All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

I'm not sure I understand the question - where is the JS coming from? Are you saying you want to create a list of dropdown choices from the result of that search If so, simply set your input to be ... See more...
I'm not sure I understand the question - where is the JS coming from? Are you saying you want to create a list of dropdown choices from the result of that search If so, simply set your input to be <input type="dropdown" token="your_token" searchWhenChanged="true"> <label>Example Dropdown from search</label> <fieldForLabel>source</fieldForLabel> <fieldForValue>source</fieldForValue> <search> <query>index=_internal |stats count by source</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> </input>
That mvjoin simply turns your list of regexes into  (A|B|C|D|E|F|...) i.e. A OR B OR C OR D... How many regexes do you have - I suspect there is a practical limit and you've probably reached it. ... See more...
That mvjoin simply turns your list of regexes into  (A|B|C|D|E|F|...) i.e. A OR B OR C OR D... How many regexes do you have - I suspect there is a practical limit and you've probably reached it.  
I tried adding it via the gui, but I get the error "JAVA_HOME path does not exist".  I'm curious if Splunk is it's a syntax issue - I'm inputting %JAVA_HOME% as the path. I also found that if I leav... See more...
I tried adding it via the gui, but I get the error "JAVA_HOME path does not exist".  I'm curious if Splunk is it's a syntax issue - I'm inputting %JAVA_HOME% as the path. I also found that if I leave the field blank, Splunk auto-populates the value.  I'll see if it auto-populates it with a new path at next upgrade.  
Please share the search which is giving this result.
When I am trying your query, it is showing that number events on the top. But not displayin the results in the statistics. Like below  
A & B coulmns should come together as one and based on their values it should add to the count. This is clearer than the original description.  If A and B should come together, they have to be co... See more...
A & B coulmns should come together as one and based on their values it should add to the count. This is clearer than the original description.  If A and B should come together, they have to be combined before groupby, and used as a single groupby.  The reason why your first attempt did produce results is because as two separate groupby terms, both must exist in the same events. The solution will depend on whether A and B are mutually exclusive.  From your original result, it seems that they are exclusive.  So,   index="XYZ" (ProxyPath="/xyz" OR ProxyPath="/abc") AND StatusCode=200 | eval "A OR B" = coalesce(A, B) | stats count by "A OR B" StatusCode  
example : when we have 2 or more column names with longer text and want to get expand field values for the one column name which we have selected(specific) but not to expand all the columns where t... See more...
example : when we have 2 or more column names with longer text and want to get expand field values for the one column name which we have selected(specific) but not to expand all the columns where this drilldown is used. My demo dashboard only act on one column named "fieldname".  That is exactly what you describe here.  Can you explain why this does not meet the requirement?  Let's say, you have "fieldname" and "fieldname2" both can get very long.  You set the token on "fieldname" only.  For fieldname2, if you want to make it short, simply do | eval fieldname2 = substr(fieldname2, 0, 47) . " ..." (47 so there is room for ellipses.)  Here is a full demo <dashboard version="1.1" theme="light"> <label>Very long text</label> <description>https://community.splunk.com/t5/Dashboards-Visualizations/Splunk-dashboards/m-p/692394#M56730</description> <init> <set token="reveal_tok">init</set> </init> <search> <query> | makeresults format=csv data="reveal short" </query> </search> <row> <panel> <title>reveal = $reveal_tok$</title> <table> <search> <query>| makeresults format=csv data="fieldname, fieldname2 not as long, 2nd field really really really really really loooooooooooooooooong very very very very very very very very very very loooooooooooooooooooooog, shorter second field" | rename fieldname as _fieldname | eval fieldname = if(len(_fieldname) &gt; 50 AND len("$reveal_tok$") &lt; 51, substr(_fieldname, 0, 46) . " ... " , _fieldname) | eval fieldname2 = if(len(fieldname2) &gt; 50, substr(fieldname2, 0, 46) . " ...", fieldname2)</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">cell</option> <option name="refresh.display">progressbar</option> <drilldown> <set token="reveal_tok">$row._fieldname$</set> </drilldown> </table> </panel> </row> </dashboard>
Thanks for swift reply @yuanliu . Here is the sample table I am looking for StatusCode A or B Count 200 some A/B value 2 200 some A/B value 1 200 some A/B value 10 200 some A... See more...
Thanks for swift reply @yuanliu . Here is the sample table I am looking for StatusCode A or B Count 200 some A/B value 2 200 some A/B value 1 200 some A/B value 10 200 some A/B value 8 200 some A/B value 5 A & B coulmns should come together as one and based on their values it should add to the count. More detailed way StatusCode A or B Count 200 Upgrade 2 200 Downgrade 1 200 Retain 10 200 Cancel 8 200 New Customer 5  
I am using SaaS 23.11.7-1552 How can I create a dash studio time series for all nodes in a particular tier?  Currently I've defined an app variable.  When a user views the dashboard, he selects the ... See more...
I am using SaaS 23.11.7-1552 How can I create a dash studio time series for all nodes in a particular tier?  Currently I've defined an app variable.  When a user views the dashboard, he selects the appropriate app.  However I can't figure out how to create or use another variable where the user selects the tier within the app.  When defining a tier variable, I am not allowed to enter $AppName for the app name. I see the docs talk about nested variables but do not say how to create them, nor can I find any examples. thanks
Hi @Rajesh.Ganapavarapu , I tried the command that you just gave me with my access_key, but I think curl is not installed in the operator pod, and also don't have the permission to install it, it ju... See more...
Hi @Rajesh.Ganapavarapu , I tried the command that you just gave me with my access_key, but I think curl is not installed in the operator pod, and also don't have the permission to install it, it just replies me: /bin/sh: curl: not found Regards Gustavo Marconi
You need to first think through what the problem you are trying to solve by using sample data.  Let's say the search index="XYZ"  (ProxyPath="/xyz" OR ProxyPath="/abc") AND StatusCode=200 returns the... See more...
You need to first think through what the problem you are trying to solve by using sample data.  Let's say the search index="XYZ"  (ProxyPath="/xyz" OR ProxyPath="/abc") AND StatusCode=200 returns the following results. StatusCode A B 200 some A value   200 some other A value   200   Some B value 200   Some other B value 200 Even more A value   Can you show the result table that you are looking for? How to display both A and B colums combined and have the status code as well in the table? If A and B do not exist in the same event, I see no meaningful way to display both of them.
the format of the query is the problem. A simple way to populate the query is to reference a table from the Resource Graph table here... https://learn.microsoft.com/en-us/azure/governance/resource-g... See more...
the format of the query is the problem. A simple way to populate the query is to reference a table from the Resource Graph table here... https://learn.microsoft.com/en-us/azure/governance/resource-graph/concepts/query-language#resource-graph-tables For example, "ServiceHealthResources" works, as does "SecurityResources".
Hi Team, I have two different fields (Ex. A and B). Value A will come for some results and B will come for some. While I am using below query, it is only pulling A or B. index="XYZ" (ProxyPath="... See more...
Hi Team, I have two different fields (Ex. A and B). Value A will come for some results and B will come for some. While I am using below query, it is only pulling A or B. index="XYZ" (ProxyPath="/xyz" OR ProxyPath="/abc") AND StatusCode=200 | stats count by A StatusCode - only A events are getting displayed index="XYZ" (ProxyPath="/xyz" OR ProxyPath="/abc") AND StatusCode=200 | stats count by B StatusCode - only B events are getting displayed index="XYZ" (ProxyPath="/xyz" OR ProxyPath="/abc") AND StatusCode=200 | stats count by A B StatusCode - it is not displaying any table   How to display both A and B colums combined and have the status code as well in the table?
Hi @JF.Lu, Thanks for asking your question on the Community. It looks like the community did not chime in, did you happen to find a solution or anything new you can share?
I have the choice and I chose a type other than Threat but the problem is still
Hi @Ryan.Paredez , Yes, I checked the reply from Rajesh, thank you! Glad to know that my feedback helps to do a minor contribution to the community. Hope you have a great day too! Regards Gustav... See more...
Hi @Ryan.Paredez , Yes, I checked the reply from Rajesh, thank you! Glad to know that my feedback helps to do a minor contribution to the community. Hope you have a great day too! Regards Gustavo Marconi
Hello @Gustavo.Marconi , By default SaaS controller is SSL enabled but I see the error message is "http". Could you please check your config if you have provided http or https.  [ERROR]: 2024-07-... See more...
Hello @Gustavo.Marconi , By default SaaS controller is SSL enabled but I see the error message is "http". Could you please check your config if you have provided http or https.  [ERROR]: 2024-07-08 16:17:58 - agentregistrationmodule.go:131 - Failed to send agent registration request: Post "http://pracso-nfr.saas.appdynamics.com:443/sim/v2/agent/clusterRegistration": EOF  1. Now ssh into your appdynamics-operator pod or cluster agent pod kubectl -n <namespace> exec -it <appdynamics-operator-pod> -- /bin/sh 2 . Run the following command and send us the output for this: curl -v -k -u singularity-agent@tatadigital:<access_key> https: // pracso-nfr.saas.appdynamics.com.com:443/sim/v2/agent/clusterRegistration Hope this will figure it out what is the cause. Keep us posted. Best Regards, Rajesh Ganapavarapu
Hi @Rajesh.Ganapavarapu , I applied the command: kubectl get secret cluster-agent-secret -n appdynamics -o jsonpath='{.data.controller-key}' | base64 --decode  And it replies me with my controller... See more...
Hi @Rajesh.Ganapavarapu , I applied the command: kubectl get secret cluster-agent-secret -n appdynamics -o jsonpath='{.data.controller-key}' | base64 --decode  And it replies me with my controller-key. The agent version that I'm using is 24.6.0-481, appdynamics-cluster-agent-alpine_linux_amd64-24.6.0.481.zip was the version that I downloaded.  In the cluster-agent.yaml the image is set to: "docker.io/appdynamics/cluster-agent:latest". I re-deployed everything and check again the logs for the  cluster-agent, it shows me this: root@ubuntu-k8s-test:/home/gmarconi/appdynamics/cluster-agent# microk8s kubectl logs -n appdynamics k8s-cluster-agent-df58dfdc5-wtl7b CA_PROPERTIES= -appdynamics.agent.accountName=pracso-nfr -appdynamics.controller.hostName=pracso-nfr.saas.appdynamics.com -appdynamics.controller.port=443 -appdynamics.controller.ssl.enabled=false -appdynamics.agent.monitoredNamespaces="default" -appdynamics.agent.event.upload.interval=10 -appdynamics.docker.container.registration.interval=120 -appdynamics.agent.httpClient.timeout.interval=30 APPDYNAMICS_AGENT_CLUSTER_NAME=Tasks-Webapp [ERROR]: 2024-07-08 16:17:58 - secretconfig.go:68 - Problem With Getting /opt/appdynamics/cluster-agent/secret-volume/api-user Secret: open /opt/appdynamics/cluster-agent/secret-volume/api-user: no such file or directory [INFO]: 2024-07-08 16:17:58 - main.go:57 - check env variables and enable profiling if needed [INFO]: 2024-07-08 16:17:58 - agentprofiler.go:22 - Cluster Agent Profiling not enabled! [INFO]: 2024-07-08 16:17:58 - main.go:60 - Starting APPDYNAMICS CLUSTER AGENT version 24.6.0-481 [INFO]: 2024-07-08 16:17:58 - main.go:61 - Go lang version: go1.22.3 W0708 16:17:58.556623 8 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. [INFO]: 2024-07-08 16:17:58 - main.go:78 - Kubernetes version: v1.29.4 [INFO]: 2024-07-08 16:17:58 - main.go:236 - Registering cluster agent with controller host : pracso-nfr.saas.appdynamics.com controller port : 443 account name : pracso-nfr [WARNING]: 2024-07-08 16:17:58 - agentregistrationmodule.go:359 - "default" is not a valid namespace in your kubernetes cluster [INFO]: 2024-07-08 16:17:58 - agentregistrationmodule.go:363 - Established connection to Kubernetes API [INFO]: 2024-07-08 16:17:58 - agentregistrationmodule.go:68 - Cluster name: Tasks-Webapp [INFO]: 2024-07-08 16:17:58 - agentregistrationmodule.go:119 - Initial Agent registration [ERROR]: 2024-07-08 16:17:58 - agentregistrationmodule.go:131 - Failed to send agent registration request: Post "http://pracso-nfr.saas.appdynamics.com:443/sim/v2/agent/clusterRegistration": EOF Noticed that -appdynamics.controller.ssl.enabled is set to false, but I don't know how to set it to true, also not sure if that's the problem. Hope you can help me Rajesh. Have a great day! Regards Gustavo Marconi
Thanks for the reply
I made changes, but I can't manage to change the color. index="db_pci_mssqlatom" sourcetype=* | dedup 1 _raw | top trans_status showperc=0 | transpose 0 header_field=trans_status | search colum... See more...
I made changes, but I can't manage to change the color. index="db_pci_mssqlatom" sourcetype=* | dedup 1 _raw | top trans_status showperc=0 | transpose 0 header_field=trans_status | search column="count"