All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hi @Gopikrishnan.Ravindran, I don't know if you have SaaS or On-prem, but here is a Docs link to SaaS you should check out. https://docs.appdynamics.com/appd/24.x/24.2/en/appdynamics-essentials/ale... See more...
Hi @Gopikrishnan.Ravindran, I don't know if you have SaaS or On-prem, but here is a Docs link to SaaS you should check out. https://docs.appdynamics.com/appd/24.x/24.2/en/appdynamics-essentials/alert-and-respond/actions/remediation-actions/remediation-scripts
Hello, There was a user name that was changed and want to transfer ownership of splunk knowledge Object (Alerts) to her new account name . I will like to achieve this through  the cli and also the u... See more...
Hello, There was a user name that was changed and want to transfer ownership of splunk knowledge Object (Alerts) to her new account name . I will like to achieve this through  the cli and also the user changed her name and will want the new name to be applied to the knowledge object Pls how will i go about effecting this change.  
You do not need double parentheses.  Verify the parentheses and quotation marks match.  Share your exact query if you need an extra set of eyes to look at it.
Getting below mentioned error in logs of appdynamics cluster agent  [ERROR]: 2024-03-15 14:36:30 - agentregistrationmodule.go:132 - clusterId: -1 [ERROR]: 2024-03-15 14:36:30 - agentregistrationmo... See more...
Getting below mentioned error in logs of appdynamics cluster agent  [ERROR]: 2024-03-15 14:36:30 - agentregistrationmodule.go:132 - clusterId: -1 [ERROR]: 2024-03-15 14:36:30 - agentregistrationmodule.go:134 - Registration properties: {} [INFO]: 2024-03-15 14:37:30 - agentregistrationmodule.go:119 - Initial Agent registration [ERROR]: 2024-03-15 14:37:30 - agentregistrationmodule.go:131 - Failed to send agent registration request: Status: 401 Unauthorized, Body: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Unauthorized</title> </head> <body> HTTP Error 401 Unauthorized <p/> This request requires HTTP authentication </body> </html> I'm very new to appdynamics and I had make its implementation asap I'm running  a k8s cluster in minikue right now and configured the cluster agent through Helm chart  I assume there is some issue with the values I have set in the values.yml file  controllerInfo: url: "https://xxxxx.saas.appdynamics.com:443" account: [Redacted] username: [Redacted]  ( or complete email address should be used ?) password:  accessKey: (no issue in that I have verified it twice)  please help in resolving the issue    ^ Post edited by @Ryan.Paredez to remove sensitive account name and info. Please be careful not to share account names, emails, or passwords on Community posts. 
Thank you for recommendations.  Gut an error: Error in 'EvalCommand': The expression is malformed. Expected ). Am I need double (()) around entire statement?  
Thanks for the quick response but i will like to achieve this through  the cli and also the user changed her name and will want the new name to be applied to the knowledge object
Hi @n3wbi3, you have to create a new search using a regex to extract fields: | rex "type\=\\\"(?<type>[^\\]+)" the problem is that the log contains backslash and this is a provlem because in the s... See more...
Hi @n3wbi3, you have to create a new search using a regex to extract fields: | rex "type\=\\\"(?<type>[^\\]+)" the problem is that the log contains backslash and this is a provlem because in the search you have to use the above command or the following: | rex "type\=\\\\\"(?<type>[^\\]+)" Ciao. Giuseppe
Hi @whitecat001, you have to go in [Settings > All Configuration ] then you have to select the app where the knowledge object are, select the ones to reassign, click on the Reassign Knowldge Ob... See more...
Hi @whitecat001, you have to go in [Settings > All Configuration ] then you have to select the app where the knowledge object are, select the ones to reassign, click on the Reassign Knowldge Objects button (top right). Ciao. Giuseppe
So the logs changed from typical jason to this ...   "message":"type=\"CLIENT_LOGIN\", realmId=\"xxx\", clientId=\"xxx\", userId=\"xxx" so splunk extracts for type this "\"   Now the searches do... See more...
So the logs changed from typical jason to this ...   "message":"type=\"CLIENT_LOGIN\", realmId=\"xxx\", clientId=\"xxx\", userId=\"xxx" so splunk extracts for type this "\"   Now the searches do not work anymore
Hi all, I'm looking at volume of indexes and how much they ingest to calculate the volumes of licenses. I am aware I could find this answer straight away but I like to investigate further     I'm ... See more...
Hi all, I'm looking at volume of indexes and how much they ingest to calculate the volumes of licenses. I am aware I could find this answer straight away but I like to investigate further     I'm not sure on how to construct a SPL search that looks at just metrics indexes and checks how much volume they use up of the daily licesning quota per day   Anyone can help me with this?
Hello, There was a user name that was changed and want to transfer ownership of splunk knowledge Object (Alerts) to her new account name . Pls how will i go about effecting this change 
Hi all, could someone please explain how licensing works for both Events and Metrics in Splunk Cloud. I've looked at other posts in the Splunk Community but they don't really make sense.    Would l... See more...
Hi all, could someone please explain how licensing works for both Events and Metrics in Splunk Cloud. I've looked at other posts in the Splunk Community but they don't really make sense.    Would love a fresh answer to see if there are any differences/updated explanations     Cheers
I'm on Splunk Enterprise 9.1.3, and I've configured the add-on (no proxy) with the SolarWinds server name, port, and credentials.  I've configured the inputs, and I see nothing.  Running tcpdump show... See more...
I'm on Splunk Enterprise 9.1.3, and I've configured the add-on (no proxy) with the SolarWinds server name, port, and credentials.  I've configured the inputs, and I see nothing.  Running tcpdump shows no traffic to the SolarWinds server or the configured port. This is what I see in the log:   2024-03-14 19:55:48,630 +0000 log_level=ERROR, pid=3098123, tid=Thread-4, file=ta_data_collector.py, func_name=index_data, code_line_no=113 | [stanza_name="ics_query"] Failed to index data Traceback (most recent call last): File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/cloudconnectlib/splunktacollectorlib/data_collection/ta_data_collector.py", line 109, in index_data self._do_safe_index() File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/cloudconnectlib/splunktacollectorlib/data_collection/ta_data_collector.py", line 129, in _do_safe_index self._client = self._create_data_client() File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/cloudconnectlib/splunktacollectorlib/data_collection/ta_data_collector.py", line 99, in _create_data_client self._data_loader.get_event_writer()) File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/cloudconnectlib/splunktacollectorlib/ta_cloud_connect_client.py", line 20, in __init__ from ..core.pipemgr import PipeManager File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/cloudconnectlib/core/__init__.py", line 1, in <module> from .engine import CloudConnectEngine File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/cloudconnectlib/core/engine.py", line 6, in <module> from .http import HttpClient File "/opt/splunk/etc/apps/Splunk_TA_SolarWinds/bin/splunk_ta_solarwinds/aob_py3/cloudconnectlib/core/http.py", line 26, in <module> 'http_no_tunnel': socks.PROXY_TYPE_HTTP_NO_TUNNEL, AttributeError: module 'socks' has no attribute 'PROXY_TYPE_HTTP_NO_TUNNEL' I'd appreciate any help in getting this working.  
Have you tried putting quotes around the group names? | eval GR=case(host=5087, "GR2", host=7750, "GR1", host=7751, "GR1", host=7752, "GR2") | stats count by GR
Hi @bigll, use quotes in eval: | eval GR=case(host="5087", "GR2", host="7750", "GR1", host="7751", "GR1", host="7752", "GR2") | stats count by GR. Ciao. Giuseppe
Working now with exactperc, thanks, which give the actual value.
I want to create statistic per group of device rather than individual devices. I tried eval, but it produced no result. | eval GR=case (host=5087, GR2, host=7750, GR1, host=7751, GR1, host=7752, G... See more...
I want to create statistic per group of device rather than individual devices. I tried eval, but it produced no result. | eval GR=case (host=5087, GR2, host=7750, GR1, host=7751, GR1, host=7752, GR2) | stats count by GR. TIA, Leon
I have shown you how to do this, with a runanywhere example included. If this isn't working for you, you need to provide some example events (in raw source format) where it is not working, because wh... See more...
I have shown you how to do this, with a runanywhere example included. If this isn't working for you, you need to provide some example events (in raw source format) where it is not working, because what you have provided so far has been shown to work.
Hi @dataisbeautiful, never use All Time! choose a correct time range and use it, Ciao. Giuseppe
@niketn can you please guide about whitespaces removal.