Given that this looks like JSON, you could uses either spath or the json functions (new to 9.x) ... View more

Hey, if you found the solution, please let me know, I am getting NA for R2 value, dont know the reason and how do I approach it ... View more

Hey, did you got any resolution on this, I am trying the same thing ... View more

Hi, yes I was able to get past this issue,   I edited the JDBC URL and added below additional KV pairs jdbc:sqlserver://IP:Port;databaseName=dbname;selectMethod=cursor;encrypt=false;trustServerCertificate=true   Hope this helps ... View more

Hello, For your connection to be shown as secure going to hostname and IP, both have to be on the certificate.  In our environment, each server has a fqdn (i.e. server1.MyBiz.com) for their connection on the production network, and a fqdn (i.e. server1.MyBiz.local) for their connection on the local admin network. So their certificates are requested with CN of the production network fqdn, and a SAN of the admin network SAN. And because we want to continue to access them securely if/when DNS has a bad day, their public and private IP addresses also get SANs.  Maybe lucky, but we've not had any problems getting certificates with multiple SANs. Hope this helps! ... View more

Hi Usually you will get some hints about product by looking the directory hierarchy and names on it. r. Ismo ... View more

In my keystore directory, there´s only default.jks, could you please help what data is required in cert.jks ... View more

Hi @krutika_ag  As per Splunk docs: If you add new data to an existing archive file, the forwarder reprocesses the entire file rather than just the new data. This can result in event duplication. thus, to avoid duplication, Splunk monitors whole archive files and does not support single file monitoring.    so, you/we can not monitor a single file inside an archive.  what i would like to suggest you is that, you can ask the developers/app team who creates that archive file to put it in a separate archive file everytime when there is an update to the archive file.  i am still not much sure of this suggestion, but this should be possible as per my understanding, thanks.        ... View more

Hi @krutika_ag , let us know if we can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by all the contributors 😉 ... View more