Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
04-05-2024
12:16 PM
If you are trying to find the alerts coming from Microsoft Defender for Identity, you can gather the alerts via the MS Graph Plugin found here: https://splunkbase.splunk.com/app/4564#Configuring-Mic...
See more...
If you are trying to find the alerts coming from Microsoft Defender for Identity, you can gather the alerts via the MS Graph Plugin found here: https://splunkbase.splunk.com/app/4564#Configuring-Microsoft-Graph-Security-data-inputs
04-05-2024
11:59 AM
Your initial search (as it stands) doesn't appear to be able to pick up these events. Please can you clarify your events and search
04-05-2024
11:07 AM
Taking a Udemy Splunk introductory course module about macros.
The string works fine in Search, but not as a macro named fileinfo - get the above error.
index=web
| eval megabytes=bytes/1024/10...
See more...
Taking a Udemy Splunk introductory course module about macros.
The string works fine in Search, but not as a macro named fileinfo - get the above error.
index=web
| eval megabytes=bytes/1024/1024
| stats sum(megabytes) as "Megs" by file
| sort – Megs
Labels
- Labels:
-
search macro
04-05-2024
10:56 AM
Hi! I know I'm late but I've always wondered this as well... From the Components and their relationship with the network section of the Inherit a Splunk Enterprise Deployment documentation, this is l...
See more...
Hi! I know I'm late but I've always wondered this as well... From the Components and their relationship with the network section of the Inherit a Splunk Enterprise Deployment documentation, this is loopback communication, meaning you won't need to open any ports. Splunk is talking to the local KV Store database (mongod). If I run an lsof for open ports, I see the following all occurring over the loopback interface (8065 shows a similar result, only showing Python as the listening service):
04-05-2024
10:56 AM
Attempting to address an issue where some of my org's larger playbooks refuse to load in the SOAR playbook editor . Support as usual disappoints by throwing their hands up in the air referencing "Bes...
See more...
Attempting to address an issue where some of my org's larger playbooks refuse to load in the SOAR playbook editor . Support as usual disappoints by throwing their hands up in the air referencing "Best Practices" and demanding we reduce the size of our playbooks. When I ask them to back their position by asking for documentation there is none. We're finding ourselves having to disable automations and workflows simply because we can't even load these workflows in the editor to perform routine fixes. Even after escalating to our account team, we're still getting the "reduce the size of your playbooks answer". Their workaround for not being able to load the playbook in the current version to rewrite them is to to rebuild a SOAR enviornment in 5.x so we can make these edits 🤬. Has anyone else experienced this? Is the only resolution rewriting playbooks to break them up? Version 6.1 Attempted the newest release, in a lab, no improvement.
- Tags:
- SOAR
04-05-2024
10:04 AM
Thanks..... Worked like a charm.
04-05-2024
09:55 AM
So we have to create two different drop down list for each path and show/hide can be used?
04-05-2024
09:52 AM
I already have the Salesforce add-on for Splunk. Does Salesforce have an email source that I can tap on to get those emails? Has anyone done it successfully?
04-05-2024
09:48 AM
Hi @Sagar.Nalawade,
Please have a read of these AppD Docs pages
https://docs.appdynamics.com/appd/onprem/24.x/24.3/en/events-service-deployment/events-service-requirements
https://docs.appdyn...
See more...
Hi @Sagar.Nalawade,
Please have a read of these AppD Docs pages
https://docs.appdynamics.com/appd/onprem/24.x/24.3/en/events-service-deployment/events-service-requirements
https://docs.appdynamics.com/appd/onprem/24.x/24.3/en/events-service-deployment
Let me know if these help you out.
04-05-2024
09:47 AM
Multiple events i sent for three correlationId 43b856a1,19554d60,9a1219f2
04-05-2024
09:47 AM
Tried changing to different base search and it did not work. My dashboard has other graphs too so changing to classic is big task, but will sure give a try, Thank you!
04-05-2024
09:45 AM
Hi @sajo.sam,
I found this TKB article. Please check it out and see if it helps. https://community.appdynamics.com/t5/Knowledge-Base/How-do-I-debug-common-Linux-Private-Synthetic-Agent-issues/ta-p...
See more...
Hi @sajo.sam,
I found this TKB article. Please check it out and see if it helps. https://community.appdynamics.com/t5/Knowledge-Base/How-do-I-debug-common-Linux-Private-Synthetic-Agent-issues/ta-p/51547
04-05-2024
09:43 AM
Hi @Jerg.Weick,
I've shared this with the PM, and it's being investigated whether it's a bug. I will report back here when I have any new information.
^ Posted was edited by @Ryan.Paredez to corr...
See more...
Hi @Jerg.Weick,
I've shared this with the PM, and it's being investigated whether it's a bug. I will report back here when I have any new information.
^ Posted was edited by @Ryan.Paredez to correct my initial reply.
04-05-2024
09:39 AM
Is this a single event or multiple events?
04-05-2024
09:35 AM
Hi @Umesh.Pawar,
Did you get the help you needed from someone at AppDynamics? I noticed an email chain was started.
04-05-2024
09:32 AM
1 Karma
regex101.com is a good site to test and understand regular expressions I have set this one up to show your extraction https://regex101.com/r/mBRfJF/1
04-05-2024
09:29 AM
{
"correlationId" : "43b856a1",
"message" : "Post - Expense Extract processing to Oracle",
"tracePoint" : "FLOW",
"priority" : "INFO"
}
{
"correlationId" : "43b856a1",
"message" : "After ...
See more...
{
"correlationId" : "43b856a1",
"message" : "Post - Expense Extract processing to Oracle",
"tracePoint" : "FLOW",
"priority" : "INFO"
}
{
"correlationId" : "43b856a1",
"message" : "After calling flow SubFlow",
"tracePoint" : "FLOW",
"priority" : "INFO"
}
{
"correlationId" : "43b856a1",
"message" : "PRD(SUCCESS): Concur AP/GL Extract- Expense Report. Concur Batch ID: 450 Company Code: 725 Operating Unit: AB_OU",
"tracePoint" : "FLOW",
"priority" : "INFO"
}
{
"correlationId" : "19554d60",
"message" : "PRD(SUCCESS): Concur AP/GL Extract - Expense Report. Concur Batch ID: 398 Company Code: 755 Operating Unit: BZ_OU",
"tracePoint" : "FLOW",
"priority" : "INFO",
}
{
"correlationId" : "19554d60",
"message" : "Concur AP/GL File/s Process Status",
"tracePoint" : "FLOW",
"priority" : "INFO",
}
{
"correlationId" : "19554d60",
"message" : "PRD(SUCCESS): Concur AP/GL Extract - Expense Report. Concur Batch ID: 398 Company Code: 725 Operating Unit: AB_OU",
"tracePoint" : "FLOW",
"priority" : "INFO",
}
{
"correlationId" : "19554d60",
"message" : "Before calling flow post-PInvoice-SubFlow",
"tracePoint" : "FLOW",
"priority" : "INFO",
}
{
"correlationId" : "9a1219f2",
"message" : "Before calling flow post-APInvoice-SubFlow",
"tracePoint" : "FLOW",
"priority" : "INFO",
}
{
"correlationId" : "9a1219f2",
"message" : "PRD(SUCCESS): Concur AP/GL Extract - AP Expense Report. Concur Batch ID: 95",
"tracePoint" : "FLOW",
"priority" : "INFO",
}
{
"correlationId" : "9a1219f2",
"message" : "Post - Expense Extract processing to Oracle",
"tracePoint" : "FLOW",
"priority" : "INFO",
}
{
"correlationId" : "9a1219f2",
"message" : "Concur Process Status",
"tracePoint" : "FLOW",
"priority" : "INFO",
}
{
"correlationId" : "9a1219f2",
"message" : "ISG AP Response",
"tracePoint" : "FLOW",
"priority" : "INFO",
}
{
"correlationId" : "9a1219f2",
"message" : "After calling flow post-APInvoice-SubFlow",
"tracePoint" : "FLOW",
"priority" : "INFO",
}
04-05-2024
09:29 AM
thanks, it worked One more request, since I am new to splunk, could you please help me understand how this regular expression works, I mean what does this means in a regex expression: | rex fie...
See more...
thanks, it worked One more request, since I am new to splunk, could you please help me understand how this regular expression works, I mean what does this means in a regex expression: | rex field=TeamWorkTimings "(?<TeamStart>[^-]+)-(?<TeamEnd>.*)"
04-05-2024
09:15 AM
1 Karma
It looks like a script in the splunk_ta_o365 app is attempting to use a nonexistent "admin" user. Does your dev instance have an "admin" user?
04-05-2024
09:08 AM
Please can you share some sample events that we can test with - please share them in a code block
