Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About csyvenky
csyvenky
Path Finder
Member since:
08-28-2017
07-29-2021
Community Statistics
| Posts | 15 |
| Solutions | 1 |
| Karma Given | 2 |
| Karma Received | 3 |
| Member Since | 08-28-2017 |
Activity Feed
- Got Karma for SSL Error preventing upgrade to Splunk 8. 07-29-2021 11:53 AM
- Posted Re: Missing or malformed messages.conf stanza for INSTALLED_FILES_INTEGRITY:FOUND_INTEGRITY_PROBLEMS__1_splunk.domain.co on Splunk Enterprise. 07-29-2021 09:14 AM
- Posted Re: Missing or malformed messages.conf stanza for INSTALLED_FILES_INTEGRITY:FOUND_INTEGRITY_PROBLEMS__1_splunk.domain.co on Splunk Enterprise. 07-28-2021 04:12 PM
- Got Karma for Is Splunk Cloud Light Trial - No Longer Available?. 06-05-2020 12:50 AM
- Karma Re: Custom fields of a query are not showing up in the Splunk Machine Learning Toolkit. for cburke_splunk. 06-05-2020 12:49 AM
- Got Karma for Is search user ownership affecting if events are saved to the summary index?. 06-05-2020 12:49 AM
- Karma Re: Splunk.License: failed to add because: cannot add lic w/ subgroupId=DevTest:xxxxx@xxxx.com to stack w/ subgroupId=Production for scottyau. 06-05-2020 12:48 AM
- Posted Re: SSL Error preventing upgrade to Splunk 8 on Security. 02-01-2020 05:20 PM
- Posted SSL Error preventing upgrade to Splunk 8 on Security. 02-01-2020 05:19 PM
- Tagged SSL Error preventing upgrade to Splunk 8 on Security. 02-01-2020 05:19 PM
- Posted Re: How do I update my app in Splunkbase? on All Apps and Add-ons. 08-25-2019 09:04 AM
- Posted Re: How do I update my app in Splunkbase? on All Apps and Add-ons. 08-25-2019 08:34 AM
- Posted How do I update my app in Splunkbase? on All Apps and Add-ons. 08-24-2019 07:33 PM
- Tagged How do I update my app in Splunkbase? on All Apps and Add-ons. 08-24-2019 07:33 PM
- Tagged How do I update my app in Splunkbase? on All Apps and Add-ons. 08-24-2019 07:33 PM
- Tagged How do I update my app in Splunkbase? on All Apps and Add-ons. 08-24-2019 07:33 PM
- Posted Re: Is Splunk Cloud Light Trial - No Longer Available? on Splunk Enterprise. 08-03-2019 09:26 AM
- Posted Is Splunk Cloud Light Trial - No Longer Available? on Splunk Enterprise. 08-01-2019 08:01 PM
- Tagged Is Splunk Cloud Light Trial - No Longer Available? on Splunk Enterprise. 08-01-2019 08:01 PM
- Posted Re: Why do these searches yield such different results? on Splunk Search. 05-30-2018 12:20 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 1 |
07-29-2021
09:14 AM
Sorry, it appears the error has not gone away for me - after some time passes, the same error returns (even with the syntax color quote issues resolved).
... View more
07-28-2021
04:12 PM
I upgraded my laptop to 8.2.1 today and received this error. To resolve, I opened C:\Splunk\etc\system\default\messages.conf in VS Code and it became apparent that several (about 10) single quotes were causing the misconfiguration. In places where a quote was missing I added it in places where there was only one, I double it up. ie. Error deleting temporary file %s', after copying to sinkhole. became: Error deleting temporary file >>'<<%s', after copying to sinkhole. and There aren't enough qualifying results (%u) for the specified number of clusters (%u). became: There aren>>'<<'t enough qualifying results (%u) for the specified number of clusters (%u). Restarted Splunk and error appears to be gone.
... View more
02-01-2020
05:20 PM
My resolution (prior to running Splunk setup .MSI):
- Downloaded the latest compiled OpenSSL 64-bit package from https://indy.fulgan.com/SSL/.
- Extracted the libeay32.dll and ssleay32.dll files to the C:\Windows\System32 directory.
... View more
02-01-2020
05:19 PM
1 Karma
Context:
Windows 10 Pro
Splunk 7.3.4
What? Trying to upgrade to Splunk 8.0.1. Half way during the upgrade the installer would error and rollback.
Errors:
1. The code execution cannot proceed because SSLEAY32.DLL was not found.
2. The code execution cannot proceed because LIBEAY32.DLL was not found.
... View more
- Tags:
- splunk-enterprise
08-25-2019
09:04 AM
Thanks for the feedback folks, I got it working. The suggestions forced me to triple check. Although I didn't have a permission issue, I did have a folder level issue. I grabbed my tar command from the README which includes a period - as a result of running the command with a period at the end I also ended up with an unneeded folder.
This is what I was running:
tar --exclude='/.git' -czvf .tar.gz /.
Which resulted in this:
tar -zxvf .tar.gz
/./default/app.conf.
... View more
08-25-2019
08:34 AM
I’m building on OSX - thought I validated that permissions matched all other files. Didn’t notice anything out of the ordinary.
I don't have a local folder, only default.
... View more
08-24-2019
07:33 PM
Hi,
I have updated /default/app.conf and increased the Version and Build values. Tar'd the folder up and attempted to use the Splunkbase admin portal to update the release. When I upload the tar.gz file I receive the following error:
"No "app.conf" file was not found the "default" directory"
Although, the tarball clearly has this file and it passes AppInspect tests showing the correct version in the AI report.
... View more
08-03-2019
09:26 AM
I am talking about Splunk Light Cloud.
https://docs.splunk.com/Documentation/SplunkLight/7.3.0/Cloud/SplunkLightcloudserviceFAQ#Free_Trial
... View more
08-01-2019
08:01 PM
1 Karma
All the content appears to be present, yet, when I select Splunk Light + 15-day trial then continue, I'm presented with a 404 error page.
Starting Point: http://splunk.force.com/SplunkCloud
... View more
- Tags:
- splunk-light
Labels
- Labels:
-
other
05-30-2018
12:20 PM
Doh! I saw that last night and was unable to edit my post accordingly. The chart count is irrelevant to the issue. I'm just pointing out how after the xmllv that I have short/useable field names.
a.b.c.d is an XPATH = element1.element1b.element1c.element1d
after the xmlkv I can simply reference d.
What I should have said was:
index="xyz" "a.b.c.d"=xyz
Yields 232 results.
In order to get field names that are more reasonable, I tried the following:
index="xyz"
| xmlkv
| search d=xyz
Yields only 204 results.
... View more
05-29-2018
08:42 PM
index="xyz" "a.b.c.d"=xyz
| chart count by a.b
Yields 232 results.
In order to get field names that are more reasonable, I tried the following:
index="xyz"
| xmlkv
| search a=xyz
| chart count by xyz
| sort - count
Yields only 204 results.
Why does the search with the sub-search truncate results?
... View more
- Tags:
- splunk-enterprise
01-05-2018
06:17 PM
v1.5 seems to work on my OS X instance.
OS X: 10.12.6
Splunk Version : 7.0.1
Splunk Build : 2b5b15c4ee89
Browser: Safari 11.0.2
... View more
11-11-2017
01:22 PM
In case anybody else runs into this issue, the root cause of the problem for me was the timing for when the data was landed in the main index - all the summary indexing scheduling and configuration was working as expected, but the search that was to aggregate values for summary index was not yet in the index, hence 0 results. Simply changing the timing of the s/i schedule helped.
... View more
08-31-2017
12:26 PM
I did note one other small delta between the two saved searches that are functional and the new ones that aren't.
The difference was that the functional ones use summaryindex whereas the non-functional ones used collect. I did change all the non-functional ones to use summaryindex and there was no positive changes to the outcome.
... View more
08-28-2017
01:11 PM
1 Karma
Hello,
I have the following Saved Search configured to run daily on a cron schedule, the scheduled job appears to be running on time as expected but the search doesn't save any events to the Summary Index.
Saved Search:
index=index host=hosts sourcetype=sourcetype source=somelogfile.log
| addinfo
| eval _time = info_max_time
| rename xheaders.X-NOTIFICATION-TYPE to "Notification Type"
| sistats count by "Notification Type", reportField
| sort - psrsvd_gc
| collect spool=t uselb=t addtime=f index="summary" name="name" marker="report="name"
If I take out the collect clause and change sistats to stats, the query does return results. I know my account has permissions to write to the summary index.
In the same environment I do have one job running and saving to the summary index as expected, the only difference I can see is that the working one has "nobody" as the owner and the ones that are not functional have my username as the owner.
Also, something that is strange is that the same configuration works in our Pre-Production environment. The only real difference is that in Production our Splunk Administrators use the Deployer role to push the Saved Search configuration.
Has anybody else ran into this type of issue? Or know what I may have miss configured?
Regards,
Cory
... View more
