- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Issues executing TSTATS search
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Firstly, awesome app.
I've been able to successfully execute a variety of searches specified in the mappings.json intents file.
I don't seem to be able to execute TSTATS (possibly any generating command with a leading pipe although I haven't tested others)
From the logs:
09-23-2016 21:09:11.282 +1000 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\alexa\bin\alexa.py"" Error performing search : search | tstats count where host=10.20.0.1 by sourcetype , because HTTP 400 --
09-23-2016 21:09:11.282 +1000 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\alexa\bin\alexa.py"" Error in 'tstats' command: This command must be the first command of a search.
JSON:
{
"intent": "TestIntent",
"search": "| tstats count where host=10.20.0.1 by sourcetype",
"time_slot" : "timeperiod",
"response": "host count for $timeperiod$ was $resultfield_count$
},
Any insights ?
Cheers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK , latest version 0.6 now supports generating commands such as tstats , metadata etc....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Damien, much appreciated.
Unfortunately when I upgraded it broke my modular input listener 😞
I had specified a custom SSL port so I didn't break our SAML auth redirect on 443.
I got around the Alexa service SSL on port 443 requirement by performing a PAT on the firewall to my custom listener.
I'll use the saved search workaround as suggested.
Cheers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK , latest version 0.6 now supports generating commands such as tstats , metadata etc....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This will be fixed in a new release this week.
Meanwhile , you can get around this by using a Saved Search action to encapsulate your |tstats search
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
