All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

How do we uninstall existing AppD configuration from our SAP systems? Looking for documentation for uninstallation process for machine agents, Java agents, ABAP App agents and Datavard transports.
I am trying to create a sourcetype for a new client: Note StartDate=xxxx is where the log begins.  However the StartTime=*** is not with it, but I need both int he logs.  How do I create this source... See more...
I am trying to create a sourcetype for a new client: Note StartDate=xxxx is where the log begins.  However the StartTime=*** is not with it, but I need both int he logs.  How do I create this sourcetype?  C:\Program Files\Universal\UAGSrv\xxx>set StartDate=Mon 07/29/2024 C:\Program Files\Universal\UAGSrv\xxx>set sdy=2024 C:\Program Files\Universal\UAGSrv\xxx>set sdm=07 C:\Program Files\Universal\UAGSrv\xxx>set sdd=29 C:\Program Files\Universal\UAGSrv\xxx>set sdy=2024 C:\Program Files\Universal\UAGSrv\xxx>set sdm=07 C:\Program Files\Universal\UAGSrv\xxx>set sdd=29 C:\Program Files\Universal\UAGSrv\xxx>set StartTime=14:45:09.56   any assistance would be very helpful and appreciated.
Are your nodes physical or e.g. from VMware or some cloud instances?
Hi this is answer from Community Slack Slackbot 17:08 There are a lot of options for finding hosts or sources that stop submitting events: Meta Woot! https://splunkbase.splunk.com/app/2949/ Tr... See more...
Hi this is answer from Community Slack Slackbot 17:08 There are a lot of options for finding hosts or sources that stop submitting events: Meta Woot! https://splunkbase.splunk.com/app/2949/ TrackMe https://splunkbase.splunk.com/app/4621/ Broken Hosts App for Splunk https://splunkbase.splunk.com/app/3247/ Alerts for Splunk Admins ("ForwarderLevel" alerts) https://splunkbase.splunk.com/app/3796/ Monitoring Console https://docs.splunk.com/Documentation/Splunk/latest/DMC/Configureforwardermonitoring Deployment Server https://docs.splunk.com/Documentation/DepMon/latest/DeployDepMon/Troubleshootyourdeployment#Forwarder_warnings Some helpful posts: https://lantern.splunk.com/hc/en-us/articles/360048503294-Hosts-logging-data-in-a-certain-timeframe https://www.duanewaddle.com/proving-a-negative/ r. Ismo
your query is showing who is successfully logged into splunk.. not the user not logged in splunk. 
Hi @Lijesh.Athyalath, I found this Knowledge Base Article. Can you see if this helps? https://community.appdynamics.com/t5/Knowledge-Base/How-do-I-deploy-a-NET-Agent/ta-p/41772
Hi gcusello, Thanks for the reply,  Iam looking to get results like below. my base search | rex "^[^=\n]*=(?P<ServiceName>[^,]+)" | rex "TimeMS\s\=\s(?<Trans_Time>\d+)" Results Servic... See more...
Hi gcusello, Thanks for the reply,  Iam looking to get results like below. my base search | rex "^[^=\n]*=(?P<ServiceName>[^,]+)" | rex "TimeMS\s\=\s(?<Trans_Time>\d+)" Results ServiceName         Trans_Time Count A 60 1111 B 40 1234 Other_Services( C , D, E, F,G,H) 25 1234567
Hi @kc_prane , ony one question: what's time_Token? if it's a field, please try something like this: <your_search | eval services_names=if(services_names IN ("A", "B"), service_name, "Other_Servic... See more...
Hi @kc_prane , ony one question: what's time_Token? if it's a field, please try something like this: <your_search | eval services_names=if(services_names IN ("A", "B"), service_name, "Other_Services") | stats values(time_Token) AS time_Token BY services_names | table services_names time_Taken  otherwise, please explain what's time_Token, or apply my approach to your search. Ciao. Giuseppe
I Have  Service_names  (A, B ,C ,D, E,  F, G, H, I J, K, L , M)  but want  (C ,D, E,  F, G, H, I J, K, L , M ) services_names renamed as "Other_Services"  | Stats by  services_names  | table services... See more...
I Have  Service_names  (A, B ,C ,D, E,  F, G, H, I J, K, L , M)  but want  (C ,D, E,  F, G, H, I J, K, L , M ) services_names renamed as "Other_Services"  | Stats by  services_names  | table services_names  time_Taken Thanks in advance!
Hi @harishsplunk7 , please try this: index=_audit tag=authentication info=succeeded earliest=-30d@d latest=now | stats count BY user | append [ | rest /services/authentication/current-context... See more...
Hi @harishsplunk7 , please try this: index=_audit tag=authentication info=succeeded earliest=-30d@d latest=now | stats count BY user | append [ | rest /services/authentication/current-context | where NOT username="splunk-system-user" | eval count=0 | rename username AS user | fields user ] | stats sum(count) AS total BY user | where count=0 Ciao. Giuseppe
I am looking the for the search query to show of any of the user not logged into splunk.  For example, we have 1500 user accounts but only 1200 user logged into splunk for last 90 days and remaini... See more...
I am looking the for the search query to show of any of the user not logged into splunk.  For example, we have 1500 user accounts but only 1200 user logged into splunk for last 90 days and remaining 300 user are not logged, so i want to list the 300 users. i have retention period of 1 year.
It depends on the retention period of your indexes - essentially you need the latest time by user but if your retention period is not large enough you may not find the user you are looking for - all ... See more...
It depends on the retention period of your indexes - essentially you need the latest time by user but if your retention period is not large enough you may not find the user you are looking for - all that tells you is that there is no record for the user, which may or may not be useful.
Thank you for the help @yuanliu 
how to get the user not logged into Splunk for last 30 or 90days in splunk using audit or _internal index.  
Hi AppDynamics Community, I have a scenerio where I have 6 different MariaDB instances running in 6 different containers on the same server host, and I have 1 Linux VM to installed the Database Agen... See more...
Hi AppDynamics Community, I have a scenerio where I have 6 different MariaDB instances running in 6 different containers on the same server host, and I have 1 Linux VM to installed the Database Agent, so do I need 6 Database Agent licenses for the 6 collectors to configure? or do I need just 1 Database Agent for the VM in which I can configure the 6 collectors? Thanks in advance. Hope everybody have a great week! Regards
i just installed CEF Extraction add-on for splunk i want to try this for example  | makeresults | eval _raw="CEF:0|vendor|product|1.0|TestEvent|5| filename=name.txt ip=10.10.1.2 fullname=mike reac... See more...
i just installed CEF Extraction add-on for splunk i want to try this for example  | makeresults | eval _raw="CEF:0|vendor|product|1.0|TestEvent|5| filename=name.txt ip=10.10.1.2 fullname=mike reacher status=ok" | kv | table fullname filename ip * why it didnt work.. all this because  default kv dont support multi string with whitespace
This worked for me! I had the same scenario, DS up and running but no clients displayed, after I deleted the instance file, then restarted, and it is working now!
Yeah, that is the solution we ended up with as well.
Magic.  Thanks!
Use $row.<x-axis-fieldname>.value$ i.e. the name of the field used for your x axis