Splunk Search

Splunk Query help ??

splunker969
Communicator

Hi all we have list of 10 Solaris servers and they are us servers we installed ufs on those servers and are pointing us deployment servers .In deployment client.conf file .Since we have search when I ran that search it is showing that it is phoning home with Uk Deployment server any Help with query ? I believe there is something wrong with Query .Please correct query if any changes need ?Help highly appreciated ?

Query -

| `get_coverage(baseline="isac_systems", feed="kpci_8100_solaris")` | eval Coverage = if('Full Coverage'=="Yes" OR 'Partial Coverage'=="Yes","Yes","No")|search "Full Coverage"="*" "Partial Coverage"="*" "Calculated Region"="*" "Phoning Home"="Yes" "Whitelisted"="*"  Coverage=No "Operational Environment (Sys)"="PROD" OR "Operational Environment (Sys)"="DISASTERREC" | table "System Name" "Application" "Solution" "Calculated Asset Group" "Calculated Asset Type" "Calculated Lifecycle Status" "Lifecycle Phase" "OS Type" "OS" "Calculated Region" "Operational Environment (Sys)" "Server Zone" Component Function "Data Source Count" "Data Sources" "Full Coverage" "Partial Coverage" "Whitelisted" "Phoning Home" "Last Phone Home Time" "IMD" deployment_server |rename deployment_server as "Phoning Home Deployment Server" | fields - "." | lookup imd_splunkds_mapping IMD Country_Code AS "Calculated Region" | rename Calculated_DS as "IMD Calculated Deployment Server"
Tags (1)
0 Karma

adonio
Ultra Champion
0 Karma

splunker969
Communicator

Thanks Adonio .It doesn't help 🙂

0 Karma

niketn
Legend

@splunker969 can you edit your post to add the code using Code button on Splunk Answers i.e. 101010 or Shortcut key Ctrl+K, so that special characters do not escape?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

splunker969
Communicator

Thanks Niketnaily added .

0 Karma

splunker969
Communicator

Any help ? @ somesoni2

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...