Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
12-13-2023
05:12 AM
Hi, we are ingesting Couchbase JSON Documents into Splunk Cloud using Kafka. When I open the same document (1st one ingested in Splunk - _raw and 2nd one is Couchbase JSON) and compare in Visual ...
See more...
Hi, we are ingesting Couchbase JSON Documents into Splunk Cloud using Kafka. When I open the same document (1st one ingested in Splunk - _raw and 2nd one is Couchbase JSON) and compare in Visual Studio Code, I can see differences as shown below: Splunk syntax highlighted data for this record is identical to original Couchbase JSON. Can you please help me understand why _raw is showing this data differently and also is there any way to get _raw data in the same format at original JSON? Thank you.
Hi @parthiban, the problem are the starting data: viewing your data without any transformation, it seems that you haven't the data: so reducing the search without | where name="YYYY" have you stat...
See more...
Hi @parthiban, the problem are the starting data: viewing your data without any transformation, it seems that you haven't the data: so reducing the search without | where name="YYYY" have you status? index="XXXX" "Genesys system is available"
| rename "response_details.response_payload.entities{}.onlineStatus" as status if not you have to redesign your search because it isn't congruent. Ciao. Giuseppe
12-13-2023
04:32 AM
Brilliant it worked. Thank you!
Hi @gcusello I've shared an example Splunk payload. In that, we have the 'onlinestatus' field under 'response details,' 'response payload,' and 'entities.' First, we need to extract the 'online...
See more...
Hi @gcusello I've shared an example Splunk payload. In that, we have the 'onlinestatus' field under 'response details,' 'response payload,' and 'entities.' First, we need to extract the 'onlinestatus' and serial number (for identifying the device) before applying the condition for the alert right?
12-13-2023
04:09 AM
Yes, like form 25th Nov we are able to see the logs for the sourcetype so please guide how to check where to check.
- Tags:
- logs
12-13-2023
03:35 AM
Ciao @gcusello , Maybe I didn't explain myself correctly. I meant that when the deployer moves the apps to /opt/splunk/var/run/splunk/deploy/apps it created the apps with "-local" But i just discove...
See more...
Ciao @gcusello , Maybe I didn't explain myself correctly. I meant that when the deployer moves the apps to /opt/splunk/var/run/splunk/deploy/apps it created the apps with "-local" But i just discovered that it was for a misconfiguration in the app.conf file deploy mode. I already fixed it and now the SHs have all the ITSI apps on the etc/apps directory. But I'm facing a new problem, when I start ITSI I got this message But it has no sense because it is the first installation... Thanks for your response and time
12-13-2023
03:33 AM
Hi on your cloud instantance on left side is app called "Universal Forwarder" which contains UF package and instructions how to use it to send events to your SC instance. r. Ismo
12-13-2023
03:29 AM
Hi you are probably using wrong acronyms as DDAS is active searchable data. You could see those e.g. https://www.splunk.com/en_us/blog/platform/dynamic-data-data-retention-options-in-splunk-cloud.ht...
See more...
Hi you are probably using wrong acronyms as DDAS is active searchable data. You could see those e.g. https://www.splunk.com/en_us/blog/platform/dynamic-data-data-retention-options-in-splunk-cloud.html?locale=en_us see also https://lantern.splunk.com/Splunk_Platform/Product_Tips/Data_Management/Setting_data_retention_rules_in_Splunk_Cloud_Platform Could you check from where you want to restore and update this question based on it? r. Ismo
12-13-2023
03:27 AM
Hello, https://docs.appdynamics.com/appd/21.x/latest/en/infrastructure-visibility/monitor-kubernetes-with-the-cluster-agent/install-the-cluster-agent/validate-the-cluster-agent-installation 1.Valid...
See more...
Hello, https://docs.appdynamics.com/appd/21.x/latest/en/infrastructure-visibility/monitor-kubernetes-with-the-cluster-agent/install-the-cluster-agent/validate-the-cluster-agent-installation 1.Validate the Cluster Agent Installation 2.we have deployed appdynamics using EKS on AWS 3.we have succefully deployed it using helm chart 4.but in the dashboard it says no data available 5.We have installed cluster agent and Visibility infra using the above documentation and we are not able to get the visual data in the console and in the metrics browser it just says no data available. We are using EKS cluster 1.25 version with 2 nodes and we have deployed bank-of-anothos application in our cluster 6.# To install InfraViz installInfraViz: true # AppDynamics controller info controllerInfo: url: https://cat202312051119163.saas.appdynamics.com:443 account: My account name username: My username password: My password accessKey: my access key globalAccount: my account name # Infra Viz config infra Viz: nodeOS: "linux" enableMasters: true stdoutLogging: true enableContainerHostId: true enable Server viz : true enable Docker viz : false # Net viz config net Viz: enabled: true net Viz Port: 3892 screenshot link: Screenshot 2023-12-13 at 3.07.16 PM.png Please tell Work around for above issues. Thanks
Labels
- Labels:
-
Dashboards
Hi @gcusello we have status field in the last search, however it is not produced the results Just for checking even better understanding and quicker results, do you have some other information r...
See more...
Hi @gcusello we have status field in the last search, however it is not produced the results Just for checking even better understanding and quicker results, do you have some other information required please let me know happy to provide.
12-13-2023
03:21 AM
Just add this the end of query | where Process != "C:\\ProgramFiles\\notepad.exe"
12-13-2023
03:16 AM
I want to show only identical process name values in the table "Process" because these logs come in repeated format. If any other process name value is different from notepad.exe then it can logged ...
See more...
I want to show only identical process name values in the table "Process" because these logs come in repeated format. If any other process name value is different from notepad.exe then it can logged in the "Process" table otherwise it can be skipped.
12-13-2023
03:14 AM
Hi If this always ended with ". Now" then you can use ...
| rex "from process name: (?<Process>.+)\. Now"
| table Process If there can be anything then this is not working and you must use someth...
See more...
Hi If this always ended with ". Now" then you can use ...
| rex "from process name: (?<Process>.+)\. Now"
| table Process If there can be anything then this is not working and you must use something else based on the rest of line. r. Ismo
12-13-2023
03:07 AM
Hi Team, We received a requirement to monitor the Webservices Utilities: Message monitor in SAP systems. PFA screenshot for reference. Please confirm do we have option in SAP ABAP agent to monitor t...
See more...
Hi Team, We received a requirement to monitor the Webservices Utilities: Message monitor in SAP systems. PFA screenshot for reference. Please confirm do we have option in SAP ABAP agent to monitor the below error/log messages. Thanks Selvan
Hi @parthiban, sorry I wasn't clear: running the last reduced search, which values (not field names) have you for the "status" field? have you the waited values: "offline", "online", etc... that we...
See more...
Hi @parthiban, sorry I wasn't clear: running the last reduced search, which values (not field names) have you for the "status" field? have you the waited values: "offline", "online", etc... that we use for the checks? Ciao. Giuseppe
12-13-2023
03:02 AM
1 Karma
Hi @Jagat, this regex works for the sample you shared (without spaces in the process name and path). | rex "process name:\s+(?<process_name>[^ ]+)" that you can test at https://regex101.com/r/b1oa...
See more...
Hi @Jagat, this regex works for the sample you shared (without spaces in the process name and path). | rex "process name:\s+(?<process_name>[^ ]+)" that you can test at https://regex101.com/r/b1oavF/1 To be more sure, you shoud share more and different samples. Ciao. Giuseppe
12-13-2023
03:01 AM
Hi have you look timewrap command? You could try something like basesearch earliest=-1d@d latest=now
| timechart span=15m count
| timewrap d Your result shows little bit weird as yesterday you ...
See more...
Hi have you look timewrap command? You could try something like basesearch earliest=-1d@d latest=now
| timechart span=15m count
| timewrap d Your result shows little bit weird as yesterday you have a whole day, but today is only from midnight to now. r. Ismo
12-13-2023
02:59 AM
I want to extract only the process name value from the logs and store in a table: Input Log: ------------- <30>1 2023-12-13T06:22:20.197Z 10.205.101.94 4 CGA3001I [sev="INFO" msg="Event" event="Da...
See more...
I want to extract only the process name value from the logs and store in a table: Input Log: ------------- <30>1 2023-12-13T06:22:20.197Z 10.205.101.94 4 CGA3001I [sev="INFO" msg="Event" event="Data is getting from process name: C:\\ProgramFiles\\notepad.exe. Now we can try to write the logs. Mode: Operational"] Output: ---------- C:\\ProgramFiles\\notepad.exe I have tried with the command :- regex "(?<=Process name:).*?(?=\.\s+)" | table Process But didn't get any data
