Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
03-05-2024
11:50 PM
@kiran_panchavat , thanks for your help
03-05-2024
11:38 PM
1 Karma
Hi @dorHerbesman , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by all the contributors
03-05-2024
11:37 PM
Hi @Renunaren, at first check if in the raw events of your data source backslashes are present or if they are added from an incorrect parsing, if they aren't in the raw log, you can use the INDEXED...
See more...
Hi @Renunaren, at first check if in the raw events of your data source backslashes are present or if they are added from an incorrect parsing, if they aren't in the raw log, you can use the INDEXED_EXTRACTIONS = json so you already have all the fields extracted. If instead they are present also in the raw logs, you can use a regex like the following in the field extraction: Timestamp\\\":\s+\\\"(?<timestamp>\d+) that you can test at https://regex101.com/r/LTeauV/1 if instead you want to use the regex in a search using the rex command, you have to ure 5 backslashes instead of 3: Timestamp\\\\\":\s+\\\\\"(?<timestamp>\d+) Ciao. Giuseppe
03-05-2024
11:33 PM
that's exectly what i wanted! thanks!
03-05-2024
11:31 PM
2 Karma
Hi @jeradb, good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
03-05-2024
11:30 PM
1 Karma
Hi @dorHerbesman , if you want to list all the values from the lookup that aren't present in the search results, you will not have these fields! Anyway, you can add all the other fields adding them...
See more...
Hi @dorHerbesman , if you want to list all the values from the lookup that aren't present in the search results, you will not have these fields! Anyway, you can add all the other fields adding them and using the values option in stats command: index=myidnex sourcetype=mysourcetype source=mysource
| stats
count
values(ACCUM_CODE) AS ACCUM_CODE
values(LOCK_CODE) AS LOCK_CODE
values(PERIOD_KEY) AS PERIOD_KEY
values(UPD_DATE) AS UPD_DATE
values(UPD_TIME) AS UPD_TIME
values(USER_NAME) AS USER_NAME
BY TABLEQ
| append [ | inputlookup your_lookup| eval count=0 | rename tableq AS TABLEQ | fields TABLEQ count ]
| stats
sum(count) AS total
values(ACCUM_CODE) AS ACCUM_CODE
values(LOCK_CODE) AS LOCK_CODE
values(PERIOD_KEY) AS PERIOD_KEY
values(UPD_DATE) AS UPD_DATE
values(UPD_TIME) AS UPD_TIME
values(USER_NAME) AS USER_NAME
BY TABLEQ
| where total=0 Ciao. Giuseppe
03-05-2024
11:02 PM
OK the calculation is correct but now i've lost all other fields | table ACCUM_CODE LOCK_CODE PERIOD_KEY TABLEQ UPD_DATE UPD_TIME USER_NAME how can i regain them but keep the calulation code you p...
See more...
OK the calculation is correct but now i've lost all other fields | table ACCUM_CODE LOCK_CODE PERIOD_KEY TABLEQ UPD_DATE UPD_TIME USER_NAME how can i regain them but keep the calulation code you provide? thanks again for the help!
03-05-2024
10:45 PM
1 Karma
@Praz_123 I can see "Execution Latency Over Time" panel in the "Search > Scheduler Activity:Instance" > Performance in the Splunk Version:9.2.0.1
03-05-2024
10:36 PM
This solution is not helping us please provide some good solution so that i can change the colour in the single value itself as I am not using the dropdown as status . Even I applied above changes in...
See more...
This solution is not helping us please provide some good solution so that i can change the colour in the single value itself as I am not using the dropdown as status . Even I applied above changes in my code but the color for stopped and running did not change. above is my code after a change but no color change happened, Please help me here asap.
03-05-2024
10:27 PM
@Mfmahdi Example: SEDCMD: [your_sourcetype] SEDCMD-drop_unwanted_lines = <regex> Truncate: [your_sourcetype] TRUNCATE = 10000 Adjust the value to your desired maximum event length. SEDCMD-<c...
See more...
@Mfmahdi Example: SEDCMD: [your_sourcetype] SEDCMD-drop_unwanted_lines = <regex> Truncate: [your_sourcetype] TRUNCATE = 10000 Adjust the value to your desired maximum event length. SEDCMD-<class> = <sed script> * Only used at index time. * Commonly used to anonymize incoming data at index time, such as credit card or social security numbers. For more information, search the online documentation for "anonymize data." * Used to specify a sed script which Splunk software applies to the _raw field. * A sed script is a space-separated list of sed commands. Currently the following subset of sed commands is supported: * replace (s) and character substitution (y). * Syntax: * replace - s/regex/replacement/flags * regex is a perl regular expression (optionally containing capturing groups). * replacement is a string to replace the regex match. Use \n for back references, where "n" is a single digit. * flags can be either: g to replace all matches, or a number to replace a specified match. * substitute - y/string1/string2/ * substitutes the string1[i] with string2[i] * No default.
03-05-2024
10:24 PM
Can , anyone help me where can I find the above dashboard in splunk , in Monitoring console.
Labels
- Labels:
-
monitoring console
03-05-2024
10:20 PM
Refer this https://docs.splunk.com/Documentation/Splunk/9.2.0/Admin/Splunk-launchconf
03-05-2024
10:19 PM
@limonkay You can see the splunk-launch.conf in the /opt/splunk/etc [root@splunk-hf-level-4 etc]# cat splunk-launch.conf # Version 9.2.0.1 # Modify the following line to suit the location of yo...
See more...
@limonkay You can see the splunk-launch.conf in the /opt/splunk/etc [root@splunk-hf-level-4 etc]# cat splunk-launch.conf # Version 9.2.0.1 # Modify the following line to suit the location of your Splunk install. # If unset, Splunk will use the parent of the directory containing the splunk # CLI executable. # # SPLUNK_HOME=/home/build/build-home # By default, Splunk stores its indexes under SPLUNK_HOME in the # var/lib/splunk subdirectory. This can be overridden # here: # # SPLUNK_DB=/home/build/build-home/var/lib/splunk # Splunkd daemon name SPLUNK_SERVER_NAME=Splunkd # If SPLUNK_OS_USER is set, then Splunk service will only start # if the 'splunk [re]start [splunkd]' command is invoked by a user who # is, or can effectively become via setuid(2), $SPLUNK_OS_USER. # (This setting can be specified as username or as UID.) # # SPLUNK_OS_USER PYTHONHTTPSVERIFY=0 PYTHONUTF8=1 ENABLE_CPUSHARES=true[root@splunk-hf-level-4 etc]# pwd /opt/splunk/etc [root@splunk-hf-level-4 etc]# /opt/splunk/bin/splunk --version Splunk 9.2.0.1 (build d8ae995bf219) [root@splunk-hf-level-4 etc]#
03-05-2024
10:12 PM
Hi Team, I am unable to extract the Timestamp value from the below message in splunk events using rex command and add that value to new field. I request you to kindly look into this and help me out ...
See more...
Hi Team, I am unable to extract the Timestamp value from the below message in splunk events using rex command and add that value to new field. I request you to kindly look into this and help me out in extracting that value to the new field by name TIME. Below is the event message. The Timestamp value is 20240301. We have to extract the similar values and add those value to the field TIME Dataframe row : {"_c0":{"0":"{","1":" \"0\": {","2":" \"jobname\": \"A001_GVE_ADHOC_AUDIT\"","3":" \"status\": \"ENDED NOTOK\"","4":" \"Timestamp\": \"20240301\"","5":" }","6":" \"1\": {","7":" \"jobname\": \"BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TSYS\"","8":" \"status\": \"ENDED NOTOK\"","9":" \"Timestamp\": \"20240301\"","10":" }","11":" \"2\": {","12":" \"jobname\": \"BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TSYS_WEEKLY\"","13":" \"status\": \"ENDED NOTOK\"","14":" \"Timestamp\": \"20240301\"","15":" }","16":" \"3\": {","17":" \"jobname\": \"D001_GVE_SOFT_MATCHING_GDH_CA\"","18":" \"status\": \"ENDED NOTOK\"","19":" \"Timestamp\": \"20240301\"","20":" }","21":" \"4\": {","22":" \"jobname\": \"D100_AKS_CDWH_SQOOP_TRX_ORG\"","23":" \"status\": \"ENDED NOTOK\"","24":" \"Timestamp\": \"20240301\"","25":" }","26":" \"5\": {","27":" \"jobname\": \"D100_AKS_CDWH_SQOOP_TYP_123\"","28":" \"status\": \"ENDED NOTOK\"","29":" \"Timestamp\": \"20240301\"","30":" }","31":" \"6\": {","32":" \"jobname\": \"D100_AKS_CDWH_SQOOP_TYP_45\"","33":" \"status\": \"ENDED OK\"","34":" \"Timestamp\": \"20240301\"","35":" }","36":" \"7\": {","37":" \"jobname\": \"D100_AKS_CDWH_SQOOP_TYP_ENPW\"","38":" \"status\": \"ENDED NOTOK\"","39":" \"Timestamp\": \"20240301\"","40":" }","41":" \"8\": {","42":" \"jobname\": \"D100_AKS_CDWH_SQOOP_TYP_T\"","43":" \"status\": \"ENDED NOTOK\"","44":" \"Timestamp\": \"20240301\"","45":" }","46":" \"9\": {","47":" \"jobname\": \"DREAMPC_CALC_ML_NAMESAPCE\"","48":" \"status\": \"ENDED NOTOK\"","49":" \"Timestamp\": \"20240301\"","50":" }","51":" \"10\": {","52":" \"jobname\": \"DREAMPC_MEMORY_AlERT_SIT\"","53":" \"status\": \"ENDED NOTOK\"","54":" \"Timestamp\": \"20240301\"","55":" }","56":" \"11\": {","57":" \"jobname\": \"DREAM_BDV_NBR_PRE_REQUISITE_TLX_LSP_3RD_PARTY_TRNS\"","58":" \"status\": \"ENDED NOTOK\"","59":" \"Timestamp\": \"20240301\"","60":" }","61":" \"12\": {","62":" \"jobname\": \"DREAM_BDV_NBR_PRE_REQUISITE_TLX_LSP_3RD_PARTY_TRNS_WEEKLY\"","63":" \"status\": \"ENDED NOTOK\"","64":" \"Timestamp\": \"20240301\"","65":" }","66":" \"13\": {","67":" \"jobname\": \"DREAM_BDV_NBR_STG_TLX_LSP_3RD_PARTY_TRNS\"","68":" \"status\": \"ENDED OK\"","69":" \"Timestamp\": \"20240301\"","70":" }","71":" \"14\": {","72":" \"jobname\": \"DREAM_BDV_NBR_STG_TLX_LSP_3RD_PARTY_TRNS_WEEKLY\"","73":" \"status\": \"ENDED OK\"","74":" \"Timestamp\": \"20240301\"","75":" }","76":" \"15\": {","77":" \"jobname\": \"DREAM_BDV_NBR_TLX_LSP_3RD_PARTY_TRNS\"","78":" \"status\": \"ENDED OK\"","79":" \"Timestamp\": \"20240301\"","80":" }","81":" \"16\": {","82":" \"jobname\": \"DREAM_BDV_NBR_TLX_LSP_3RD_PARTY_TRNS_WEEKLY\"","83":" \"status\": \"ENDED OK\"","84":" \"Timestamp\": \"20240301\"","85":" }","86":" \"17\": {","87":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_GDH\"","88":" \"status\": \"ENDED OK\"","89":" \"Timestamp\": \"20240301\"","90":" }","91":" \"18\": {","92":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_GDH_WEEKLY\"","93":" \"status\": \"ENDED OK\"","94":" \"Timestamp\": \"20240301\"","95":" }","96":" \"19\": {","97":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_SAMCONTDEPOT\"","98":" \"status\": \"ENDED NOTOK\"","99":" \"Timestamp\": \"20240301\"","100":" }","101":" \"20\": {","102":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TLXLSP_TRXN\"","103":" \"status\": \"ENDED NOTOK\"","104":" \"Timestamp\": \"20240301\"","105":" }","106":" \"21\": {","107":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TRADEABR\"","108":" \"status\": \"ENDED OK\"","109":" \"Timestamp\": \"20240301\"","110":" }","111":" \"22\": {","112":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TRADEABR_WEEKLY\"","113":" \"status\": \"ENDED OK\"","114":" \"Timestamp\": \"20240301\"","115":" }","116":" \"23\": {","117":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TRADESON\"","118":" \"status\": \"ENDED NOTOK\"","119":" \"Timestamp\": \"20240301\"","120":" }","121":" \"24\": {","122":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_TRADESON_WEEKLY\"","123":" \"status\": \"ENDED OK\"","124":" \"Timestamp\": \"20240301\"","125":" }","126":" \"25\": {","127":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_ZCI\"","128":" \"status\": \"ENDED NOTOK\"","129":" \"Timestamp\": \"20240301\"","130":" }","131":" \"26\": {","132":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_ZCI_WEEKLY\"","133":" \"status\": \"ENDED NOTOK\"","134":" \"Timestamp\": \"20240301\"","135":" }","136":" \"27\": {","137":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_ZPI\"","138":" \"status\": \"ENDED NOTOK\"","139":" \"Timestamp\": \"20240301\"","140":" }","141":" \"28\": {","142":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQUISITE_ZPI_WEEKLY\"","143":" \"status\": \"ENDED NOTOK\"","144":" \"Timestamp\": \"20240301\"","145":" }","146":" \"29\": {","147":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQ_SAMCONTDEPOT_WEEKLY\"","148":" \"status\": \"ENDED NOTOK\"","149":" \"Timestamp\": \"20240301\"","150":" }","151":" \"30\": {","152":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQ_TALANX_TRAN\"","153":" \"status\": \"ENDED NOTOK\"","154":" \"Timestamp\": \"20240301\"","155":" }","156":" \"31\": {","157":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQ_TALANX_TRAN_WEEKLY\"","158":" \"status\": \"ENDED NOTOK\"","159":" \"Timestamp\": \"20240301\"","160":" }","161":" \"32\": {","162":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_PRE_REQ_TLXLSP_TRXN_WEEKLY\"","163":" \"status\": \"ENDED NOTOK\"","164":" \"Timestamp\": \"20240301\"","165":" }","166":" \"33\": {","167":" \"jobname\": \"DREAM_BDV_NEW_BUSINESS_REPORTING_STG_TRADEABR\"","168":" \"status\": \"ENDED NOTOK\"","169":" \"Timestamp\": \"20240301\"","170":" }","171":" \"34\": {","172":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_01\"","173":" \"status\": \"ENDED OK\"","174":" \"Timestamp\": \"20240301\"","175":" }","176":" \"35\": {","177":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_02\"","178":" \"status\": \"ENDED OK\"","179":" \"Timestamp\": \"20240301\"","180":" }","181":" \"36\": {","182":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_03\"","183":" \"status\": \"ENDED OK\"","184":" \"Timestamp\": \"20240301\"","185":" }","186":" \"37\": {","187":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_04\"","188":" \"status\": \"ENDED OK\"","189":" \"Timestamp\": \"20240301\"","190":" }","191":" \"38\": {","192":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_LINK\"","193":" \"status\": \"ENDED OK\"","194":" \"Timestamp\": \"20240301\"","195":" }","196":" \"39\": {","197":" \"jobname\": \"DREAM_BUILD_GDH_MIS_BDV_UNION\"","198":" \"status\": \"ENDED OK\"","199":" \"Timestamp\": \"20240301\"","200":" }","201":" \"40\": {","202":" \"jobname\": \"DREAM_CALC_BDV_CONTROL_COPY\"","203":" \"status\": \"ENDED NOTOK\"","204":" \"Timestamp\": \"20240301\"","205":" }","206":" \"41\": {","207":" \"jobname\": \"DREAM_CDWH_TLX_LSP_3RD_PARTY_TRNS_FACT_OUTBOUND_WEEKLY\"","208":" \"status\": \"ENDED OK\"","209":" \"Timestamp\": \"20240301\"","210":" }","211":" \"42\": {","212":" \"jobname\": \"DREAM_FILE_DELETION_OUTBOUND\"","213":" \"status\": \"ENDED NOTOK\"","214":" \"Timestamp\": \"20240301\"","215":" }","216":" \"43\": {","217":" \"jobname\": \"DREAM_FVDB_TLX_LSP_3RD_PARTY_TRNS_FACT_OUTBOUND_WEEKLY\"","218":" \"status\": \"ENDED OK\"","219":" \"Timestamp\": \"20240301\"","220":" }","221":" \"44\": {","222":" \"jobname\": \"DREAM_FVDB_TOCSV_TLX_LSP_3RD_PARTY_TRNS_FACT_OUTBOUND_WEEKLY\"","223":" \"status\": \"ENDED OK\"","224":" \"Timestamp\": \"20240301\"","225":" }","226":" \"45\": {","227":" \"jobname\": \"DREAM_GVE_GDH_NEW_BUSINESS_FACT_OUTBOUND\"","228":" \"status\": \"ENDED OK\"","229":" \"Timestamp\": \"20240301\"","230":" }","231":" \"46\": {","232":" \"jobname\": \"DREAM_GVE_TLX_LSP_3RD_PARTY_TRNS_FACT_OUTBOUND_WEEKLY\"","233":" \"status\": \"ENDED OK\"","234":" \"Timestamp\": \"20240301\"","235":" }","236":" \"47\": {","237":" \"jobname\": \"DREAM_MEMORY_ALERT_SIT\"","238":" \"status\": \"ENDED OK\"","239":" \"Timestamp\": \"20240301\"","240":" }","241":" \"48\": {","242":" \"jobname\": \"DREAM_MIS_BDV_GMOMIS46_GDH_CORRECTION\"","243":" \"status\": \"ENDED OK\"","244":" \"Timestamp\": \"20240301\"","245":" }","246":" \"49\": {","247":" \"jobname\": \"DREAM_MIS_BDV_TALANXLSP_INVENTORY_THIRD_PARTY_PRE_REQUISITE\"","248":" \"status\": \"ENDED NOTOK\"","249":" \"Timestamp\": \"20240301\"","250":" }","251":" \"50\": {","252":" \"jobname\": \"DREAM_MIS_BDV_TALANX_INSURANCE_PRE_REQUISITE\"","253":" \"status\": \"ENDED OK\"","254":" \"Timestamp\": \"20240301\"","255":" }","256":" \"51\": {","257":" \"jobname\": \"DREAM_MIS_BDV_TALANX_INSURANCE_WEEKLY_PRE_REQUISITE\"","258":" \"status\": \"ENDED OK\"","259":" \"Timestamp\": \"20240301\"","260":" }","261":" \"52\": {","262":" \"jobname\": \"DREAM_MIS_BDV_TALANX_LSP3P_INV\"","263":" \"status\": \"ENDED NOTOK\"","264":" \"Timestamp\": \"20240301\"","265":" }","266":" \"53\": {","267":" \"jobname\": \"DREAM_MIS_BDV_TALANX_LSP3P_TRANSACTION\"","268":" \"status\": \"ENDED NOTOK\"","269":" \"Timestamp\": \"20240301\"","270":" }","271":" \"54\": {","272":" \"jobname\": \"DREAM_MIS_BDV_TSYS_STOCK_PRE_REQUISITE\"","273":" \"status\": \"ENDED NOTOK\"","274":" \"Timestamp\": \"20240301\"","275":" }","276":" \"55\": {","277":" \"jobname\": \"DREAM_MIS_BDV_TSYS_STOCK_PRE_REQUISITE_WEEKLY\"","278":" \"status\": \"ENDED OK\"","279":" \"Timestamp\": \"20240301\"","280":" }","281":" \"56\": {","282":" \"jobname\": \"DREAM_MIS_PRECHECK_TALANXLSPDB_INVENTORY\"","283":" \"status\": \"ENDED NOTOK\"","284":" \"Timestamp\": \"20240301\"","285":" }","286":" \"57\": {","287":" \"jobname\": \"DREAM_MIS_PRECHECK_ZCI_INVENTORY_MONTHLY\"","288":" \"status\": \"ENDED OK\"","289":" \"Timestamp\": \"20240301\"","290":" }","291":" \"58\": {","292":" \"jobname\": \"DREAM_MIS_PRECHECK_ZCI_TRANSACTION_MONTHLY\"","293":" \"status\": \"ENDED OK\"","294":" \"Timestamp\": \"20240301\"","295":" }","296":" \"59\": {","297":" \"jobname\": \"DREAM_MIS_PRECHECK_ZPI_INVENTORY_MONTHLY\"","298":" \"status\": \"ENDED NOTOK\"","299":" \"Timestamp\": \"20240301\"","300":" }","301":" \"60\": {","302":" \"jobname\": \"DREAM_MIS_PRECHECK_ZPI_TRANSACTION_MONTHLY\"","303":" \"status\": \"ENDED OK\"","304":" \"Timestamp\": \"20240301\"","305":" }","306":" \"61\": {","307":" \"jobname\": \"DREAM_MIS_VP_FACTOR_PRE_PROCESSING\"","308":" \"status\": \"ENDED OK\"","309":" \"Timestamp\": \"20240301\"","310":" }","311":" \"62\": {","312":" \"jobname\": \"DREAM_NEW_BUSINESS_DETECTION_TLX_LSP3P_TRANSACTION\"","313":" \"status\": \"ENDED NOTOK\"","314":" \"Timestamp\": \"20240301\"","315":" }","316":" \"63\": {","317":" \"jobname\": \"DREAM_PRECHECK_GDH_DAILY_DATA\"","318":" \"status\": \"ENDED NOTOK\"","319":" \"Timestamp\": \"20240301\"","320":" }","321":" \"64\": {","322":" \"jobname\": \"DREAM_PRECHECK_TLX_DAILY_DATA_LSP3P_INV\"","323":" \"status\": \"ENDED OK\"","324":" \"Timestamp\": \"20240301\"","325":" }","326":" \"65\": {","327":" \"jobname\": \"DREAM_PRECHECK_TLX_DAILY_DATA_LSP3P_TRANSACTION\"","328":" \"status\": \"ENDED NOTOK\"","329":" \"Timestamp\": \"20240301\"","330":" }","331":" \"66\": {","332":" \"jobname\": \"DREAM_PRECHECK_TLX_LSP3P_TRANSACTION_DAILY\"","333":" \"status\": \"ENDED NOTOK\"","334":" \"Timestamp\": \"20240301\"","335":" }","336":" \"67\": {","337":" \"jobname\": \"DREAM_RDL_GDH_NEW_BUSINESS_FACT\"","338":" \"status\": \"ENDED NOTOK\"","339":" \"Timestamp\": \"20240301\"","340":" }","341":" \"68\": {","342":" \"jobname\": \"DREAM_RDL_STG_GDH_NEW_BUSINESS_FACT\"","343":" \"status\": \"ENDED NOTOK\"","344":" \"Timestamp\": \"20240301\"","345":" }","346":" \"69\": {","347":" \"jobname\": \"DREAM_RDL_STG_TLX_LSP_3RD_PARTY_TRNS_FACT\"","348":" \"status\": \"ENDED OK\"","349":" \"Timestamp\": \"20240301\"","350":" }","351":" \"70\": {","352":" \"jobname\": \"DREAM_RDL_STG_TLX_LSP_3RD_PARTY_TRNS_FACT_WEEKLY\"","353":" \"status\": \"ENDED OK\"","354":" \"Timestamp\": \"20240301\"","355":" }","356":" \"71\": {","357":" \"jobname\": \"DREAM_RDL_TLX_LSP_3RD_PARTY_TRNS_FACT\"","358":" \"status\": \"ENDED NOTOK\"","359":" \"Timestamp\": \"20240301\"","360":" }","361":" \"72\": {","362":" \"jobname\": \"DREAM_RDL_TLX_LSP_3RD_PARTY_TRNS_FACT_WEEKLY\"","363":" \"status\": \"ENDED OK\"","364":" \"Timestamp\": \"20240301\"","365":" }","366":" \"73\": {","367":" \"jobname\": \"DREAM_REDUCE_FILE_SIZE\"","368":" \"status\": \"ENDED NOTOK\"","369":" \"Timestamp\": \"20240301\"","370":" }","371":" \"74\": {","372":" \"jobname\": \"DREAM_SDM_STG_GMARS_FDWRISK_FACT\"","373":" \"status\": \"ENDED NOTOK\"","374":" \"Timestamp\": \"20240301\"","375":" }","376":" \"75\": {","377":" \"jobname\": \"DREAM_SDM_STG_TLX_LSP_3RD_PARTY_TRNS_FACT_WEEKLY\"","378":" \"status\": \"ENDED OK\"","379":" \"Timestamp\": \"20240301\"","380":" }","381":" \"76\": {","382":" \"jobname\": \"DREAM_TDM_STG_TALANXLSP_TRANSACTION_THIRD_PARTY_NB_FACT_WEEKLY\"","383":" \"status\": \"ENDED OK\"","384":" \"Timestamp\": \"20240301\"","385":" }","386":" \"77\": {","387":" \"jobname\": \"M002_GVE_SALES_KEY_MATCH_MAP_GVE_TO_DC\"","388":" \"status\": \"ENDED OK\"","389":" \"Timestamp\": \"20240301\"","390":" }","391":" \"78\": {","392":" \"jobname\": \"M003_GVE_AKS_PAYMNET_TRANSACTION_LOAD\"","393":" \"status\": \"ENDED NOTOK\"","394":" \"Timestamp\": \"20240301\"","395":" }","396":"}"}}
Labels
- Labels:
-
rex
03-05-2024
10:06 PM
@briancronrath Hello Brian, The instance is automatically deleted from the KV store when it is removed from the search head cluster. The instance shouldn't be included in the KV store outcomes. If i...
See more...
@briancronrath Hello Brian, The instance is automatically deleted from the KV store when it is removed from the search head cluster. The instance shouldn't be included in the KV store outcomes. If it does show up, your search head cluster may not be functioning properly. Remove a cluster member - Splunk Documentation KV store troubleshooting tools - Splunk Documentation
03-05-2024
09:55 PM
Not sure what you are trying to express. This is what YOU come up with | rex field=Error_Text".*:\s(?P<Code>\d{3})"
| lookup error_codes Code OUTPUT Phrase
| eval CodePhrase = Code+" -- "+Phrase D...
See more...
Not sure what you are trying to express. This is what YOU come up with | rex field=Error_Text".*:\s(?P<Code>\d{3})"
| lookup error_codes Code OUTPUT Phrase
| eval CodePhrase = Code+" -- "+Phrase Does this add Phrase to your trellis label or not? I bet this does. If it does, what's wrong with this method?
03-05-2024
09:55 PM
@ryanaa Are you attempting to add one Linux Splunk Trial instance to another Splunk Trial instance for trial purposes? If so, it won't work because those are trial situations in any case. https://do...
See more...
@ryanaa Are you attempting to add one Linux Splunk Trial instance to another Splunk Trial instance for trial purposes? If so, it won't work because those are trial situations in any case. https://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree You need to have a valid enterprise license to do so.
03-05-2024
09:47 PM
"I want to deploy my settings to another search head while using a virtual machine. However, whenever I attempt to authorize, the following error occurs:" Bad Request — editTracker failed, ...
See more...
"I want to deploy my settings to another search head while using a virtual machine. However, whenever I attempt to authorize, the following error occurs:" Bad Request — editTracker failed, reason='WARN: path=/masterlm/usage: This license does not support being a remote master. from ip=172.18.0.3'
03-05-2024
09:19 PM
1 Karma
1 and 2: I should have noted that I was running the emulations on my laptop that has time zone set to -0800. 3. When you have span option in timechart, every _time is sorted into bins with these spa...
See more...
1 and 2: I should have noted that I was running the emulations on my laptop that has time zone set to -0800. 3. When you have span option in timechart, every _time is sorted into bins with these spans. You can observe this with these two commands. | bin _time span=1w@w and | bin _time span=1w
03-05-2024
08:53 PM
I have been fiddling around trying to us a eval to strip the phrase from the passed value With no luck
