×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
GoliSH
Engager
Member since: ‎07-08-2022
‎11-14-2024
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-08-2022
View All

Re: How to re-import the metadata XML file to SAML...

by Splunk Employee in Splunk Cloud Platform
‎04-02-2025 07:14 AM
‎04-02-2025 07:14 AM
In this situation, it could mean one of two things.  The first is that you're trying to use a cert chain and there is already a single cert in idpCert.pem.  Some IdP's like Ping require you to remove that idpCert.pem.  However, the more likely case here is that you have multiple single certs attached to your IdP metadata.xml file. Some IdP's such as ADFS and Azure (Entra) allow for Primary and Secondary IdP certs, which allow for seamless transition from expiring to new certs. However, Splunk does NOT accept two single certs in one metadata.xml file.  Hence, your solution here is as below: 1.  On the IdP, replace the expiring cert with the new cert 2.  Disable secondary cert option 3.  Download the new metadata.xml file 4.  Upload the IdP metadata.xml file to Splunk UI > Save    footnote:  Splunk DOES accept cert chains, but that has to be manually uploaded and in the correct order as per KB below: https://community.splunk.com/t5/Deployment-Architecture/Problem-with-SAML-cert-quot-ERROR-UiSAML-Verification-of-SAML/m-p/322376#M12073  ... View more

from Splunk what encryption protocols are used for...

by in Security
‎06-16-2023 07:36 AM
‎06-16-2023 07:36 AM
Hi All, do you know if we can tell from Splunk what encryption protocols are used for NetScaler queries? There is no App stream add-on configured for this. Is there any way for checking for Netscaler encryption protocls sucjh as TLS, SSL versions by splunk search? Index=*vmcnsx IPFIX TLS It returns” tls-inspection-certificate-dump.command” as an example in the message. what does this means? ... View more
Labels

Re: Red Health threshold in Splunk Cloud instances

by SplunkTrust in Alerting
‎01-09-2023 11:46 PM
1 Karma
‎01-09-2023 11:46 PM
1 Karma
hi @GoliSH, you should analyze your scheduled searches and change their scheduling to distribute executions. Ciao. Giuseppe ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-14-2024 09:29 PM
Karma given to
View All
OSZAR »