Hi da_667 ,  I just had the same problem on 22.04, and the 'comment out the ExecStartPost' trick you mentioned worked for me, no I'll effects so far. Thanks for your help 😁👍 ... View more

Oohhh that's promising, thank you for the info!! I have already lost 2 days to this, and have switched over to FireFox, but will test as soon as I get the chance. ... View more

nice, alas it looks like you are not on the latest version of chrome... 83.0.4103.61 > 81.0.4044.129 i ran though the above tests 4 times as i thought i was going crazy, it makes no sense. a new vm install and splunk install every time.. ... View more

the test results are in... TL;DR; version - From my messing around - trying to make apps in chrome doesn't work as expected with SSL on the webui - Does not happen in FireFox Long Version The test setup is as follows Server: - New VM running updated, latest, CentOS 8 - Splunk 8.0.4 Certs Used: - Splunk defaults. The self signed certs created when Splunk starts - Certs created by testing ca (using XCA): mywebui.pem cert file contains server, intermediate, and root ca certs as a chain, in that order mywebui.key key file containing unencrypted private key for mywebui.pem mysplunkd.pem cert file contains serve, encrypted private key, int ca, root ca, in that order myrootca.pem cert file contains only the root ca cert (not the int ca) - all certs installed in $SPLUNK_HOME/etc/auth and only adding/changing config in $SPLUNK_HOME/etc/system/local for simplicity Client: - Win10 - Chrome 83.0.4103.61 - Firefox 77.0. - Only the internal root CA has been installed into Windows and Firefox. - Browsers were restarted before and after every test, and private windows/incognito mode were used to keep cookies and cache getting in the way. Test Method Create a new app using webui, using the sample_app template. Use Splunk search index=_internal sourcetype=splunk_web_service log_level=error to look for errors Test, no SSL No problems for both browsers, no errors in Splunk from above search. Test with Splunk default cert created web.conf [settings] enableSplunkWebSSL = true Chrome: When click "Save" on add new app, page hangs with button on 'Saving...'. Refresh shows that app is created. Error in Splunk: 2020-06-03 19:33:48,842 ERROR [5ed76e7cd37fe63d913b90] utility:58 - name=javascript, class=Splunk.Error, lineNumber=26103, message=Uncaught TypeError: Cannot read property 'status' of null, fileName=https://< >:8000/en-GB/static/@1CA1401A03689AC76EC0FD8820202120C1384DA1951537830BBAC1E85DE4DC2B/js/common.min.js` FireFox: No problems, or errors. Test with own certs updated web.conf [settings] enableSplunkWebSSL = true privKeyPath = $SPLUNK_HOME/etc/auth/mywebui.key serverCert = $SPLUNK_HOME/etc/auth/mywebui.pem updated server.conf [sslConfig] caCertFile = $SPLUNK_HOME/etc/auth/myrootca.pem serverCert = $SPLUNK_HOME/etc/auth/mysplunkd.pem sslPassword = it-is-not-a-problem-the-password-is-correct Chrome: Trusted in browser, same behavior as default ssl test, page hangs, app created in background Error in Splunk: 2020-06-03 20:01:29,059 ERROR [5ed774f90a7fa16bf98d10] utility:58 - name=javascript, class=Splunk.Error, lineNumber=26103, message=Uncaught TypeError: Cannot read property 'status' of null, fileName=https://< >:8000/en-GB/static/@1CA1401A03689AC76EC0FD8820202120C1384DA1951537830BBAC1E85DE4DC2B/js/common.min.js FireFox: Trusted in browser, no problems, or errors. conclusion throw out chrome? use firefox? :shurg: Hope all this helps. ... View more

mine is 8.0.4 on a standalone test machine. I've been doing some testing, and the rabbit hole so far is leading me to something SSL on the WubUI related... just a hunch at the moment, will report back with something more concrete when I have it. ... View more

Unfortunately, I have not found or come up with a solution for this yet. ... View more

Thanks heaps @isha_rastogi , this helped me out a lot. search-time > index-time and all that 🙂 ... View more

That is working! Thanks very much. Am I understanding this correctly, to check for a null/empty field you need to check when the alert is saved i.e. 'action.myaction' not on the field itself 'action.myaction.param.title'? ... View more

i tried using isnull as well... the only validations i could get doing anything at all: action.myaction.param.title = validate( 1!=1 , 'just give me an error') which always gave an error action.myaction.param.title = validate( 'action.myaction.param.title' == "1" , "title is not 1") which would give an error when i made the title box 1 it felt like if i used a eval function, the validation doesnt work. with this, i also thought the paramater name might be reserved, so i tried everything again using "..mytitle" instead of "..title" with no luck. ... View more

yes, each time restmap.conf is changed, I am restarting splunk ... View more