While not the most computationally efficient, you could use a negating keyword search for the string you would like to exclude: <yourSPL> NOT "PAM: Authentication failure for illegal user djras123 f...
See more...
While not the most computationally efficient, you could use a negating keyword search for the string you would like to exclude: <yourSPL> NOT "PAM: Authentication failure for illegal user djras123 from" Or have it on a separate search line, if your SPL does not end on a "search" command: <yourSPL>
| search NOT "PAM: Authentication failure for illegal user djras123 from"
I am trying to exclude this from a search. They are almost all the same just the sshd instance changes can someone help me exclude? ras1-dan-cisco-swi error: PAM: Authentication failure for illegal ...
See more...
I am trying to exclude this from a search. They are almost all the same just the sshd instance changes can someone help me exclude? ras1-dan-cisco-swi error: PAM: Authentication failure for illegal user djras123 from 192.168.1.2 - dcos_sshd[17284] ras1-dan-cisco-swi error: PAM: Authentication failure for illegal user djras123 from 192.168.1.2 - dcos_sshd[29461] ras1-dan-cisco-swi error: PAM: Authentication failure for illegal user djras123 from 192.168.1.2 - dcos_sshd[4064] ras1-dan-cisco-swi error: PAM: Authentication failure for illegal user djras123 from 192.168.1.2 - dcos_sshd[9450] Thanks guys besides excluding each one,
It does this effect but it works a bit differently. With octet counted option rsyslog split the input connection (because it works with tcp input only) based on the length of the event which should b...
See more...
It does this effect but it works a bit differently. With octet counted option rsyslog split the input connection (because it works with tcp input only) based on the length of the event which should be given at the beginning of the event if I remember correctly. So the main problem is not that the new lines are encoded as #012 but that the events are not split at newline characters as they should be. If you turn of the octet counted option, the incoming tcp stream is broken into separate events on newline character so there is nothing to encode as #012 anymore.
I've tried using html codes like <p> or <b>test</b> and it makes no difference. I'd like to format a much more complete summary of the event that's more thorough, human readable, and better formatte...
See more...
I've tried using html codes like <p> or <b>test</b> and it makes no difference. I'd like to format a much more complete summary of the event that's more thorough, human readable, and better formatted. is there a way to do this?
I'm currently running Splunk 9.1.3 enterprise and Splunk DB Connect 3.16. When logging into Splunk I receive this error message in DB Connect that states, "Can not communicate with task server, check...
See more...
I'm currently running Splunk 9.1.3 enterprise and Splunk DB Connect 3.16. When logging into Splunk I receive this error message in DB Connect that states, "Can not communicate with task server, check your settings." I made sure it was in the correct path in dbx_settings.conf and customized.java.path as well. Any suggestions would help.
Splunk Universal Forwarder upgrade to 9.1.3 is failing with Copy Error "Setup can not copy the file SplunkMonitor NoHandleDrv.sys". Attached the error message
Thanks @danspav, this worked, although I had to add <default> to an empty string so it doesn't trigger the second condition on the initial page load. <default></default> Thanks much.
Try changing your user preferences to show times explicitly in UTC. If the cron time changes to "10 18 * * *" then the system timestamp is Americas/New_York rather than UTC.
How do a get a count of rows that have a value greater than 0? Example below. The last column is what we are trying to generate. Name 2024-02-06 2024-02-08 2024-02-13 2024-02-15 Count_Of...
See more...
How do a get a count of rows that have a value greater than 0? Example below. The last column is what we are trying to generate. Name 2024-02-06 2024-02-08 2024-02-13 2024-02-15 Count_Of_Rows_with_Data
Pablo 1 0 1 0 2
Eli 0 0 0 0 0
Jenna 1 0 0 0 1
Chad 1 0 5 0 2
Yes, I read the reply above and concur that this error occurs when the proper directory is not created and in our case it was "unknown" instead of the actual service name, ultimately we upgraded from...
See more...
Yes, I read the reply above and concur that this error occurs when the proper directory is not created and in our case it was "unknown" instead of the actual service name, ultimately we upgraded from jdk 11 to jdk 21 and like magic it started working, so imagine this was a bug in jdk 11.
I ran a |REST search to export the list of savedsearches along with their cronjob schedules. The cronjob scheduled are not showing the time in UTC time. ex | REST output for a search shows cronjob ...
See more...
I ran a |REST search to export the list of savedsearches along with their cronjob schedules. The cronjob scheduled are not showing the time in UTC time. ex | REST output for a search shows cronjob of 10 14 * * *, but when I look at the REPORT tab on the SHC and see the list of saved searches, the "Next Scheduled Time" column shows 2024-04-07 18:10:00 UTC My SHC and deployers splunk servers are both set to UTC as the default system time. On the SHC UI, when I log in, my preferences are also set to view data in "default system time". I am physically located in an Eastern Time Zone. I am trying to see how to fix this so the |REST output of saved searches and their cronjob schedule is in UTC.
Hi @Ryan.Paredez, I don't have any additional information. I've been digging throught the script, but it doesn't look like it's an easy modification. Thanks for the support information, I'll reach...
See more...
Hi @Ryan.Paredez, I don't have any additional information. I've been digging throught the script, but it doesn't look like it's an easy modification. Thanks for the support information, I'll reach out to them. Thanks, Bill
Hi @Bill.Fanning,
Thanks for asking your question on the community. Did you find any new information or a solution to your question you could share as a reply here? If not, you can reach out to ...
See more...
Hi @Bill.Fanning,
Thanks for asking your question on the community. Did you find any new information or a solution to your question you could share as a reply here? If not, you can reach out to AppDynamics Support. How do I submit a Support ticket? An FAQ
is it possible to have expression in case command for argument Y? case(x,y) |eval test=case(x=="X", 'a+b') The Y argument, instead of a strings or number, can it be an expression like field a + f...
See more...
is it possible to have expression in case command for argument Y? case(x,y) |eval test=case(x=="X", 'a+b') The Y argument, instead of a strings or number, can it be an expression like field a + field b? Thanks
Thank you for the suggestion. While this is a great app, I wanted to see if there are any out of the box functionality for the same (as this is developed by a third party developer) ?