Smart AnSwerS #59

Hey there community and welcome to the 59th installment of Smart AnSwerS.

There’s a tradition at Splunk where “something” happens to or around your desk if you take PTO for at least 2-3 weeks. When piebob left for the UK late last year, she returned to Splunk HQ with a completely homemade replica of the cruise ship she took on her trip abroad which spanned the entire length of her desk. This week, support engineer DerekB just came back from paternity leave to find a hybrid Audi baby stroller made entirely out of cardboard with fully functional wheels. To top it off, it’s parked right behind me and Derek’s (pouty) face was printed out and tacked on to a dilapidated baby doll that stares into my very soul. *shudder*

Check out this week’s featured Splunk Answers posts:

Diagram of Splunk Common Network Ports

This post is over 2 years old, but still very useful and pretty to look at! rob_jordan asked and answered this question to share a diagram he created to help the Splunk community understand what network ports commonly used in Splunk Enterprise environments need to be open to allow traffic through a firewall. He also shares a link in a second answer for anyone interested in downloading the source Visio diagrams.

Is it possible to create a batch data input via the REST API?

Sometimes SplunkTrust members need to ask questions on Answers too…and they figure out the solution and answer their own questions to educate other Splunk users :) sideview had an app with a data input wizard which used the REST API to list and create monitor data inputs, but wanted it to also do the same for batch inputs. With some input from jkat54 and help from Splunk Support, sideview was able to figure the correct REST API endpoint for the job.

How to troubleshoot why my universal forwarder is not phoning home?

w0lverineNOP was pinging a Splunk Enterprise server from a universal forwarder, but was not getting a response and needed to figure out how to successfully set up forwarding. aljohnson laid out a clear and concise process on how to make sure everything was set up on the forwarder and indexer side before defining inputs. After w0lverineNOP went down the sanity checklist, the issue ended up being resolved in the very last step which was actually defining inputs.conf on the forwarder.

Thanks for reading!

Missed out on the first fifty-eight Smart AnSwerS blog posts? Check ‘em out here!

Patrick Pablo
Posted by

Patrick Pablo

Born and raised in Los Angeles, Patrick made his way up north for college and fell in love with the Bay Area, making it his second home. After working 5 years for a non-profit as a college & career counselor in San Francisco public high schools, he stumbled across a new career opportunity himself! Patrick found a new way to apply his community organizing background in a way he didn’t know was possible at Splunk.

Join the Discussion