Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

*NIX App File Diff

cvajs
Contributor
‎03-14-2012 01:15 PM

i installed the *NIX App, then i chose to monitor /etc of the linux Splunk is installed on. i tested it, modified a junk.conf file 8 times within 15min period. the *NIX App says there were 8 changes but when i click the file path it opens the Search with a Diff in there but the results are null. why? i am doing this as Admin and the OS index is in my default search for the role, etc.

Tags (3)
Reply

araitz
Splunk Employee
Splunk Employee
‎03-14-2012 01:49 PM

This is almost certainly SPL-44701, which will be fixed in the next release of the unix app.

There isn't an easy workaround for now (the fix is to change intentions behavior via application.js), but I think if you change the drilldown search from:

index=os | diff pos1=1 pos2=2 | search source="junk.conf"

to:

index=os source="junk.conf" | diff pos1=1 pos2=2

you should get the expected results.

0 Karma
Reply

cvajs
Contributor
‎03-15-2012 07:14 AM

also, there are more problems with this app. i goto Configs >>> Config Files Overview, then on left i change to a Count sort, find the file i am interested in, click it, a search opens but finds nothing, there's a quoting problem, after i click the file i want the serach adds a space between last char of file and ending quote, i get no results, but if i remove the space the search works. in fact, this quoting problem exists when any click opens the search in this app, etc.

0 Karma
Reply

cvajs
Contributor
‎03-14-2012 04:24 PM

ok, i will try this new search manually.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...