Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About chskm
chskm
Path Finder
Member since:
02-26-2016
04-04-2023
Community Statistics
| Posts | 24 |
| Solutions | 1 |
| Karma Given | 19 |
| Karma Received | 3 |
| Member Since | 02-26-2016 |
Activity Feed
- Got Karma for Re: DB Connect app issue - Cannot communicate with task server. 06-05-2020 12:49 AM
- Got Karma for Re: DB Connect app issue - Cannot communicate with task server. 06-05-2020 12:49 AM
- Got Karma for Re: DB Connect app issue - Cannot communicate with task server. 06-05-2020 12:49 AM
- Karma Do I still need to take the Splunk prereqs in order to take the Splunk 6 Admin certification training? for bluemarvel. 06-05-2020 12:48 AM
- Karma Re: what is the best addon / app to use with [iplocation] for a geographical visual dashboard? for lakromani. 06-05-2020 12:48 AM
- Karma what is the best addon / app to use with [iplocation] for a geographical visual dashboard? for packet_hunter. 06-05-2020 12:48 AM
- Karma Re: How can i know the owner of Lookup that are created in Lists and Lookups? for somesoni2. 06-05-2020 12:48 AM
- Karma Re: How can i know the owner of Lookup that are created in Lists and Lookups? for sagrl. 06-05-2020 12:48 AM
- Karma Re: How do I search WindowsEventLog:Security to determine Parent Process of each started process? for sundareshr. 06-05-2020 12:48 AM
- Karma Re: Is there anyway to update the serverclass.conf automatically ? for gcusello. 06-05-2020 12:48 AM
- Karma Re: What technologies or languages are recommended to become an expert in Splunk? for lguinn2. 06-05-2020 12:48 AM
- Karma Re: Is there a way to find out all the indexers and forwarders in our Splunk environment via Splunk Web or CLI? for martin_mueller. 06-05-2020 12:47 AM
- Karma Is there a way to find out all the indexers and forwarders in our Splunk environment via Splunk Web or CLI? for japala. 06-05-2020 12:47 AM
- Karma Re: How to check total License usage for past few days on license master for masonmorales. 06-05-2020 12:47 AM
- Karma How to check total License usage for past few days on license master for att35. 06-05-2020 12:47 AM
- Karma Re: Learning Splunk for kristian_kolb. 06-05-2020 12:46 AM
- Karma Re: Updating Splunk-Base Email for oprokhorenko_sp. 06-05-2020 12:46 AM
- Karma Re: differences between forwarders? for jhallur_splunk. 06-05-2020 12:46 AM
- Karma Re: Is it possible to Monitor Splunk User activity? for Damien_Dallimor. 06-05-2020 12:46 AM
- Karma Is it possible to Monitor Splunk User activity? for Dark_Ichigo. 06-05-2020 12:46 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-12-2020
11:58 AM
@p0p00aj Did you check with the Splunk internal logs and sourcetype of dbx* to make sure the input which you have added is not failing ? Please review the following link on how to troubleshoot for DB Connect app : https://docs.splunk.com/Documentation/DBX/3.2.0/DeployDBX/Troubleshooting
... View more
02-12-2020
11:53 AM
@yongyuthvis This is something what we have done a year ago. Could you please let me know whether you are using TLS 1.2 or something else ? Also, you need to check with you Kafka team whether it is current available to make a successful connection and forward the data to all products. If not yet you could something that need to make it work with Kafka team (FYI... this is only if you are using Kafka to forward the data to multiple applications in your organization like Splunk, ELK, etc).
Once you are good with these, download the Splunk connect for kafka : https://splunkbase.splunk.com/app/3862/ and update the required configurations based up on the requirement shown by Splunk in the docs: https://docs.splunk.com/Documentation/KafkaConnect/latest/User/About Make sure to generate the Splunk HEC token to accept the incoming data using this token from Kafka bus. After you have done this you need to start the Kafka broker and server on Kafka Side and execute the command which is provided by Splunk in the above doc. That will start forwarding the data to Splunk HF and from there processing will happen at HF level , then sends to Splunk indexers.
Prior to execution of the Splunk commands or starting the Kafka servers, make sure to use the certs based up on your org requirements that something like self-signed or kerberos. Check with your Kafka team.
You might need to execute that data forwarding based up on the Kafka Topic every time you have a new topic created. I have used Ansible to automate the process of identifying the new topic and execution of the command. You can do this with any other automation as well. Please do accept the answer if you like it and this something that helps your scenario. Thanks.
... View more
01-21-2019
09:47 PM
You need to upgrade the DB Connect app. This is a bug in the lower version of the app and compatibility issue. Please check with the release notes.
... View more
01-21-2019
09:46 PM
3 Karma
This is bug which was identified and get fixed in the latest version 3.1.4. I faced the same issue which will get resolved once you upgraded your current version of DB Connect app.
... View more
11-18-2018
07:17 AM
I have tried connecting with Splunk connect for Kakfa in multiple scenarios, where i'm keep on receiving the error as below and I'm not receiving the data to Splunk Indexers. I have an intermediate forwarder between Kafka server and Splunk indexer. I have tried sending a test message from Kafka server using the HEC token which is generated on HF. It works totally fine and I'm receiving the data to indexer. But, when I'm using curl command as per docs i'm not receiving the data. Could you please advise:
ERROR failed to send batch (com.splunk.kafka.connect.SplunkSinkTask:261)
java.lang.IllegalArgumentException: Illegal character in scheme name at index 0: :8088/services/collector/raw?index=kafka_connect
at java.base/java.net.URI.create(URI.java:883)
at org.apache.http.client.methods.HttpPost. (HttpPost.java:73)
at com.splunk.hecclient.Indexer.send(Indexer.java:115)
at com.splunk.hecclient.HecChannel.send(HecChannel.java:61)
at com.splunk.hecclient.LoadBalancer.send(LoadBalancer.java:56)
at com.splunk.hecclient.Hec.send(Hec.java:233)
at com.splunk.kafka.connect.SplunkSinkTask.send(SplunkSinkTask.java:257)
at com.splunk.kafka.connect.SplunkSinkTask.handleFailedBatches(SplunkSinkTask.java:127)
at com.splunk.kafka.connect.SplunkSinkTask.put(SplunkSinkTask.java:62)
at org.apache.kafka.connect.runtime.WorkerSinkTask.deliverMessages(WorkerSinkTask.java:564)
at org.apache.kafka.connect.runtime.WorkerSinkTask.poll(WorkerSinkTask.java:322)
at org.apache.kafka.connect.runtime.WorkerSinkTask.iteration(WorkerSinkTask.java:225)
at org.apache.kafka.connect.runtime.WorkerSinkTask.execute(WorkerSinkTask.java:193)
at org.apache.kafka.connect.runtime.WorkerTask.doRun(WorkerTask.java:175)
at org.apache.kafka.connect.runtime.WorkerTask.run(WorkerTask.java:219)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.net.URISyntaxException: Illegal character in scheme name at index 0: 10.225.198.57:8088/services/collector/raw?index=kafka_connect
at java.base/java.net.URI$Parser.fail(URI.java:2915)
at java.base/java.net.URI$Parser.checkChars(URI.java:3086)
at java.base/java.net.URI$Parser.checkChar(URI.java:3096)
at java.base/java.net.URI$Parser.parse(URI.java:3111)
at java.base/java.net.URI. (URI.java:600)
at java.base/java.net.URI.create(URI.java:881)
... 19 more
[2018-11-18 00:45:35,596] INFO handled 1 failed batches with 2 events (com.splunk.kafka.connect.SplunkSinkTask:130)
... View more
10-11-2018
10:49 AM
There might be too much size w.r.t. the lookup table, this might be the reason causing not being replicated.
Also, it won't simply remove from the search heads even if you remove from your lookup folder on deployer. There would be a command where it will remove these kind of things from peers, please check with the splunk doc. docs.splunk.com
... View more
08-03-2017
09:27 AM
Hi Owaisenfo,
It's nothing but to rename to the passwd file to passwd.bak
Saikrishna
... View more
08-03-2017
09:27 AM
Hi Owaisenfo,
It's nothing but to rename to the passwd file to passwd.bak
Saikrishna
... View more
11-15-2016
09:46 AM
Thanks cusello
... View more
11-15-2016
09:19 AM
Thanks for the reply cusello.
We can remove hosts automatically, by creating some automation scripts. But, according to my knowledge it is tough to add a server by identifying it automatically.
Please advise how to implement that.
... View more
11-15-2016
07:50 AM
We are using 6.2.1. Is there anyway to update the serverclass.conf automatically?
Example: If any host got decommissioned, it needs to delete from serverclass.conf (automatically update). And if any new host is added, automatically it needs to add in serverclass.conf.
So, that the manual intervention will get reduce. Please suggest.
... View more
10-19-2016
01:48 PM
Yes, I agree with jack. Could you please check with the file system permissions whether it is read-only or not.
Try to check with process id's. Somtimes the process id's will also cause problems. If this is the issue, please kill some of the unwanted processes and try to implement it again. You might able to get it done.
Make sure you restart after the migration is complete.
... View more
10-19-2016
08:57 AM
Amit,
I couldn't get the question properly. Could you please explain in precise.
Saikrishna
... View more
10-18-2016
07:18 AM
You can send an email to certification@splunk.com in order to request them to give one more chance. I think they will give one chance based on your previous scores.
... View more
10-18-2016
07:15 AM
Marvel,
Yes, before registering the admin course, you have to compelte power user certification. It's a pre-req to admin certification.
... View more
10-17-2016
10:52 AM
Adam,
Thanks! I got the answer.
Saikrishna
... View more
10-17-2016
10:52 AM
Hi ppablo,
I didn't posted any duplicate questions. I only have one account. It is this. I only posted one time.
Sorry for this misconception.
Saikrishna
... View more
10-17-2016
10:45 AM
Adam,
The licnensing capacity of our indexers are different.
I just got an idea, if there is a scenario as mentioned above then how can we pull the info. So, asked.
Saikrishna
... View more
10-17-2016
10:31 AM
Hi Adam,
I know how splunk trial license works. I am asking ... if we are using 60 day trail license in a distributed network, along with full license. Then how can we know that, how many users are using trial period and how many are using full version.
Sai krishna
... View more
10-17-2016
09:46 AM
Can you please let me know how to retrieve 60 day trial license users.
I need a search to generate a report.
... View more
09-20-2016
08:34 PM
Thanks for the information. Currently I am working as a Splunk adminstratot and got certified admin recently. Once again thank you so much.
... View more
09-20-2016
07:46 AM
Currently I have a very good knowledge in the following languages/technologies:
1. C/C++
2. Javascript
3. Python (Working Experience)
4. Shell scripting (Working experience)
5. Splunk administration (LINUX platform)
Are there any other technologies/languages that are needed/recommended to become an expert in Splunk?
... View more
09-07-2016
07:55 AM
The issue will raise at the time of splunk restart or else in some times due to network outage. Try logging into splunkweb for particular server. If you can able to login ten everything is working properly. Even you can check by loggin into indexers. ( cluster master to check the splunk is up or not)
... View more
09-07-2016
07:55 AM
The issue will raise at the time of splunk restart or else in some times due to network outage. Try logging into splunkweb for particular server. If you can able to login ten everything is working properly. Even you can check by loggin into indexers. ( cluster master to check the splunk is up or not)
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-04-2023
12:48 PM
|
