All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

All Posts

Splunk Cloud Certification and v9

by in All Apps and Add-ons
‎02-29-2024 12:30 PM
‎02-29-2024 12:30 PM
Can this app please be updated to make it cloud compatible, as well as to show it's compatible with v9 of splunk? There's no reason I can see it can't be, other than it just needing a quick update of... See more...
Can this app please be updated to make it cloud compatible, as well as to show it's compatible with v9 of splunk? There's no reason I can see it can't be, other than it just needing a quick update of the config. I haven't run appinspect on it yet, though, so possibly that is what is stopping this.
Labels

Re: Not getting results to lookup command

by SplunkTrust in Splunk Search
‎02-29-2024 12:27 PM
‎02-29-2024 12:27 PM
Make sure the Nagio index contains a field called "host_name".  If it does not, then change the rename command to make the Server_name field match a field name in the index.

How to migrate a distributed, clustered Splunk (9.0.4.1) deployment from OS RHEL 7 to new servers RHEL 9?

by in Splunk Enterprise
‎02-29-2024 12:17 PM
‎02-29-2024 12:17 PM
I have a distributed deployment at version 9.0.4.1 Everything in running on RHEL 7 and the system/server team does not want to do in place upgrades to RHEL 9.  I have been tasked to migrate each nod... See more...
I have a distributed deployment at version 9.0.4.1 Everything in running on RHEL 7 and the system/server team does not want to do in place upgrades to RHEL 9.  I have been tasked to migrate each node to a new replacement server (which will be renamed / IP- addressed to match the existing).   From what I have read this is possible, but I have a few questions. Lets consider I start with standalone nodes, like a SHC-deployer, Monitoring Console, License Manager... These are the general steps I have gathered 1 Install Splunk (same version) on the new server 2 Stop Splunk on the old server  3 Copy old configs to new server ?? <<< which configs? is there a check list documented somewhere 4 Start new Splunk server and verify  I could go thru each directory copying configs, but any advice to expedite this step is appreciated. Thank you

Re: Troubleshooting.

by in Splunk Enterprise
‎02-29-2024 12:04 PM
1 Karma
‎02-29-2024 12:04 PM
1 Karma
The first event that came in doesnt have a timestamp which is the reason for the error but the other events are extracted properly

Running SPL via Visual Studio Code

by in Other Usage
‎02-29-2024 11:59 AM
‎02-29-2024 11:59 AM
Hello, I use Microsoft's Visual Studio Code as code locker for my spl, xml, and json Splunk code. Does anyone have  experience running spl code from VSC? I have the Live Server extension installed a... See more...
Hello, I use Microsoft's Visual Studio Code as code locker for my spl, xml, and json Splunk code. Does anyone have  experience running spl code from VSC? I have the Live Server extension installed and enabled. However, it opens into directory listing within Chrome. When I drilldown to the spl file instead of running the code it downloads the file. Thanks and God bless, Genesius

Re: difference between pipe summaryindex and collect

by in Splunk Search
‎02-29-2024 11:58 AM
‎02-29-2024 11:58 AM
Hello, Thank you for your explanation. 1) I ran the following search (without scheduled report):   This will push the data from original index to summaryindex   index=originalindex ```---- multip... See more...
Hello, Thank you for your explanation. 1) I ran the following search (without scheduled report):   This will push the data from original index to summaryindex   index=originalindex ```---- multiple searches----- table ID, name, address ``` | summaryindex spool=t uselb=t addtime=t index="summary" file="summary_test_1.stash_new" name="summary_test_1" marker="hostname=\"https://test.com/\",report=\"summary_test_1\""   2)  I  ran index=summary report="summary_test_1"   It gave me the data that contains ID, name, address It appeared that the first search pushed the data to    index=summary report="summary_test_1", thus this command does not only tie to a scheduled report like you mentioned earlier So, what is the difference between summaryindex and collect if they provide the same function? Thanks

join two indexes based on the date and the hour and try to match inside of minute

by in Splunk Search
‎02-29-2024 11:36 AM
‎02-29-2024 11:36 AM
We have logs in two different indexes. There is no common field other than the _time . The  timestamp of the events in second index is about 5 seconds further than the events in the first index. How ... See more...
We have logs in two different indexes. There is no common field other than the _time . The  timestamp of the events in second index is about 5 seconds further than the events in the first index. How do in  I need to join these two indexes based on the date and the hour and try to match inside of minute? Thanks,
Labels

Re: Not getting results to lookup command

by in Splunk Search
‎02-29-2024 11:19 AM
‎02-29-2024 11:19 AM
Hi @richgalloway , I used the above query, it is  showing 0 events 

Re: Using Parameter in Search

by SplunkTrust in Splunk Search
‎02-29-2024 11:15 AM
‎02-29-2024 11:15 AM
Use a subsearch.   index=foo | search NAME IN ( [| makeresults | eval search="task1,task2,task3"])  

Re: Controller Tenants token is not available in 15-days free trail

by Community Manager in Splunk AppDynamics
‎02-29-2024 11:08 AM
‎02-29-2024 11:08 AM
Hi @Taj.Hassan, I have shared this with the Account teams. I will report back when I hear from them. 

Re: How to clear selected Dropdown value and reset it to default value on selection of another dropdown?

by in Dashboards & Visualizations
‎02-29-2024 11:04 AM
‎02-29-2024 11:04 AM
This solution is good. But after selection, if refresh the dashboard you will lose the selection. That is problem i am facing Any help please

Re: EUM Ajax context data is empty

by Community Manager in Splunk AppDynamics
‎02-29-2024 10:59 AM
‎02-29-2024 10:59 AM
Hi @Junaid.Ram, Thanks for asking your question on the Community and for sharing an AppD Docs page. Are the instructions unclear on the Docs page or do you feel something is missing? If so, please ... See more...
Hi @Junaid.Ram, Thanks for asking your question on the Community and for sharing an AppD Docs page. Are the instructions unclear on the Docs page or do you feel something is missing? If so, please let me know so I can share this with the Docs team. 

Re: AppDynamics metric browser - Service Availability

by Community Manager in Splunk AppDynamics
‎02-29-2024 10:53 AM
‎02-29-2024 10:53 AM
Hi @Sathish.Perugu, Thanks for coming back and sharing the solution! 

How to conditionally specify an index on a dashboard studio dashboard?

by in Dashboards & Visualizations
‎02-29-2024 10:53 AM
‎02-29-2024 10:53 AM
I'm working on building a dashboard for monitoring a system and I would like to have a dropdown input which allows me to switch between different environments. Environments are specified using severa... See more...
I'm working on building a dashboard for monitoring a system and I would like to have a dropdown input which allows me to switch between different environments. Environments are specified using several indices, such as sys-be-dev, sys-be-stage, sys-be-prod. So a query will look something like `namespace::sys-be-prod | search ...` for prod, and the namespace index will change for other environments. I've added an input to my dashboard named NamespaceInput with values like sys-be-dev, sys-be-stage, sys-be-prod. Unfortunately doing `namespace=$NamespaceInput$` and `namespace::$NamespaceInput$` don't work. I've tried various ways of specifying the namespace index using the token but none of them function correctly. It seems like only a hard-coded `namespace::sys-be-prod` sort of specifier works for this type of index. Any tips on how I might make use of a dashboard input in order to switch which index is used in a base query? Note that I'm using the dashboard studio. Perhaps there's a way of using chained queries and making them conditional based on the value of the NamespaceInput token value?   Thank you!
Labels

Re: Getting error:- SimMachinesAgentService#registerMachine(SimMachineMinimalDto) - Result: 401 Unauthorized - content

by Community Manager in Splunk AppDynamics
‎02-29-2024 10:39 AM
1 Karma
‎02-29-2024 10:39 AM
1 Karma
Hi @Amit.Bisht, Thank you so much for following up with a solution to your issue. We love to see that here in the community!

Re: How can I delete my trial account?

by Community Manager in Splunk AppDynamics
‎02-29-2024 10:37 AM
‎02-29-2024 10:37 AM
Hi @leted.joey, Let me ask you some clarifying questions. Do you want just your trial account deleted or would you like your entire AppD Account deleted?

Re: Splunk Otel Chart Values.yaml for sending Otel Gateway logs to Splunk

by in Splunk Observability Cloud
‎02-29-2024 10:13 AM
‎02-29-2024 10:13 AM
@maulikp Thanks. We're able to confirm gateway logs are now flowing through splunk now by searching for pod names that contain the word gateway k8s.pod.name=*gateway*    thank you very much Phu

Using Parameter in Search

by in Splunk Search
‎02-29-2024 09:59 AM
‎02-29-2024 09:59 AM
I am trying to use parameter into the search using IN condition.  Query is retuning results if I put data directly into the search but my dashboard logic require to use parameter .  ........ | ev... See more...
I am trying to use parameter into the search using IN condition.  Query is retuning results if I put data directly into the search but my dashboard logic require to use parameter .  ........ | eval tasks = task1,task2,task3 | search NAME IN (tasks)
Labels

Re: Authentication.conf files

by SplunkTrust in Security
‎02-29-2024 09:48 AM
1 Karma
‎02-29-2024 09:48 AM
1 Karma
Hi there couldn’t be two files with same name on local directory!  You should use  splunk btool authentication list --debug to see how splunk sees those and from which file. r. Ismo

Re: Create custom fields at indextime on Heavy Forwarders

by SplunkTrust in Getting Data In
‎02-29-2024 09:44 AM
1 Karma
‎02-29-2024 09:44 AM
1 Karma
If I recall right you shouldn’t use DEST_KEY= fieldname, just remove that line. Usually splunk write that into _meta field and then it create indexed fields based on that information in indexers.