All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

This is what I found and it worked! First of all the message, "Can not communicate with task server......" is vague and does not give a clear idea so it can be so many reasons, few of them are 1.... See more...
This is what I found and it worked! First of all the message, "Can not communicate with task server......" is vague and does not give a clear idea so it can be so many reasons, few of them are 1. Updating the java_home path 2. checking the jre version 3. Checking if the HF has approved license or is connected to the License Manager (its no longer the license master) 4. Change the task server port to 9995 or 1025, instead of 9998 What I Did was this: in the SPLUNK_HOME/var/log/splunk/splunkd.log  is showed some error for dbx-migration.conf so i added these lines by creating dbx-migration.conf in /etc/apps/splunk_app_db_connect/local [encryption] disabled = 0 upgrade = DONE   Then a restart of splunkd. Works super smooth
Hello, I need some help.  I have a folder and an app that writes logs in NDJSON format and creates a new log file every 15 minutes.  The configuration that I use is this:   [monitor:///Users/yot... See more...
Hello, I need some help.  I have a folder and an app that writes logs in NDJSON format and creates a new log file every 15 minutes.  The configuration that I use is this:   [monitor:///Users/yotov/app/.logs/.../*.log] disabled = false sourcetype = ndjson crcSalt = <SOURCE> alwaysOpenFile = 1    The problem is that Splunk Forwarder doesn't detect newly added files. It reads only the files at the start, and detects newly added content in them, but when a new file is added they are ignored until restart of Splunk Forwarder. I'm using the latest version of Splunk Forwarder and tried under Linux and MacOs What am I missing?
I have the same need right now. I am wondering if do you have resolved that after this time? I am trying to round,2 but looks like that Splunk visualization do that in their own, going default to rou... See more...
I have the same need right now. I am wondering if do you have resolved that after this time? I am trying to round,2 but looks like that Splunk visualization do that in their own, going default to round,3 I appreciate any help. Thank you
Hi @avi7326, Please try below query; (index=whcrm OR index=whcrm_int) sourcetype="bmw-sl-gcdm-int-api" ("Sending POST consents to *" OR "Create / Update Consents done" OR "Error in sync-consent-dat... See more...
Hi @avi7326, Please try below query; (index=whcrm OR index=whcrm_int) sourcetype="bmw-sl-gcdm-int-api" ("Sending POST consents to *" OR "Create / Update Consents done" OR "Error in sync-consent-dataFlow:*") | eval Total= if(match(_raw, "Sending POST consents to *"),1,0) | eval Success= if(match(_raw, "Create / Update Consents done"),1,0) | eval Error= if(match(_raw, "Error in sync-consent-dataFlow:*"),1,0) | rex field=message ": (?<json>\{[\w\W]*\})$" | rename properties.correlationId as correlationId | rename properties.gcid as GCID | rename properties.gcid as errorcode | rename properties.entity as entity | rename properties.country as country | rename properties.targetSystem as target_system | stats sum(Total) as Total sum(Success) as Success sum(Error) as Error by correlationId GCID errorcode entity country target_system | eval ErrorRate = round((Error / Total) * 100, 2)  
Hi @ITWhisperer you should filter with _time otherwise you will find unaccurate results probably?
Hi  Thanks for the response. But it gives me the result like below :      I want to have the results as below :   
Hello @jstoner_splunk @fwijnholds_splu I'm finding different results filtering in Incident Review, is that normal? Thanks.  
My understanding is that your UiPath  team, does not know how to export the UiPath logs. You will need to first determine the method's and options available to you in terms of the logs types, they... See more...
My understanding is that your UiPath  team, does not know how to export the UiPath logs. You will need to first determine the method's and options available to you in terms of the logs types, they could be json, csv, xml etc.  So its best to have a look at the UIPath documentation that the vendor provides.  Its also best to design the data flow and ensure the data you want to collect, what format it is , and how to get it into Splunk.  This looks like a SaaS service, so , so you may be able to send the data direct to Splunk's HEC endpoint, rather that than the inputs which is logging to a C:\uipath_logs, so you will need to workout how to export those logs to a file in the folder and use the inputs or another option is send it to Splunk HEC via API, which means you create a Splunk HEC service with a token and send the data there.  There is some documentation for this, but you will need your team to ensure its correct, if not, then contact the vendor and get some information on what options are available to you in terms of UiPath export.  https://docs.uipath.com/insights/automation-suite/2023.4/user-guide/overview-real-time-data-export   
Hi @gcusello  Can you please help me on this as I have explained my requirement, as it is bit urgent for me. Thanks
Thank you Kiran. What I am looking for is the meaning of each component code found. For instance If I run -  index=_* | stats count by component index log_level I see many component codes with Wa... See more...
Thank you Kiran. What I am looking for is the meaning of each component code found. For instance If I run -  index=_* | stats count by component index log_level I see many component codes with Warning or Error. The question becomes what does that component code mean and if there is a warning or error what is the action needed to correct or tune? I do not see any documentation in Splunk to that effect and have asked Splunk PS, Splunk Instructors and Splunk Support. No answer yet. I want to build dashboards and associated alerts to help me know the stability and status of the platform. Thank you!
Hello All, I have copied senemail.py to a custom app to modify it for adding html inputs to email .   Now this custom copy throws not compatible with python 3 error , where as original sendemail.p... See more...
Hello All, I have copied senemail.py to a custom app to modify it for adding html inputs to email .   Now this custom copy throws not compatible with python 3 error , where as original sendemail.py in search/bin does not throw any error    I just modified a small statement in the script to add html inputs apart from that remaining script is same as search /bin copy     
Inputs.conf One of the objectives is for you add data into Splunk via a configuration mechanism, typically this is via an inputs.conf file, so if you have logs you want to add to splunk then you wo... See more...
Inputs.conf One of the objectives is for you add data into Splunk via a configuration mechanism, typically this is via an inputs.conf file, so if you have logs you want to add to splunk then you would use inputs.conf as a simple example. There are other use case settings as well such as setting the Splunk server's receiver settings as well - see the below link for further examples and use cases. https://docs.splunk.com/Documentation/Splunk/9.2.1/Admin/Inputsconf#inputs.conf.example web.conf The main object is to configure the Splunk Web settings (HTTP/HTTPS) / security settings - this is set with TLS  certificates for production environment’s  - you can see the examples in the below link https://docs.splunk.com/Documentation/Splunk/9.2.1/admin/Webconf#web.conf.example You can  and should create sperate apps, example my_linux_secure_logs and place the inputs.conf there (You can’t change the names of the conf files.  There is a good app folder diagram here to show you where files and folders live - and you have to follow this structure with the config files you need.  https://dev.splunk.com/enterprise/docs/developapps/createapps/appanatomy/   In terms of app precedency, order is based on the lexicographical (alphabetical) order of the app names under global context. Simple example App A (my_app_a)  will be before App B (my_app_b) Have a look at the concepts below  on app precedency https://docs.splunk.com/Documentation/Splunk/9.2.1/Admin/Wheretofindtheconfigurationfiles  
Hello,   We're trying to setup the Azure Storage account from the add-on and we're getting authentication failure. Credential is working fine when test using Azure Storage Explorer. Only difference... See more...
Hello,   We're trying to setup the Azure Storage account from the add-on and we're getting authentication failure. Credential is working fine when test using Azure Storage Explorer. Only difference is client environment has certain policy. It started to work when they add the respective VNET/Subnet in storage firewall while failing with authentication error over storage account private endpoint.   Does app can support storage account connectivity through specific storage services private endpoint? from configuration perspective, we can only define the storage account name and access key.   Thanks.
Hello all, In our environment, the UiPath team doesn't seem to know how to expect the export expecting in the default inputs.conf (C:\uipath_logs). Is there any documentation that might help them?
Yes, but I can only find examples where straight lines are fitted. Nothing where a user defined expression is fitted. 
Have you considered using the Machine Learning ToolKit (MLTK) https://docs.splunk.com/Documentation/MLApp/5.4.1/User/WelcometoMLTK  
I used (as you already indicated) appserver/static to hold these elements. What's the difference with icons.  Format ? Its a shame they have not enhanced this.....
Hi Everyone How can I fit an analytical expression to a dataset in a dashboard? The expression could for instance be: y = a + b*exp(x-x_0) Let me know what you thing. Thanks
Hello @Ardi.Maryanto, It looks like the community was not able to jump in and help. Did you happen to find a solution yourself in the meantime? If not, you can reach out to AppDynamics Support for... See more...
Hello @Ardi.Maryanto, It looks like the community was not able to jump in and help. Did you happen to find a solution yourself in the meantime? If not, you can reach out to AppDynamics Support for help too. How do I submit a Support ticket? An FAQ 
Hello @Kodai.Tanabe, To get access to an on-prem account, please contact Sales using this form.  https://www.appdynamics.com/company/contact-us