All Apps and Add-ons

Splunk app for puppet, all searches are limited to 8:00 to 9:00 AM?

grundsch
Communicator

Hi Simony,

Looking at various searches, I can see that you are limiting results to 8:00 - 9:00 every day: for example, earliest=-5d@d latest=-4d@d (date_hour="8" OR date_hour="9")

is it because in your setup, you are running puppet only once a day? Shouldn't it be removed for the general case?

steph

Tags (1)
0 Karma

gavsdavs_GR
Path Finder

Yanick, did this ever get into a git repo ?
I have been making this work in our environment and I have some fixes which might help (and some questions if you have time)

0 Karma

simony
Path Finder

Hi Steph

Oh this is a fault of mine. I thought that I have taken out all those times limitations.
In wich view do you found it? Reports? I will remove it in a new version. Yes our setup with puppet is that it runs every day 8-10 clock. Remove the date_hour and then it takes the wohle day.

yanick

0 Karma

grundsch
Communicator

Hi Yanick,
yeah, a little bit everywhere 🙂
If you could do a grep for date_hour on your files, you will find them. (I currently do not have command line access to the server... can't do it myself).
Regards,
Stéphane

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...