Unanswered questions

how to convert dump is s3 into lookup file

I’m looking to better understand how to monitor employee access to different applications via SSO. What approaches or best practices are others using?

This message originated from Cribl Community Slack.Click here to view the original link.What's the safest way to clone a currently top-level fleet to be a child fleet? On-prem deployment, and the top level fleet will be a freshly created fleet We're reshaping out fleet architecture right now and there is a lot to move I manually moved everything in lower but it was such a pain, I kept missing pieces so I'd like to do it in a more quick and safe way if possible.

This message originated from Cribl Community Slack.Click here to view the original link.I am trying to leverage the send command in Cribl Search. I have enabled a Cribl HTTP source in Cribl Stream that listens on port 10200 listening from all addresses. The worker group that this source is enabled on is a hybrid worker group hosted in my team's AWS account. Is there a list of IP addresses I need to allowlist on my AWS account's side?

This message originated from Cribl Community Slack.Click here to view the original link.It looks like the database collector is automatically turning MSSQL date and time fields into text versions of full timestamps complete with a hallucinated timezone. E.g. '2025-06-26' --> "2025-06-26T00:00:00.000Z", '13:09:11.0000000' --> "1970-01-01T13:09:11.000Z" Is there a way to stop this behavior at the collector, or do I have to undo the damage in a pipeline?

After log configuration on port 1515 for some firewall logs, we observed logs are getting dropped and not all logs are forwarding to splunk.We observed udp drops on RHEL OS level, where we increased the max_mem_buffer size to 256 MB , but still same thing - Please check below output.But still we are getting buffer issue as provided in below output.[root@hostname ~]# cd /etc/sysctl.d/[root@hostname /etc/sysctl.d]# lltotal 4lrwxrwxrwx. 1 root root  14 Sep 12 16:14 99-sysctl.conf -> ../sysctl.conf-rw-r-----. 1 root root 187 Dec 11 16:08 99-udp-tuning.conf[root@hostname /etc/sysctl.d]# cat 99-udp-tuning.confnet.core.rmem_max=268435456net.core.wmem_max=268435456net.core.rmem_default=268435456net.core.wmem_default=268435456net.ipv4.udp_rmem_min=262144net.ipv4.udp_mem=65536 131072 262144[root@hostname /etc/sysctl.d]#[root@hostname /etc/sysctl.d]# netstat -usIcmpMsg:    InType3: 141    InType8: 748254    InType13: 1    InType17: 3    OutType0: 748246    OutType3: 1321Udp:    4544841348 pack