Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Hey there community and welcome to the 74th installment of Smart AnSwerS.
A Splunk Paper Aircraft Association was started up at HQ a couple weeks ago where each participant creates and launches their own paper aircraft every Friday afternoon. Weekly awards are given for longest distance traveled and duration in flight. There’s also a Splunker’s Choice Award for the most unusual, interesting, creative, or fun design. Last Friday, Director of Documentation ChrisG won top prize for his aircraft, winning in both categories of distance and duration. Congrats to the all-star!
Check out this week’s featured Splunk Answers posts:
Support engineer rbal shared this Q&A with the Splunk community because it was a common issue seen in cases she had worked on with customers. Several users have asked about this problem on Splunk Answers throughout the years, so rbal posted this almost a year ago for others to easily search a find her troubleshooting guidelines. She has since added updates on caveats with distributed search and search head clustering environments to cover more ground.
https://answers.splunk.com/answers/302532/large-lookup-caused-the-bundle-replication-to-fail.html
glenngermiathen was trying to search for events where a destination IP, but not the source IP, is found in a lookup table of CIDR ranges. lguinn from the Splunk Education team points out that the argument for cidrmatch is a string, not a list of subnets. To get something like this to work, she shows how to do this with the lookup command by configuring certain options in transforms.conf and the required format for the lookup file. lguinn created an example search and explains how it works to get the expected filtered results.
https://answers.splunk.com/answers/305211/how-to-match-an-ip-address-from-a-lookup-table-of.html
Skender27 was getting “An error occurred while generating the PDF” while receiving some scheduled reports, and wanted to know what to look for in python.log to figure out the underlying cause. ronogle had the same problem and found out how to track and pinpoint the issue. He suggested looking in splunkd_access.log for a 400 status code with a corresponding time value, and see if this status code is also found in python.log and pdfgen.log. If all things check, then the splunkdConnectionTimeout in web.conf would need to be increased to a value greater than the time value found in splunkd_access.log to prevent this error from happening again.
https://answers.splunk.com/answers/339920/where-should-i-check-for-pythonlog-error-messages.html
Thanks for reading!
Missed out on the first seventy-three Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo
----------------------------------------------------
Thanks!
Patrick Pablo
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.