Thank you for the additional detail Jananie. This is super helpful we will be storing 10 years of AppD case data in an internal database accessible by Support, so when an issue comes up, the engin...
See more...
Thank you for the additional detail Jananie. This is super helpful we will be storing 10 years of AppD case data in an internal database accessible by Support, so when an issue comes up, the engineers have the ability to pull on 10 years of data for a quick resolution. I do realize that this doesn't help customers and partners self-serve and do that in-depth research themselves, but we're not losing that history for support engineers. Thanks so much for taking the time to provide feedback, we'll weigh this input balancing cost, resources and impact to timelines.
I agree that it makes no sense. I opened an SR and this is in the reply I got back from support: The app Splunk SDK for Python must work for .js as well as .py, please attempt using .js an let us...
See more...
I agree that it makes no sense. I opened an SR and this is in the reply I got back from support: The app Splunk SDK for Python must work for .js as well as .py, please attempt using .js an let us know the outcome. I thought, surely this can't be right. Especially on Python 3.7. There are packages built to allow for the import of Python libraries into Node.js, but the ones I know are designed for 3.8+.
Splunk isn't one product. It is split all over the place. You have to sign up for each product separately. The homepage signs you up to splunk cloud not splunk observability. To fix this, sign up...
See more...
Splunk isn't one product. It is split all over the place. You have to sign up for each product separately. The homepage signs you up to splunk cloud not splunk observability. To fix this, sign up for observability separately.
@Kim.Frazier,
Thanks for asking your question on the community. Since it's been a few days with no reply, did you find a solution or any new discoveries you could share? If you are still looking...
See more...
@Kim.Frazier,
Thanks for asking your question on the community. Since it's been a few days with no reply, did you find a solution or any new discoveries you could share? If you are still looking for help, you can contact Cisco AppDynamics Support. How do I submit a Support ticket? An FAQ
Hi @Justin.Matthew,
Thanks for asking your question on the community. It's been a few days, have you discovered anything worth sharing? If not, you can contact Cisco AppDynamics Support for more h...
See more...
Hi @Justin.Matthew,
Thanks for asking your question on the community. It's been a few days, have you discovered anything worth sharing? If not, you can contact Cisco AppDynamics Support for more help. How do I submit a Support ticket? An FAQ
Hi @Anthony.Dahanne,
Thanks for asking your question on the community. Since it's been a few days, have you discovered a solution or anything worth sharing?
Hi @Haleb , where did you run the Monitoring Console, on SH? it's better to use it on Cluster Manager or (better) on a dedicated server. Anyway, if this is a lab, you have to configure your Monico...
See more...
Hi @Haleb , where did you run the Monitoring Console, on SH? it's better to use it on Cluster Manager or (better) on a dedicated server. Anyway, if this is a lab, you have to configure your Monicoring Console, accessing all the systems in your infrastructure as Search Peer. In other words, go in [Settings > Distributed Search > Add Peer] and add also the Cluster Manager as Search peer (on 8089 port) and you'll see it in the Monitoring Console. I did the same error some years ago! Ciao. Giuseppe
How to add a dummy row to the table in the Splunk dashboard. We are receiving 2 files everyday 4 times in between 6-7:30AM, 11-12:30 PM, 6-7:30PM, 9-10:05PM. I need output like below if received on...
See more...
How to add a dummy row to the table in the Splunk dashboard. We are receiving 2 files everyday 4 times in between 6-7:30AM, 11-12:30 PM, 6-7:30PM, 9-10:05PM. I need output like below if received one file means has to display like missing other file. Using | makeresults command we can create a row but it is applicable while calculating the timings. Input : File Date TI7L 03-06-2024 06:52 TI7L 03-06-2024 06:55 TI8L 03-06-2024 11:51 TI8L 03-06-2024 11:50 TI9L 03-06-2024 19:06 TI9L 03-06-2024 19:10 TI5L 03-06-2024 22:16 TI5L 03-06-2024 22:20 Output: File Date TI7L 03-06-2024 06:52 Missing file Missing file TI8L 03-06-2024 11:50 TI9L 03-06-2024 19:06 Missing file TI5L 03-06-2024 22:16 Missing file
Good Day, On the below message. Adding the IP to the Server Settings. Does the Server Settings sit in PowerBI or in Splunk? To find List Management. I have exactly the same error trying to conn...
See more...
Good Day, On the below message. Adding the IP to the Server Settings. Does the Server Settings sit in PowerBI or in Splunk? To find List Management. I have exactly the same error trying to connect to Splunk Cloud connection from PowerBI Any help would be appreciated - Thanks
Hi, I tried to build Splunk environment with 1 SH and indexer cluster with 2 pears + manager node. When I go to Monitoring console -> Settings -> General Setup it shows me only my SH and pears withou...
See more...
Hi, I tried to build Splunk environment with 1 SH and indexer cluster with 2 pears + manager node. When I go to Monitoring console -> Settings -> General Setup it shows me only my SH and pears without manager node But when I go to Distributed environment I can see my indexer manager configured I did something wrong or it should not be displayed in General Setup menu?
I try to import into the Observability platform, but I fail to follow your documentation. This page, https://docs.splunk.com/observability/en/admin/authentication/authentication-tokens/org-tokens.ht...
See more...
I try to import into the Observability platform, but I fail to follow your documentation. This page, https://docs.splunk.com/observability/en/admin/authentication/authentication-tokens/org-tokens.html#admin-org-tokens, says Settings - Access Tokens exists, but it doesn't. (My home page https://prd-p-a9b9x.splunkcloud.com/en-US/manager/splunk_app_for_splunk_o11y_cloud/authentication/users). Settings - Tokens exists, but it doesn't create tokens with scopes. I don't know if that's a documentation error or an application error. I then tried running the code at https://docs.splunk.com/observability/en/gdi/other-ingestion-methods/rest-APIs-for-datapoints.html#start-sending-data-using-the-api, which says I need a realm. And a realm can be found at "your profile page in the user interface". But it's not in User Settings and it's not in Settings - User Interface. Your documentation doesn't seem to match your application. Am I on the wrong page, or your docs years out of date? Please help.
Yes, that's exactly what that is for. Still, consider what @gcusello already said - multiplying indexes is not always a good practice. There are different mechanisms for data "separation" depending o...
See more...
Yes, that's exactly what that is for. Still, consider what @gcusello already said - multiplying indexes is not always a good practice. There are different mechanisms for data "separation" depending on your use case. Unless you need - different access permissions - different retention period or you have significantly different data characteristics (cardinatility, volume and "sparsity") you should leave the data in the same index and limit your searches by adding conditions.
What I meant by "dynamic" is that the value for index should be what regex finds and uses it for FORMAT. I know I can use static value but wanted to confirm it that is something possible using regex ...
See more...
What I meant by "dynamic" is that the value for index should be what regex finds and uses it for FORMAT. I know I can use static value but wanted to confirm it that is something possible using regex to dynamically use correct index which is part to Source. Example of sources : phone-1234 , tablet-23456, pc-45623, pc-79954 [new_index] SOURCE_KEY = MetaData:Source REGEX = (\w+)\-\d+ FORMAT = $1 #This needs be either phone, tablet, pc etc. and don't want to make static DEST_KEY = _MetaData:Index WRITE_META = true
Hi KendallW,
This is the search:
index=_internal (host=`sim_indexer_url` OR host=`sim_si_url`) sourcetype=splunkd group=per_Index_thruput series!=_*
| timechart minspan=30s per_second(kb) a...
See more...
Hi KendallW,
This is the search:
index=_internal (host=`sim_indexer_url` OR host=`sim_si_url`) sourcetype=splunkd group=per_Index_thruput series!=_*
| timechart minspan=30s per_second(kb) as kb by series
Then I selected 30 days on the time picker. Also selected visualization. I have attached another screenshot. I hope it helps.