I'm having trouble figuring out how to access the dimensions and dimension values of metrics also. Plenty of documentation on how to list out the dimensions, but none for their values.
... View more
When configuring ingest-time log to metrics conversions via props.conf and transforms.conf, does Splunk still index the original events to a normal log index?
Is it possible to have the same input logging to a normal index and being converted to metrics for indexing to a metrics index?
... View more
I thought about that, too.
Oddly enough, the stanza didn't appear to have an interval option/setting. So that didn't work for me. Thanks, though.
... View more
I'm using the Splunk Add-on Builder and building a modular input using my own python code. How can I reference the value of the input's interval setting from within that python script?
Example: If the interval is set to 300 seconds, I'd like to do something in the script like:
myinterval = helper.get_arg('interval')
and have that variable equal 300
... View more
Why is it so hard to provide your customers with a standardized direct download link!? Has your web/marketing team never spoken to an actual sys admin?
Can anyone please provide the updated version of the direct links, similar to those posted by piebob and rarsan, for the latest release?
... View more
Figured it out. Seems Fireeye has an issue with accepting passwords. We had issues the other day trying to change the local admin password on the fireeye appliance and it not working.
Seems to be the same thing here. I changed the splunk admin password to a shorter password, updated the http notification settings on fireeye, tested, and now i'm getting 200 responses. Looking good!
... View more
I removed the index parameter and still get the same 401 code in the splunkd_access.log and no events indexed. Manually going to the link in a browser gives me:
empty body
I'm running latest version of splunk, fireeye app, and fireeye code on the appliance.
... View more
I am having issues with this app as well. What I did:
-Install Fireeye App in Splunk
-Configure HTTP notifications per the Fireeye App instructions
-Verified via tcpdump that the Fireeye appliance is sending the HTTP notifications and that the Splunk server is receiving the traffic
However, there is no data showing up in Splunk itself. A search of index="fe" shows 0 results. And the "index activity overview" page shows that indexes fe & fireeye both have a count of 0.
It looks like the splunkd_access.log shows the post request from the Fireeye appliance with a 401 code. But I have verified multiple times that it is configured with the splunk admin account and password.
Any ideas why this is not receiving the data or how to troubleshoot further?
... View more