cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
daymauler
Explorer
Member since: ‎07-17-2019
‎01-13-2022
Community Statistics
Posts 10
Solutions 0
Karma Given 2
Karma Received 2
Member Since ‎07-17-2019
Activity Feed
Topics I've Started
No posts to display.
View All

Re: Unable to create inputs for TA-Tenable add on

by in All Apps and Add-ons
‎11-04-2021 10:05 PM
‎11-04-2021 10:05 PM
This issue is usually due to latency issue with the network or HF. The workaround is to manually add the inputs by configuring the inputs.conf,  passwords.conf, ta_tenable_account.conf and the ta_tenable_settings.conf files. The password will be hashed after Splunk is restarted. ... View more

Re: Remove string from field using REX or Replace

by in Splunk Search
‎09-02-2021 05:29 PM
‎09-02-2021 05:29 PM
Worked like charm!!! Thanks ... View more

Re: How to delete data / index (reset start from s...

by in Getting Data In
‎06-04-2021 05:55 AM
‎06-04-2021 05:55 AM
This is how I took care of a similar issue: 1. I ran a search on the SH:     index=my_index sourcetype=my_sourcetype | delete 2. After confirming that the records have been delete, I went to the HF - stopped Splunk -  /opt/splunk/bin/splunk cmd btprobe -d /opt/splunk/var/lib/splunk/fishbucket/splunk_private_db/ --file /my_file_path/filename.fileextension --reset - restarted Splunk and was able to see new data in SH ... View more

Re: Splunkd daemon is not responding: (Error conne...

by in Monitoring Splunk
‎07-02-2020 11:12 PM
‎07-02-2020 11:12 PM
I resolved a similar issue by opening up port 8089 ... View more

Re: KV Store Process Terminated

by in Knowledge Management
‎01-10-2020 10:18 AM
‎01-10-2020 10:18 AM
It worked!!! Thanks ... View more

Re: External command based lookup 'tSessions' is n...

by in All Apps and Add-ons
‎10-28-2019 04:29 AM
‎10-28-2019 04:29 AM
Step 5 is Renamed current server.pem to server.pem.old: mv /opt/splunk/etc/auth/server.pem /opt/splunk/etc/auth/server.pem.old ... View more

Re: External command based lookup 'tSessions' is n...

by in All Apps and Add-ons
‎10-25-2019 10:49 AM
‎10-25-2019 10:49 AM
In our case, the issue was as a result of the expired certs: Error: Error in 'inputlookup' command: External command based lookup 'app_name' is not available because KV Store initialization has failed. Contact your system administrator Here is the fix: splunkd.log: ERROR KVStoreLookup - External command based lookup 'app_name' is not available because KV Store initialization has not completed yet...... mongod.log: The provided SSL certificate is expired or not yet valid.... Check Certs: /opt/splunk/bin/splunk cmd openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem notAfter=Sep 8 17:56:51 2019 GMT Stopped Splunk service Renamed current server.pem: mv /opt/splunk/etc/auth/server.pem /opt/splunk/etc/auth/server.pem Restarted Splunk services Checked Certs: /opt/splunk/bin/splunk cmd openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem notAfter=Oct 24 17:38:28 2022 GMT Results where displayed for app. ... View more

Re: How to Provide Right click Menu option(Context...

by in Dashboards & Visualizations
‎10-02-2019 06:48 AM
1 Karma
‎10-02-2019 06:48 AM
1 Karma
This worked for me. Thanks ... View more

Re: Unable to apply search head cluster bundle, ho...

by in Deployment Architecture
‎08-09-2019 08:02 AM
‎08-09-2019 08:02 AM
make sure you that your -target is pointing to the right server e.g. /opt/splunk/bin/splunk apply shcluster-bundle -target https://1.1..200:8089 instead of .g. /opt/splunk/bin/splunk apply shcluster-bundle -target https://1.1..200:8089 ... View more

Re: How to prevent the field value count from disp...

by in Dashboards & Visualizations
‎07-17-2019 08:14 AM
‎07-17-2019 08:14 AM
List the fields e.g | fields Host Percent will prevent count from showing ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-13-2022 12:52 PM
Karma from
View All
Karma given to
View All