All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

@dkmcclory- It depends on what your API call does. If your API call collects data and ingest into Splunk, then use Input else use scheduled alert/report.
Are you sure you have searchable buckets from this site2 index in site1 and the other way around?  site_search_factor = origin:2,total:2 In this case a bucket originating in site2 will stay in site... See more...
Are you sure you have searchable buckets from this site2 index in site1 and the other way around?  site_search_factor = origin:2,total:2 In this case a bucket originating in site2 will stay in site2. So search will reach across intersite link for primaries since it has no searchable primaries in their own site.
This regex will extract the highlighted text (?<msg>"errorMessage":"[^"]+")
Hi @Hod152, why you did this? if you have tstats BY _time, you already have the timechart:   | tstats count WHERE case=test responseCode=200 requestStatus!=legal BY clientIp _t... See more...
Hi @Hod152, why you did this? if you have tstats BY _time, you already have the timechart:   | tstats count WHERE case=test responseCode=200 requestStatus!=legal BY clientIp _time span=1h   Anyway, it's always better to indicate the indexes to use in the search, to have more performant searces  and avoid default search path issues. Ciao. Giuseppe
Hi @Cloud001, what are the Replication Factor and the Search Factor? anyway, usually logs are plicated between the indexers of each site anche between the sites, in this way, you have at least one ... See more...
Hi @Cloud001, what are the Replication Factor and the Search Factor? anyway, usually logs are plicated between the indexers of each site anche between the sites, in this way, you have at least one searcheabel copy (or more) in each site. e.g. to have two copies of data in each site, you should have: site_replication_factor = origin:2, site1:2, total:4 for more details see at https://docs.splunk.com/Documentation/Splunk/9.2.2/Indexer/Multisitearchitecture Ciao. Giuseppe
We did the same thing you did.  DS and HF on the same internet facing server.  We disabled the web interface and manage the deployment server with .conf files only. All of the deployment clients for... See more...
We did the same thing you did.  DS and HF on the same internet facing server.  We disabled the web interface and manage the deployment server with .conf files only. All of the deployment clients for the DS/HF show up on in the Settings > Forwarder Management page as you describe.  All of the deployment clients in another deployment server show up too.  My guess is that the logs in the new _dsappevent, _dsphonehome, and  _dsclient indexes that are created in 9.2 is where that page gets its information.  It's very confusing.  There should be a column for the splunk_server in the display, so that we can tell which server is serving apps to which clients.
Hey, Iv'e noticed some wierd behviour that is making me suspect the relaibility of my queries so I'm really looking for an explanation, I was making some searches and displaying them on a timechart,... See more...
Hey, Iv'e noticed some wierd behviour that is making me suspect the relaibility of my queries so I'm really looking for an explanation, I was making some searches and displaying them on a timechart, for some reason the timechart looks completly different when I sort the fields befor. this is the basic search and it's results:     |tstats count WHERE case=test responseCode=200 requestStatus!=legal by clientIp _time span=1h| timechart sum(count) span=1h     After sorting clientIp field this is how the graph looks like:     |tstats count WHERE case=test responseCode=200 requestStatus!=legal by clientIp _time span=1h| sort -clientIp |timechart sum(count) span=1h         |tstats count WHERE case=test responseCode=200 requestStatus!=legal by clientIp _time span=1h| sort +clientIp |timechart sum(count) span=1h     Note that the count is decreased on the sorted search.     What can explain that behaviour? Which chart should I relay on? Is that a feature of sorting? Thanks  
2024-07-16T10:59:41.259Z eff08259-3379-5637-b5fe-dd4967aee355 ERROR Invoke Error {"errorType":"Error","errorMessage":"Required Message Attribute [EventTimestamp] is missing","errorCode":_ERROR","na... See more...
2024-07-16T10:59:41.259Z eff08259-3379-5637-b5fe-dd4967aee355 ERROR Invoke Error {"errorType":"Error","errorMessage":"Required Message Attribute [EventTimestamp] is missing","errorCode":_ERROR","name":"Error","stack":["Error: Required Message Attribute [EventTimestamp] is missing"," at throwRequiredParameterError  In the above log i need to extract errorMessage which was highlighted....Can anyone of you please help me in writing regex for the same.
Again - what in this event should tell Splunk that it's a new event?
Tried to use "_raw =errortrace" in fields alias section...it did not pick up this field alias.
Why is data from other sites retrieved?  1. splunk version  9.2.1   2. server.conf : manager-node      [general]      serverName = site01_master      pass4SymmKey = $7$50dW7T6+mDkef5xS4o2BemFWDA... See more...
Why is data from other sites retrieved?  1. splunk version  9.2.1   2. server.conf : manager-node      [general]      serverName = site01_master      pass4SymmKey = $7$50dW7T6+mDkef5xS4o2BemFWDAur04JWlGHTwFKCNHAXuGtkZkOaEg==      site = site1      [clustering]      available_sites = site1,site2      mode = manager      multisite = true      pass4SymmKey = $7$lBUz3IZR3TZJeUAdYDUZR4tesE3AL0ttpupYUywS3UrG7PdwqHZ01g==      site_replication_factor = origin:3,site1:3,total:6      site_search_factor = origin:2,total:2 3. server.conf : site1-SH      [general]      serverName = site01_sh01      pass4SymmKey = $7$lX74ABK5XURidryB9htlMI9hsjjZZSq0PulPOi3bCbCziiWrBBnN5g==      site = site1      [clustering]      manager_uri = https://192.168.79.141:8089      mode = searchhead      multisite = true      pass4SymmKey = $7$JZddW4jKx48TGUx03PmTHexz76aYtTwK/aW7cQ9AGFsnZaA++xv1lA==       3. server.conf : site2-SH      [general]      serverName = site02_sh01      pass4SymmKey = $7$zFcBrd6VgPug9rgiJvI+mvRI5H7PRWwuaGgg0HBY0UKp4hTMN1CBmQ==      site = site2      [clustering]      manager_uri = https://192.168.79.141:8089      mode = searchhead      multisite = true      pass4SymmKey = $7$3u+CM93kvNCnGZolsv6K9EdD6fyYpalpNDyfL/+Bq0D0Vuzd5u3kuQ==    
Thanks for Update    04/06/2024;09:55:33;Operator;Operator level: 0 -> 6 EP78543 line break Before and after  regex query
I just checked out my number formatting on the table and changed the precision to 0 exactly
This query is working fine with the given example But when I am running given query in index it not producing any result.  index = cba_hcck8s_UHGWM110-013948 host=prod_poc source=poc | fields ... See more...
This query is working fine with the given example But when I am running given query in index it not producing any result.  index = cba_hcck8s_UHGWM110-013948 host=prod_poc source=poc | fields - {}.* ``` optional ``` | spath path={} | mvexpand {} | fields - _* ``` optional ``` | spath input={} | eval totalCount = SKIPPED + PROCESSED | chart sum(SKIPPED) as SKIPPED,sum(PROCESSED) as Processed sum(totalCount) as TotalClaims by DAYHOUR DATE I am getting no result with this query. You know my data reside in message under event field. Might be this query not reaching message  field where rest of the data stored in array.    Also adding my row text    {"id":"0","severity":"Information","message":"[{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00343\",\"TOTAL\":0,\"PROCESSED\":11,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00253\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":15,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00598H\",\"TOTAL\":0,\"PROCESSED\":4,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_02141\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":9,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00447\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":5,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00253H\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":7,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00031AdjPro\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":30,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00343\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":43,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00031\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":9,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_HOSPICE_CLM\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":1,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00283\",\"TOTAL\":0,\"PROCESSED\":16,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_02107\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":2,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00283\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":104,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_02141\",\"TOTAL\":0,\"PROCESSED\":8,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00674\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":17,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00253\",\"TOTAL\":0,\"PROCESSED\":40,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00758H\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":6,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_02076H\",\"TOTAL\":0,\"PROCESSED\":27,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00283H\",\"TOTAL\":0,\"PROCESSED\":9,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00120H\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":14,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00721H\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":105,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00479\",\"TOTAL\":0,\"PROCESSED\":7,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_05009H\",\"TOTAL\":0,\"PROCESSED\":13,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00243\",\"TOTAL\":0,\"PROCESSED\":47,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_02061\",\"TOTAL\":0,\"PROCESSED\":1,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00119\",\"TOTAL\":0,\"PROCESSED\":9,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00035\",\"TOTAL\":0,\"PROCESSED\":101,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_02093\",\"TOTAL\":0,\"PROCESSED\":188,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00680\",\"TOTAL\":0,\"PROCESSED\":5,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00394\",\"TOTAL\":0,\"PROCESSED\":198,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_01902\",\"TOTAL\":0,\"PROCESSED\":4,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00363\",\"TOTAL\":0,\"PROCESSED\":12,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00072H\",\"TOTAL\":0,\"PROCESSED\":2,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00035\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":25,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00660\",\"TOTAL\":0,\"PROCESSED\":19,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_02093\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":1,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_02117\",\"TOTAL\":0,\"PROCESSED\":58,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00035Med\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":5,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_CSTATUS\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":16,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00363\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":24,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_01902\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":2,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_02149\",\"TOTAL\":0,\"PROCESSED\":3,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00072H\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":28,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00380\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":8,\"FAILED\":8,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00367\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":2,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00200\",\"TOTAL\":0,\"PROCESSED\":28,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00479\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":23,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00663\",\"TOTAL\":0,\"PROCESSED\":3,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00119\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":1,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00243\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":25,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00598H\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":482,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00031Medica\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":6,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00108\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":2,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00253H\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":2,\"FAILED\":2,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_02131H\",\"TOTAL\":0,\"PROCESSED\":71,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_01000H\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":18,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00367\",\"TOTAL\":0,\"PROCESSED\":1,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00674\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":1,\"FAILED\":1,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00680\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":7,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00313\",\"TOTAL\":0,\"PROCESSED\":1,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_01010\",\"TOTAL\":0,\"PROCESSED\":1,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00674\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":141,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00660\",\"TOTAL\":0,\"PROCESSED\":0,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":94,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3},{\"TARGETSYSTEM\":\"CPW\",\"ARUNAME\":\"CPW_00253H\",\"TOTAL\":0,\"PROCESSED\":12,\"REMAINING\":0,\"ERROR\":0,\"FAILED\":0,\"SKIPPED\":0,\"PROCESSING\":0,\"DATE\":\"7/16/2024\",\"DAYHOUR\":3}]"}  
how do i get the values in days_to_eol to just show without the .00 decimal. I even rounded the result to the nearest whole number with my query
 any solution to this issue, i am also having same problem after upgrading to Splunk 9.2.2
We have approximately a year's worth of data in our Splunk Cloud instance. Due to certain reasons, we need to export all the indexed data from Splunk Cloud into readable files. What are the possible ... See more...
We have approximately a year's worth of data in our Splunk Cloud instance. Due to certain reasons, we need to export all the indexed data from Splunk Cloud into readable files. What are the possible ways to achieve this?
It would help if you post the data as text instead of a photo of it.
Hi     <search> <query>index=* EventCode=25753 | stats count(EventCode) as toto | append [| search index=* EventCode=* | stats count(EventCode) as toto2]</query> <earliest>-... See more...
Hi     <search> <query>index=* EventCode=25753 | stats count(EventCode) as toto | append [| search index=* EventCode=* | stats count(EventCode) as toto2]</query> <earliest>-7d@h</earliest> <latest>now</latest> <done> <condition> <set token="NbHost">$result.toto$</set> <set token="NbHost2">$result.toto2$</set> </condition> </done> </search> <option name="drilldown">none</option> <option name="underLabel">$NbHost$ / $NbHost2$</option>   I dont succeed to display the NbHost2 value under my single panel what is wrong please?    
And your props for this sourcetype are...?