Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
12-05-2023
03:46 AM
Hi @gcusello I've managed to edit the file and restart using thanks to your help. However, I have some problems as you can see in the image. Could you please provide me with the information that ...
See more...
Hi @gcusello I've managed to edit the file and restart using thanks to your help. However, I have some problems as you can see in the image. Could you please provide me with the information that are essential to add to this file. Thanks startwebserver = 1 [settings] mgmtHostPort = 127.0.0.1:9997
12-05-2023
03:40 AM
1 Karma
@SplunkExplorer , Navigate to Settings --> User Interface --> Navigation menus & in the default navigation menu for the corresponding app add below: <view name="search" /> Thanks! ...
See more...
@SplunkExplorer , Navigate to Settings --> User Interface --> Navigation menus & in the default navigation menu for the corresponding app add below: <view name="search" /> Thanks!
12-05-2023
03:39 AM
This sounds like a data issue - you should check which hosts are coming up as not being monitored and see why they are not showing up in your index.
12-05-2023
03:34 AM
How to get a single table from this query having all the correlationId together in one table
Labels
- Labels:
-
eval
12-05-2023
03:22 AM
@yuanliu , above dates are just for reference we need to make a generic to work for all the dates like above !
12-05-2023
03:18 AM
Hi, Thank you for your help, I tried to workout your recommendation and the query looks like below: index="app_cleo_db" origname="GEAC_Payroll*" | rex "\sorigname=\"GEAC_Payroll\((?<digits>\d+)\)...
See more...
Hi, Thank you for your help, I tried to workout your recommendation and the query looks like below: index="app_cleo_db" origname="GEAC_Payroll*" | rex "\sorigname=\"GEAC_Payroll\((?<digits>\d+)\)\d{8}_\d{6}\.xml\"" | search origname="*.xml" | eval Date = strftime(_time, "%Y-%m-%d %H:00:00") | eval DateOnly = strftime(_time, "%Y-%m-%d") | transaction DateOnly, origname | timechart span=1h count by DateOnly | eval _time=strftime(_time, "%H:%M:%S") But this is still giving me the time for both the dates if I try to run my query for 2 days : _time 2023-12-02 2023-12-03 00:00:00 0 0 01:00:00 0 0 02:00:00 0 0 03:00:00 0 0 00:00:00 0 0 01:00:00 0 0 02:00:00 0 0 03:00:00 1 0
12-05-2023
02:53 AM
Hi,
I want to integrate AppDynamics into my Xamarin Application. I created a trial Account with AppDynamics. Is it possible to create an iOS user Agent, through a Trial Account? I am unable to get ...
See more...
Hi,
I want to integrate AppDynamics into my Xamarin Application. I created a trial Account with AppDynamics. Is it possible to create an iOS user Agent, through a Trial Account? I am unable to get the EUM App-Key for my Trial Account.
Govind.
Labels
- Labels:
-
Real User Monitoring
12-05-2023
02:44 AM
Thanks Srinivas for your reply. We've designated 'New' as the default status for all notables. I attempted to set 'In Progress' as the default status by adjusting the status configuration. Afterwar...
See more...
Thanks Srinivas for your reply. We've designated 'New' as the default status for all notables. I attempted to set 'In Progress' as the default status by adjusting the status configuration. Afterward, I reviewed the Incident page, specifically the 'Notables' section under 'History View,' to check all activity related to this notable event. However, the History yielded empty results. And, when I did debug on the search, It is unable to find the marked rule_id in the notables. Is this expected ? Any help will be highly appreciated
12-05-2023
02:30 AM
Hi Splunkers, I have a doubt about a custom app customization. For a customer, we created with Splunk Addon Builder a simple app to use as "container": every customization we perform, such as Correl...
See more...
Hi Splunkers, I have a doubt about a custom app customization. For a customer, we created with Splunk Addon Builder a simple app to use as "container": every customization we perform, such as Correlation rules, reports and so on, is assigned to this app. So, in its first release, the app has no particular panel, features and so on; let's say that just "exist". To be clearer: if I login and open the app, what I see is this: and that's totally fine, due we did not perform any kind of customizations. So now, the question is: if I want to include the search function inside this app, how I can achieve this? I mean, we want avoid, when when we need to perform a search, to go on Search and Reporting app; we would be able to perform searches inside our app. For now, we don't need panel with specific charts, based on particular query: we want simple to be able to use (if it is possible of course) the Search and Reporting app/its functionality inside our app.
Labels
- Labels:
-
data
12-05-2023
02:26 AM
Hi, I have StartTime,EndTime "2023-12-05 05:30:00.0000000","2023-12-05 08:00:00.0000000" "2023-12-05 08:00:00.0000000","2023-12-05 09:30:00.0000000" "2023-12-05 10:28:00.0000000","2023-12-05 13:...
See more...
Hi, I have StartTime,EndTime "2023-12-05 05:30:00.0000000","2023-12-05 08:00:00.0000000" "2023-12-05 08:00:00.0000000","2023-12-05 09:30:00.0000000" "2023-12-05 10:28:00.0000000","2023-12-05 13:30:00.0000000" I need to visualize a column chart, with 3 columns (in this case) with height 1 (y axis). The width of the first column is between "2023-12-05 05:30:00.0000000","2023-12-05 08:00:00.0000000", second one between "2023-12-05 08:00:00.0000000","2023-12-05 09:30:00.0000000", the third between "2023-12-05 10:28:00.0000000","2023-12-05 13:30:00.0000000". The x axis should be the time. Attached example. Any idea, please?
Labels
- Labels:
-
using Splunk Enterprise
12-05-2023
02:07 AM
Thanks for the advice. My Splunk Cloud trial account has expired, so I will try it when I get a chance.
12-05-2023
02:00 AM
Thanks for your help, I haven't been able to test your solution yet. I'm supposed to do it this week, so I'll get back to you.
12-05-2023
01:34 AM
Does anyone know why we are getting such errors for our few DB inputs?? Is there a setting somewhere to increase the number of HECs on this HF for DBX usage.
Labels
- Labels:
-
troubleshooting
12-05-2023
01:30 AM
Hi @gcusello I've checked the directory C:\Program Files\Splunk\etc\system\local\web.conf This is how the file looks like, I believe since there isn't, it doesn't automatically start ...
See more...
Hi @gcusello I've checked the directory C:\Program Files\Splunk\etc\system\local\web.conf This is how the file looks like, I believe since there isn't, it doesn't automatically start
12-05-2023
01:29 AM
I am querying a change in a value each week over last 4 weeks. Ineed to know the value from the week before the search window to work out the change correctly. index=ind sourcetype=src (type=instrum...
See more...
I am querying a change in a value each week over last 4 weeks. Ineed to know the value from the week before the search window to work out the change correctly. index=ind sourcetype=src (type=instrument) earliest=-5w@w+1d latest=@w+1d | bucket _time span=7d | stats max(reading) as WeekMax by _time | streamstats current=f last(WeekMax) as LastWeekMax | eval WeekDelta = WeekMax - LastWeekMax | eval WeekDelta = if(WeekDelta < 0, 0.000000, WeekDelta) | table _time, WeekMax, WeekDelta I don't want to show the time for the week before the query (-5th week). Any tips on how to change this query to only show results for last 4 weeks but still calculating the change correctly? Thanks
Labels
- Labels:
-
table
12-05-2023
01:17 AM
Hi @QuantumRgw , I suppose that you don't remember what you disabled. Anyway, check if the web interface is enabled at $SPLUNK_HOME/etc/system/local/web.conf. Ciao. Giuseppe
12-05-2023
01:17 AM
1 Karma
It seem that Splunk already gives you fields like cluter_id, log.projectName, and log.stdout. log.stdout is embedded JSON. Not sure why you say "spath does not work with outputted events." It cert...
See more...
It seem that Splunk already gives you fields like cluter_id, log.projectName, and log.stdout. log.stdout is embedded JSON. Not sure why you say "spath does not work with outputted events." It certainly does. As @richgalloway demonstrated, you just need to use spath's input parameter. | spath input=log.stdout Your mock event gives you these extra fields Code Componente channel flow log logId responseMessage service timestamp code_here componente_here channel_here flow_here log_here logid_here responseMessage_here service_here timestamp_here Play with the emulation @richgalloway gives and compare with your real data.
12-05-2023
01:03 AM
Maybe check your "desired result?" Among year month days hour min, day, hour, minute have definitive definitions. Year as duration is dubious; month is practically meaningless.
12-05-2023
01:00 AM
I basically have the exact same question as https://community.splunk.com/t5/Dashboards-Visualizations/How-to-have-a-panel-use-an-offset-from-a-time-picker/m-p/351003. BUT I need to actually chang...
See more...
I basically have the exact same question as https://community.splunk.com/t5/Dashboards-Visualizations/How-to-have-a-panel-use-an-offset-from-a-time-picker/m-p/351003. BUT I need to actually change the value in the timerange picker token. E.G. if i select a timerange of "last 4 hour" and my modification is to add an hour, than the $token_time.earliest$ should not be "-4h" but "-5h".
Labels
- Labels:
-
dashboard
-
panel
-
simple XML
-
token
12-05-2023
12:38 AM
Hi @gcusello Currently I can't open splunk. I believe the possible reason that this had happened is because I disabled/enabled some settings in the manage apps console. Right now I can't access a...
See more...
Hi @gcusello Currently I can't open splunk. I believe the possible reason that this had happened is because I disabled/enabled some settings in the manage apps console. Right now I can't access any information because the website gives the "This site can’t be reached 127.0.0.1 refused to connect." information. How can I reconnect again Splunkd is running I will be waiting for your reply
