@PickleRick Below is a screenshot of test server files being perfectly monitored in Splunk. Below screenshot belongs to production server and the same file creating an issue for monitor...
See more...
@PickleRick Below is a screenshot of test server files being perfectly monitored in Splunk. Below screenshot belongs to production server and the same file creating an issue for monitoring in Splunk(issued server).
I don't have the same experience. When I select those two counters I get those two plus process_mem_used and process_cpu_used_percent, which appear to be duplicates of the selected counters. I don'...
See more...
I don't have the same experience. When I select those two counters I get those two plus process_mem_used and process_cpu_used_percent, which appear to be duplicates of the selected counters. I don't know how to help you from here.
How to show total count values in label of pie chart? instead of percentage example ,I want to show over all count (i.e 501455) next to EOL @developers
I saying that the rule needs to trigger when events > 4, and the 'Trigger Condition' did not work. This is the rule that triggered (triggered on one event):
The missing one will be the one that is only on one of the indexers. What to do - well, it will depend on the reason for the bucket not being properly replicated.
Hi @bhall_2 .. there are two forwarders - Splunk Universal forwarder(UF) and Splunk heavy forwarder(HF). (the old legacy forwarder is called as Splunk Light forwarder). maybe if you could update us...
See more...
Hi @bhall_2 .. there are two forwarders - Splunk Universal forwarder(UF) and Splunk heavy forwarder(HF). (the old legacy forwarder is called as Splunk Light forwarder). maybe if you could update us more details about the requirement( more details about "you can control through biometics the flow of data" ), we can suggest you better. thanks Best Regards Sekar
Hi @dm2 .. the SPL looks good and working fine also(as per the image). the trigger condition says the result greater than 4 and the image shows result 1. so the trigger condition was not triggered....
See more...
Hi @dm2 .. the SPL looks good and working fine also(as per the image). the trigger condition says the result greater than 4 and the image shows result 1. so the trigger condition was not triggered. are you saying that, when the result is greater than 4 also the trigger condition not triggering?
Hi @mtrochym Could you pls check these: https://splunkbase.splunk.com/app/2878/ https://splunkbase.splunk.com/app/3525/ https://github.com/splunk/slack-alerts
Hi All, I am fetching dashboards using REST Command | rest /servicesNS/-/-/data/ui/views Not all the dashboards returned from this command are seen in Splunk UI. Can anyone help me t...
See more...
Hi All, I am fetching dashboards using REST Command | rest /servicesNS/-/-/data/ui/views Not all the dashboards returned from this command are seen in Splunk UI. Can anyone help me to know why is this happening ? Regards, PNV
I was wondering if I can send a Splunk alert directly to an individual in slack. I know can @mention them in a channel with their <@islackid> etc, but I am looking to send an alert directly to an ind...
See more...
I was wondering if I can send a Splunk alert directly to an individual in slack. I know can @mention them in a channel with their <@islackid> etc, but I am looking to send an alert directly to an individual (or individuals) from Splunk, instead of sending it directly to a channel. Something like: or? (neither work). Thanks.
| stats count dc("File Name") as "File Name Count" first(_time) as _time, values(host) as host, values("File Type") as "File Type", values(Policy) as Policy, values(SHA256) as SHA256, values("Block R...
See more...
| stats count dc("File Name") as "File Name Count" first(_time) as _time, values(host) as host, values("File Type") as "File Type", values(Policy) as Policy, values(SHA256) as SHA256, values("Block Reason") as "Block Reason", values(Blocked) as Blocked by "File Name"
@PickleRick I am getting below issues while executing your suggested command "splunk list inputstatus" . Can you please tell me what issue you can see by referring to below screenshot?
Hi @dm2, please, share your search in text mode, otherwise it's more difficoult to help you. You can insert the text using the "Insert/Edit code sample" button. Ciao. Giuseppe
