Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About samlll42
samlll42
Explorer
Member since:
01-14-2014
06-05-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 9 |
| Member Since | 01-14-2014 |
Activity Feed
- Got Karma for Splunk App for Unix not showing hosts from peered indexers.... 06-05-2020 12:47 AM
- Got Karma for SNMP Modular Input: Why does data collection randomly stop with error "unknownEngineID snmp_stanza:snmp://xxxx"?. 06-05-2020 12:47 AM
- Got Karma for How are Splunk passwords encrypted in inputs.conf and outputs.conf?. 06-05-2020 12:47 AM
- Got Karma for How are Splunk passwords encrypted in inputs.conf and outputs.conf?. 06-05-2020 12:47 AM
- Got Karma for How are Splunk passwords encrypted in inputs.conf and outputs.conf?. 06-05-2020 12:47 AM
- Got Karma for How are Splunk passwords encrypted in inputs.conf and outputs.conf?. 06-05-2020 12:47 AM
- Got Karma for How are Splunk passwords encrypted in inputs.conf and outputs.conf?. 06-05-2020 12:47 AM
- Got Karma for Re: How are Splunk passwords encrypted in inputs.conf and outputs.conf?. 06-05-2020 12:47 AM
- Got Karma for Re: Level of encryption for ssl self signed password between forwarder and indexer. 06-05-2020 12:46 AM
- Posted Re: SNMP Modular Input: Why does data collection randomly stop with error "unknownEngineID snmp_stanza:snmp://xxxx"? on All Apps and Add-ons. 03-06-2015 11:28 AM
- Posted Re: SNMP Modular Input: Why does data collection randomly stop with error "unknownEngineID snmp_stanza:snmp://xxxx"? on All Apps and Add-ons. 02-27-2015 05:07 PM
- Posted SNMP Modular Input: Why does data collection randomly stop with error "unknownEngineID snmp_stanza:snmp://xxxx"? on All Apps and Add-ons. 02-25-2015 11:35 AM
- Tagged SNMP Modular Input: Why does data collection randomly stop with error "unknownEngineID snmp_stanza:snmp://xxxx"? on All Apps and Add-ons. 02-25-2015 11:35 AM
- Posted Re: How are Splunk passwords encrypted in inputs.conf and outputs.conf? on Getting Data In. 08-19-2014 02:12 PM
- Posted Re: How are Splunk passwords encrypted in inputs.conf and outputs.conf? on Getting Data In. 08-19-2014 12:57 PM
- Posted How are Splunk passwords encrypted in inputs.conf and outputs.conf? on Getting Data In. 08-19-2014 12:33 AM
- Tagged How are Splunk passwords encrypted in inputs.conf and outputs.conf? on Getting Data In. 08-19-2014 12:33 AM
- Tagged How are Splunk passwords encrypted in inputs.conf and outputs.conf? on Getting Data In. 08-19-2014 12:33 AM
- Tagged How are Splunk passwords encrypted in inputs.conf and outputs.conf? on Getting Data In. 08-19-2014 12:33 AM
- Tagged How are Splunk passwords encrypted in inputs.conf and outputs.conf? on Getting Data In. 08-19-2014 12:33 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 5 | |||
| 1 |
03-06-2015
11:28 AM
Unfortunately wasn't able to find out the cause of this problem had to give up on snmp_ta and switch to a custom scripted input with snmpbulkwalk... 😞
... View more
02-27-2015
05:07 PM
More details... Having same behavior with CLI:
/opt/splunk/bin/splunk cmd splunkd print-modinput-config snmp snmp://mobile | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py
Everything runs fine:
[...]
SNMPv2-SMI::enterprises."8072.1.2.1.1.4.0.8.1.3.6.1.2.1.1.9.127" = "mibII/sysORTable" xxx
SNMPv2-SMI::enterprises."8072.1.2.1.1.4.0.8.1.3.6.1.2.1.2.1.127" = "if number" xxx
xxx
[Stopping the snmpd for a few seconds]
ERROR No SNMP response received before timeout snmp_stanza:snmp://xxx
[restarting the snmpd and collections no longer works]
ERROR unknownEngineID snmp_stanza:snmp://xxx
ERROR unknownEngineID snmp_stanza:snmp://xxx
ERROR unknownEngineID snmp_stanza:snmp://xxx
ERROR unknownEngineID snmp_stanza:snmp://xxx
After that, have to reload inputs (or do a /debug/refresh), which restarts the process and it works again.
INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py
The same behavior (without interruption of snmpd service) can be expected systematically after a few hours.
Any suggestion?
... View more
02-25-2015
11:35 AM
1 Karma
Using Splunk 6.2.1 and latest snmp_ta (1.2.7)
SNMP data collection stops working randomly and shows the error below in splunkd.log (for each of the stanzas configured)
02-25-2015 11:04:24.837 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py" unknownEngineID snmp_stanza:snmp://xxxx
It can be easily reproduced by stopping the snmp daemon that it is querying for a few minutes and starting it again.
The easiest way I found to get it back up is to do a /en-US/debug/refresh . Then errors stop and SNMP data collection works again.
Using the following stanza in inputs.conf:
[snmp://XXX]
communitystring = xxxx
destination = xxxx
do_bulk_get = 1
ipv6 = 0
max_repetitions = 25
mib_names = xxx (custom MIB)
non_repeaters = 0
object_names = 1.3.6.1.4.1.7102.1971
snmp_mode = attributes
snmp_version = 3
sourcetype = xxxxx_snmp_ta
split_bulk_output = 1
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privKey =
v3_privProtocol = usmDESPrivProtocol
v3_securityName = xxxxx
v3_authKey = xxxxx
snmpinterval = 300
It is gathering data from Linux Snmpd (net-snmp)with a custom MIB provided by a 3rd party vendor.
Anyone had the same issue? any idea on how to resolve this?
Thanks
... View more
- Tags:
- SNMP Modular Input
08-19-2014
02:12 PM
1 Karma
Thanks - thats a possibility that we have thought about, we would still prefer to know how the password is encrypted so we can just encrypt it dynamically and change it dynamically on a regular basis. We are doing it just fine with DB Connect. Some of our customers require regular service account password changes for regulatory reasons.
Thanks
... View more
08-19-2014
12:57 PM
Thanks - I understand splunk.secret is the key. The question is how can a inputs/outputs.conf password be encoded with the key - what exact algorithm is used?
I don't have a problem propagating the secret from one server to another. I just want to provision encoded passwords when I run chef, without having to pre-encoded them and always use the same splunk secret.
... View more
08-19-2014
12:33 AM
5 Karma
Could someone please document how the Splunk passwords are encrypted (in inputs and outputs.conf) so that we can setup our configuration management tools (Chef, Puppet etc...) to properly encrypt the passwords in the conf files without provisioning clear password and restarting Splunk a each chef run?
Just a shell, perl, python or other example using the etc/auth/splunk.secret would help a LOT
we figured out how dbconnect does (even had to fix a bug when passwords contains a "=") - can't find any details on the $1$xxxxxxxxxx passwords used in inputs.conf and outputs.conf
Thanks!!
... View more
Could someone please document how the Splunk passwords are encrypted (in inputs and outputs.conf) so that we can setup our configuration management tools (Chef, Puppet etc...) to properly encrypt the passwords in the conf files without provisioning clear password and restarting Splunk a each chef run?
Just a shell, perl, python or other example using the etc/auth/splunk.secret would help a LOT
we figured out how dbconnect does (even had to fix a bug when passwords contains a "=") - can't find any details on the $1$xxxxxxxxxx passwords used in inputs.conf and outputs.conf
Thanks!!
... View more
07-10-2014
06:04 PM
We have the exact same problem (i.e adding search peers through a Chef Recipe that searches for all the indexers dynamically and populates the distsearch.conf) the server is added but authentication fails (probably because editing distsearch.conf is not enough).
So how can we add search peers entirely through command files without running the command line tool? (I took a look at the REST end points above and I don't see anything relevant to add new peers - Did I miss it?)
... View more
07-01-2014
05:25 PM
1 Karma
Hi Everyone
Problem: On Splunk App for Unix (latest versions of all the components) on a search head I cannot see hosts from indexers peered to the search head. The data is there if I do a search on index=os ( I can see perf data for all the hosts: CPU, PS etc...), but in the dashboard I can only see the hosts indexed locally (local host and a forwarder). What am I doing wrong?
Example:
= splunk-search (local indexer and search-head) peered with splunk-indexer
=== splunk-forwarder X (forwarding to splunk-search)
=== splunk-forwarder Y (forwarding to splunk-search)
=splunk-indexer (local indexer)
=== splunk-forwarder A (forwarding to splunk-indexer)
=== splunk-forwarder B (forwarding to splunk-indexer)
=== splunk-forwarder C (forwarding to splunk-indexer)
If I go to Splunk App for Unix dashboard on splunk-indexer I can see hosts for:
splunk-indexer (local) + splunk-forwarder A, B, C (which is expected)
If I go to Splunk App for Unix dashboard on splunk-search I can only see hosts for:
splunk-search (local) + splunk-forwarder X,Y - NOT splunk-indexer, nor splunk-forwarder A, B and C
But when I do a search on splunk-search index=os I can see data being found for all hosts.
Do I need to setup Splunk App for Unix in a specific way to display data for remote/peered indexes?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
