IIRC, the _introspection index has disk space usage data for searches. I still question the utility of that information, however, since the usage is not cumulative.
Hi Splunkers, I'm trying to compare the policy names from Today with policy names from past 48 hours to see if there is any change in policy names. I tried using append as well as join to compare...
See more...
Hi Splunkers, I'm trying to compare the policy names from Today with policy names from past 48 hours to see if there is any change in policy names. I tried using append as well as join to compare the results from last 48 hours with Today's timeframe. But, I'm unable to get the expected output or result. Ex: In the below table I'm trying to see if there are any changes in policy names from last 48 hours. So, policy_3_sf's name is changed to policy_3_sk. Similarly, policy_4_sg and policy_5_gh names are changed to policy_4_sp and policy_5_gk respectively and are the new names I would like to list through my query as per the requirement. Last_48_Hours_Policy_Names Today_Policy_Names New_Policy_Names policy_1_xx policy_1_xx policy_2_xs policy_2_xs policy_3_sf policy_3_sk policy_3_sk policy_4_sg policy_4_sp policy_4_sp policy_5_gh policy_5_gk policy_5_gk Could you please let me know if my approach is correct or if something is missing in my queries? Thanks,
Hi @Shubham.Kadam,
The Community has not jumped in to help. Did you happen to find a solution yourself you can share? If you're still looking for help, you an contact AppDyanmics Support. AppDyn...
See more...
Hi @Shubham.Kadam,
The Community has not jumped in to help. Did you happen to find a solution yourself you can share? If you're still looking for help, you an contact AppDyanmics Support. AppDynamics is migrating our Support case handling system to Cisco Support Case Manager (SCM). Read on to learn how to manage your cases. If you do, and get a solution, can you please come back and share the solution here.
Hi @Ravi.Rajangam, I think this would be the page you are looking for: https://docs.appdynamics.com/appd/23.x/23.12/en/appdynamics-essentials/alert-and-respond/actions/notification-actions
hi team, I wanted to create summary index using the following query. Daily Request counts Last Month index=service_audit REQUEST
| bucket span=d _time
| eval time_diff=round(((stopDate - startD...
See more...
hi team, I wanted to create summary index using the following query. Daily Request counts Last Month index=service_audit REQUEST
| bucket span=d _time
| eval time_diff=round(((stopDate - startDate)/3600000),0)
| stats count as Request_Count by _time 1.I followed all the steps mentioned in the splunk.com 2.i have created new summary index as name service_audit_summary 3.using collect command index=service_audit REQUEST
| bucket span=d _time
| eval time_diff=round(((stopDate - startDate)/3600000),0)
| stats count as Request_Count by _time
| collect index=service_audit_summary but the summary index not showing any event ? 4.even created report and tried but same problem I'm facing please anyone could suggest Thanks in advance
Hi @richgalloway thanks for your response. So my requirement is to show disk usage of every user for their searches. I tried with audit index but there I can see search name and it's count. ...
See more...
Hi @richgalloway thanks for your response. So my requirement is to show disk usage of every user for their searches. I tried with audit index but there I can see search name and it's count. I want to show the historical data of disk usage for each user.
I'm trying to update our Bitglass App on the Splunk Cloud (from 1.0.14 to 1.0.25) but there doesn't seem to be a a way to do this without uninstalling the app and reinstalling. If I select the app fr...
See more...
I'm trying to update our Bitglass App on the Splunk Cloud (from 1.0.14 to 1.0.25) but there doesn't seem to be a a way to do this without uninstalling the app and reinstalling. If I select the app from SplunkBase, it only offers the option to download the app file. If I attempt to Upload the file, the system informs me that I already have the app installed. There's no upgrade / update option in the Apps management that I can find. Does anyone have a suggestion of how to solve this?
Hi @AndySplunks , I’m a Community Moderator in the Splunk Community. This question was posted 6 years ago, so it might not get the attention you need for your question to be answered. We recommend ...
See more...
Hi @AndySplunks , I’m a Community Moderator in the Splunk Community. This question was posted 6 years ago, so it might not get the attention you need for your question to be answered. We recommend that you post a new question so that your issue can get the visibility it deserves. To increase your chances of getting help from the community, follow these guidelines in the Splunk Answers User Manual when creating your post. Thank you!
Since switching to org.apache.httpcomponents.client5:httpclient5:5.3.1 (from org.apache.httpcomponents:httpclient:4.5.14) we have lost tracking of business transactions between tiers. Are there a...
See more...
Since switching to org.apache.httpcomponents.client5:httpclient5:5.3.1 (from org.apache.httpcomponents:httpclient:4.5.14) we have lost tracking of business transactions between tiers. Are there any known issues with the Java Agents not supporting httpclient5 or is there an agent version where this is known to work? This is similar to https://community.appdynamics.com/t5/Idea-Exchange/App-Agent-supporting-Apache-httpclient-5/idi-p/43192 Thanks Steve
Well... One could argue about the "don't use RAID0" (which actually isn't a RAID because there is no redundancy) since with RF>1 you provide redundancy at the whole cluster's level. But that's someth...
See more...
Well... One could argue about the "don't use RAID0" (which actually isn't a RAID because there is no redundancy) since with RF>1 you provide redundancy at the whole cluster's level. But that's something we could debate long over a beer if I ever go to .conf
One way is to do it as @richgalloway showed - with a composite regex accounting for both orders of fields (Just include possible whitespaces - I don't remember if they are included in windows events ...
See more...
One way is to do it as @richgalloway showed - with a composite regex accounting for both orders of fields (Just include possible whitespaces - I don't remember if they are included in windows events or not). Another way is to use INGEST_EVAL and use something like this for your eval queue=if(match(first_regex_and_so_on) AND match(second_regex...), "nullQueue", queue) Be aware thought that it won't work for the events from inputs with renderXml=true. Anyway, additionally you could look into filtering out those values even earlier - in your forwarder's input's stanza using blacklisting.
Apart from your main question there are three issues with your search 1. You're using spath on the whole event which would mean that the fields are not auto-extracted. Where do you have your fields ...
See more...
Apart from your main question there are three issues with your search 1. You're using spath on the whole event which would mean that the fields are not auto-extracted. Where do you have your fields from then? It's a bit unclear to me. 2. Are you aware what is the difference between (message!=something) and (NOT message=something)? 3. The search term with a wildcard at the beginning is gonna be very costly performance-wise. OK. Having gone past that... You can use streamstats to "copy" values from an event to subsequent events. It's not clear what your search for event A is but the general idea would be: <base search matching both eventA and eventB conditions> | eval firsteventid=if(<criteria matching event A>) | eval secondeventid=if(<criteria matching event B>) | streamstats time_window=30s values(firsteventid) as previousfirsteventid ```here we do the copy-over``` | where secondeventid=previousfirsteventid ```if you can expect multiple firsteventids you might need to do some multivalue matching```
I need to collect data from a folder on a Windows machine, the problem is that this folder is mounted as a disk and the host sends data to it. The classic inputs.conf for the folder source does not w...
See more...
I need to collect data from a folder on a Windows machine, the problem is that this folder is mounted as a disk and the host sends data to it. The classic inputs.conf for the folder source does not work. How can I fix this problem?