All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hi @fabrizioalleva , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
Hi @fabrizioalleva , if you need to send an alert, you could run a search like the following every 5 minutes: index=myindex eariest=-5m@m latest=@m | stats count BY APP | where count<5 instead in ... See more...
Hi @fabrizioalleva , if you need to send an alert, you could run a search like the following every 5 minutes: index=myindex eariest=-5m@m latest=@m | stats count BY APP | where count<5 instead in a dashboard panel, you can use timechart. Ciao. Giuseppe
Thanks, @gcusello, I already tried with time chart, but if I've a lot of application which work in this way, I'm not able to work with timechart, also because if I wanto to work with data after time... See more...
Thanks, @gcusello, I already tried with time chart, but if I've a lot of application which work in this way, I'm not able to work with timechart, also because if I wanto to work with data after timechart I cannot. Maybe better so: DATE,APP 2024/05/24 11:04:00, APPA 2024/05/24 11:05:00,APPB 2024/05/24 11:06:00,APPA 2024/05/24 11:08:00,APPB 2024/05/24 11:09:00,APPA 2024/05/24 11:10:00,APPB 2024/05/24 11:11:00,APPA 2024/05/24 11:13:00,APPB 2024/05/24 11:14:00,APPA So I've to highlight this condition of "flapping" in 10 minutes. If The app is present, it means that it's not respondig. index=myindex | timechart span=1m by APP produces: _time, APPA, APPB And what I want to produce _time, APPA, APPB 2024/05/24 11:04:00, 1,0 2024/05/24 11:05:00, 0,1 2024/05/24 11:06:00, 1,0 2024/05/24 11:07:00,0,0 2024/05/24 11:08:00, 0,1 2024/05/24 11:09:00, 1,0 2024/05/24 11:10:00, 0,1 2024/05/24 11:11:00, 1,0 2024/05/24 11:12:00,0,0 2024/05/24 11:13:00, 0,1 2024/05/24 11:14:00, 1,0 But I want to work with this output in order to send alert to other application. Thanks    
Hi @PavithraSarvin, I’m a Community Moderator in the Splunk Community. This question was posted 5 years ago, so it might not get the attention you need for your question to be answered. We recomm... See more...
Hi @PavithraSarvin, I’m a Community Moderator in the Splunk Community. This question was posted 5 years ago, so it might not get the attention you need for your question to be answered. We recommend that you post a new question so that your issue can get the  visibility it deserves. To increase your chances of getting help from the community, follow these guidelines in the Splunk Answers User Manual when creating your post. Thank you! 
Hi @fabrizioalleva, I suppose that you already extracted the field with the status=1. In this case you could run <your_search> | timechart span=1m count BY status Ciao. Giuseppe
Hi @vishwa, use eval round (https://docs.splunk.com/Documentation/SCS/current/SearchReference/MathematicalFunctions#round.28.26lt.3Bnum.26gt.3B.2C_.26lt.3Bprecision.26gt.3B.29 | eval your_field=r... See more...
Hi @vishwa, use eval round (https://docs.splunk.com/Documentation/SCS/current/SearchReference/MathematicalFunctions#round.28.26lt.3Bnum.26gt.3B.2C_.26lt.3Bprecision.26gt.3B.29 | eval your_field=round(your_field,0) Ciao. Giuseppe 
Hi all, we've a procedure that's writes index only where there's a KO: So I've a sequence of events like these: DATE,RESPONSE 2024/05/24 11:04:00,1 2024/05/24 11:05:00,1 2024/05/24 11:06:00,1 ... See more...
Hi all, we've a procedure that's writes index only where there's a KO: So I've a sequence of events like these: DATE,RESPONSE 2024/05/24 11:04:00,1 2024/05/24 11:05:00,1 2024/05/24 11:06:00,1 2024/05/24 11:08:00,1 2024/05/24 11:09:00,1 2024/05/24 11:10:00,1 2024/05/24 11:11:00,1 2024/05/24 11:13:00,1 2024/05/24 11:14:00,1 As you can se between 2024/05/24 11:06:00 and 2024/05/24 11:08:00 and 2024/05/24 11:11:00 2024/05/24 11:12:00 , there's no a KO What we want do is to produce a full output like this: 2024/05/24 11:04:00,1 2024/05/24 11:05:00,1 2024/05/24 11:06:00,1 2024/05/24 11:07:00,0 2024/05/24 11:08:00,1 2024/05/24 11:09:00,1 2024/05/24 11:10:00,1 2024/05/24 11:11:00,1 2024/05/24 11:12:00,0 2024/05/24 11:13:00,1 2024/05/24 11:14:00,1 In order to highlight the service's up/down. I've tried with a lot of method but I cannot obtain a similiar result.   Any suggestion ?   Thanks Fabrizio
I want to migrate my clustered environment from one Linux to another. Is it possible to migrate search head and deployment server first and then the indexers on the other day? CentOS and the new di... See more...
I want to migrate my clustered environment from one Linux to another. Is it possible to migrate search head and deployment server first and then the indexers on the other day? CentOS and the new distro is RHEL? Any Ideas or suggestions?
Additional Info for @PickleRick's response: This will be removed in a future version of the solnlib library. See function starting at line 237 in the CredentialManager class: https://splunk.githu... See more...
Additional Info for @PickleRick's response: This will be removed in a future version of the solnlib library. See function starting at line 237 in the CredentialManager class: https://splunk.github.io/addonfactory-solutions-library-python/credentials/#solnlib.credentials.CredentialManager.get_password Looking at the new code, a realm will be required to be passed to the definition.
Hi all, I have table where the values are showing as 234.000000 56.000000 But we want to remove zeros and shown only 234 56 How we do this???
Is there a solution in place for this issue? Iam facing same issue.
Hi @Amit.Bisht, Thanks for asking your question on the community. Since the community did not jump in and help, you can contact AppDynamics Support. How do I submit a Support ticket? An FAQ 
how we can filter it with providing the value 7670
Rename you field with the url in to start with an underscore e.g. "_url", then refer to it in the drilldown as suggested earlier e.g. "$row._url$"
Try  LINE_BREAKER = ()\d{4}-\d\d
This run-anywhere example should explain the process. | makeresults | eval STime="9:45" | rex field=STime "(?<hrs>\d+):(?<mins>\d+)" | eval Hours=hrs + round(mins/60,2)
@ITWhisperer  I below eval statement in init block didn't work. <init> <eval token="latest_Time">relative_time(now(), "+1d")</eval> </init>  I am using Javascript and there I have created t... See more...
@ITWhisperer  I below eval statement in init block didn't work. <init> <eval token="latest_Time">relative_time(now(), "+1d")</eval> </init>  I am using Javascript and there I have created two variables for earliest & latest time.     var earliestTime = defaultTokens.get("time.earliest");     var latestTime = defaultTokens.get("time.latest");   Do I need to use these variables in the Splunk dashboard in order to get the desired results? Once again, the problem statement is that I have to add +1d to the latest time selected in the time token.
I am generating alarms by acquiring abnormal values for CPU usage of NW devices. I would like to send these alarms via email or webhook, but I get the above error and cannot send them. What is the ... See more...
I am generating alarms by acquiring abnormal values for CPU usage of NW devices. I would like to send these alarms via email or webhook, but I get the above error and cannot send them. What is the cause? Error in 'sendalert' command: Alert script returned error code 2.
We are receiving some notables that reference an encoded command being used with PowerShell, and the notable lists the command in question. The issue is that the command it is listing appears to be i... See more...
We are receiving some notables that reference an encoded command being used with PowerShell, and the notable lists the command in question. The issue is that the command it is listing appears to be incomplete when we decode the string. Does anyone know a way for us to potentially hunt down and figure out what the full encoded command referenced in the notable may be?
We are receiving some notables that reference an encoded command being used with PowerShell, and the notable lists the command in question. The issue is that the command it is listing appears to be i... See more...
We are receiving some notables that reference an encoded command being used with PowerShell, and the notable lists the command in question. The issue is that the command it is listing appears to be incomplete when we decode the string. Does anyone know a way for us to potentially hunt down and figure out what the full encoded command referenced in the notable may be?