cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
marend
Explorer
Member since: ‎06-11-2019
‎02-23-2022
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 10
Member Since ‎06-11-2019
Activity Feed
Topics I've Started
No posts to display.
View All

Re: How to collect event log from SEPC?

by in Splunk Dev
‎02-23-2022 12:12 AM
‎02-23-2022 12:12 AM
Splunkers, anyone got this data onboarded  to Splunk? If so, would you mind to share feedback or docs.   ... View more

Re: Splunk 7.2.2 - systemd - Root privileges requi...

by in Splunk Search
‎05-04-2021 03:32 PM
‎05-04-2021 03:32 PM
splunk ALL=(root) NOPASSWD: /usr/bin/systemctl restart Splunkd.service splunk ALL=(root) NOPASSWD: /usr/bin/systemctl stop Splunkd.service splunk ALL=(root) NOPASSWD: /usr/bin/systemctl start Splunkd.service splunk ALL=(root) NOPASSWD: /usr/bin/systemctl status Splunkd.service splunk ALL=(root) NOPASSWD: /usr/bin/systemctl restart Splunkd splunk ALL=(root) NOPASSWD: /usr/bin/systemctl stop Splunkd splunk ALL=(root) NOPASSWD: /usr/bin/systemctl start Splunkd splunk ALL=(root) NOPASSWD: /usr/bin/systemctl status Splunkd splunk ALL=(root) NOPASSWD: /opt/splunk/bin/splunk restart splunk ALL=(root) NOPASSWD: /opt/splunk/bin/splunk stop splunk ALL=(root) NOPASSWD: /opt/splunk/bin/splunk start splunk ALL=(root) NOPASSWD: /opt/splunk/bin/splunk status   sudo systemctl daemon-reload   This works just fine!   ... View more

Re: How can i create an alert when my "Daily Licen...

by in Alerting
‎06-19-2019 09:34 AM
‎06-19-2019 09:34 AM
This works, thanks! ... View more

Re: Installed Splunk Enterprise 7.2.1 and promoted...

by in Deployment Architecture
‎06-11-2019 05:12 PM
9 Karma
‎06-11-2019 05:12 PM
9 Karma
Hi Splunkers, I was getting almost the same issue when I was trying to start my Splunk Search Head: error:00000000:lib(0):func(0):reason(0) AES-GCM Decryption failed! Decryption operation failed: AES-GCM Decryption failed! And I was able to fix it, by the following: 1) I have commented out the pass4SymmKey in /opt/splunk/etc/system/local/server.conf [general] pass4SymmKey = $........ 2) I have changed the sslPassword to the Splunk default password: sslPassword = password 3) After restart the server, the issue was no longer shown and Splunk automatically creates a new pass4SymmKey value. Hope it works for anyone who needs to fix this issue! ... View more

Re: Why is Splunk not extracting all fields in JSO...

by in Getting Data In
‎06-11-2019 01:25 PM
1 Karma
‎06-11-2019 01:25 PM
1 Karma
Hi @LordSnooz For this purpose, I going to use the Splunk _json sourcetype default settings (It works in my case) My sourcetype name for this example will be "test" A workaround to do this would be the following: 1) Create a custom sourcetype 2) Configure your custom sourcetype (in opt/splunk/etc/system/local/props.conf) as: [ test ] SHOULD_LINEMERGE=true LINE_BREAKER=([\r\n]+) NO_BINARY_CHECK=true CHARSET=AUTO INDEXED_EXTRACTIONS=json KV_MODE=none category=Structured description=JavaScript Object Notation format. For more information, visit http://json.org/ disabled=false pulldown_type=true EVAL-my_tag = tag 3) Configure your data input (Using the sourcetype created, [ test ] in my case ) 4) Search your results index=< your_index_name > sourcetype=test my_tag="7b91119dbad4" Please try and let me know if it is working for you or not. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-23-2022 03:37 AM
Karma from
Karma given to
View All