM-SHA-1 authentication failed" on kvstore? on Getting Data In. 07-19-2023 09:08 AM
- Karma Re: Renewing server.pem certificate for vishaltaneja070. 07-19-2023 08:57 AM
- Karma Why are we getting an error "SCRAM-SHA-1 authentication failed" on kvstore? for tokio13. 07-19-2023 08:50 AM
- Posted Re: Troubleshooting: Invalid Key Stanza alert_actions.conf on Splunk Enterprise. 06-22-2023 05:26 PM
- Tagged Re: Troubleshooting: Invalid Key Stanza alert_actions.conf on Splunk Enterprise. 06-22-2023 05:26 PM
- Tagged Re: Troubleshooting: Invalid Key Stanza alert_actions.conf on Splunk Enterprise. 06-22-2023 05:26 PM
- Tagged Re: Troubleshooting: Invalid Key Stanza alert_actions.conf on Splunk Enterprise. 06-22-2023 05:26 PM
- Posted How does one restart just the KV Store process on a Windows system? on Monitoring Splunk. 06-12-2023 07:43 AM
- Tagged How does one restart just the KV Store process on a Windows system? on Monitoring Splunk. 06-12-2023 07:43 AM
- Tagged How does one restart just the KV Store process on a Windows system? on Monitoring Splunk. 06-12-2023 07:43 AM
- Tagged How does one restart just the KV Store process on a Windows system? on Monitoring Splunk. 06-12-2023 07:43 AM
- Tagged Re: When trying to create a self-sign certificate, why am I receiving "unknown option -config" and "can't open config file" errors? on Getting Data In. 06-09-2023 03:53 PM
- Karma Re: When trying to create a self-sign certificate, why am I receiving "unknown option -config" and "can't open config file" errors? for rbreton. 06-09-2023 03:52 PM
- Posted Re: Splunk Enterprise Windows - openssl.cnf file default location on Security. 06-09-2023 03:43 PM
- Posted Re: Splunk Enterprise Windows - openssl.cnf file default location on Security. 06-09-2023 07:46 AM
- Posted Splunk Enterprise Windows - openssl.cnf file default location? on Security. 06-09-2023 07:41 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
07-19-2023
09:08 AM
I'm seeing the same message logged in mongod.log with Splunk v8.2.10 running on Windows Server. It is logged as Info ("I ACCESS") instead of Error ("E ACCESS"), so maybe it can be ignored? Not sure which location "storedKey" it is referring to: The expired Splunk local certificate was renewed a few months ago (server.pem), but there was still an old copy residing in Windows' certlm.msc repository. Updating the latter doesn't appear to fix the issue. Environment Variable SSL_CERT_FILE pointing to server.pem doesn't help either.
... View more
06-22-2023
05:26 PM
Splunk Windows 8.2.10 (upgraded from 8.2.6) - Who/What would put that in alert_actions.conf? [email] show_password = True Should I: a. delete the alert_actions.conf file (nothing else is in the file) ? b. Change it to False? c. delete the file contents, but leave the empty file there?
... View more
06-12-2023
07:43 AM
Using Splunk Enterprise for Windows, v8.2.10
When the KV Store process terminates abnormally, the "Health Status of Splunkd" window still indicates green for everything. 😕
How does one restart just the KV Store process on a Windows system?
KV Store process terminated abnormally
... View more
Labels
- Labels:
-
KV Store
06-09-2023
03:43 PM
@inventsekar wrote: the path was configured mistakenly i think. Where is that path configured in a Windows Splunk Enterprise installation? Update: Looks like @rbreton answered it here in 2017! I need another Windows environment variable: OPENSSL_CONF = %SPLUNK_HOME%\openssl.cnf
... View more
06-09-2023
07:46 AM
Discovered when I was doing the following: C:\Splunk>%SPLUNK_HOME%\bin\openssl x509 -enddate -noout -in %SPLUNK_HOME%\etc\auth\server.pem
WARNING: can't open config file: C:\\gitlab_runner\\builds\\build_home\\splunk/ssl/openssl.cnf
notAfter=May 17 23:44:06 2026 GMT
... View more
06-09-2023
07:41 AM
WARNING: can't open config file: C:\\gitlab_runner\\builds\\build_home\\splunk/ssl/openssl.cnf
So why is the default location of openssl.cnf not %SPLUNK_HOME% ?
C:\Splunk>%SPLUNK_HOME%\bin\openssl version -d
OPENSSLDIR: "C:\\gitlab_runner\\builds\\build_home\\splunk/ssl"
Do I need to create the above "gitlab_runner" directory structure to suppress the warnings?
(Using Splunk Enterprise Windows v8.2.10)
... View more
02-20-2023
09:28 AM
@PickleRick , it's a small system (mostly for dev work): everything on 1 Wintel Splunk Server; not distributed/clustered. A couple of remote machines that use a UF.
... View more
02-20-2023
09:22 AM
For the record, remote UF inputs.conf: [monitor://C:\pathname\xyz.log]
sourcetype = XYZ
index = xyz
disabled = 0 and Splunk Server props.conf: [source::...\\xyz.log]
sourcetype = XYZ doesn't do it; the data from remote UF gets the right sourcetype, but still gets indexed into main not xyz. (The local xyz.log data coming from the Splunk Server directory gets the right sourcetype and goes into index xyz) Something on the Splunk Server is over-riding the explicit index specification on the remote UF? Going to try the other recommendation for props.conf and transforms.conf
... View more
02-19-2023
08:22 AM
@gcusello , that looks like a setup for local files. (I have that set up via Splunk's "Data inputs" --> "Files & directories") It does not seem to work for remote files coming in via the Splunk Universal Forwarder. They may have different drive letters and pathnames, but the same filename (xyz.log).
... View more
02-17-2023
05:23 PM
I want any logfile (local, or remote via a UniversalForwarder) with the filename "xyz.log" to have a sourcetype of XYZ, and get indexed in my xyz index (not the main index). What do I need to put in props.conf? Do I also need to configure transforms.conf?
I'm using Splunk Enterprise v8 on Windows.
current props.conf:
[source::...\\xyz.log] sourcetype = XYZ
... View more
Labels
- Labels:
-
index
-
sourcetype
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-19-2023
03:04 PM
|
