All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

I want to get my inputlookup csv filename with the query. | inputlookup abc.csv | stats count by inputlookup_filename  ```<= the result I needed is "abc"``` Or | table inputlookup_filename ```<... See more...
I want to get my inputlookup csv filename with the query. | inputlookup abc.csv | stats count by inputlookup_filename  ```<= the result I needed is "abc"``` Or | table inputlookup_filename ```<= the result I needed is "abc"```
can you elaborate more regarding this point  "you should check if the population scheduled searches are running and if they have results" How i can check it? i installed CIM 5.2.0 and yes i instal... See more...
can you elaborate more regarding this point  "you should check if the population scheduled searches are running and if they have results" How i can check it? i installed CIM 5.2.0 and yes i installed TA-addons but not sure about compatibility, do you recommend download to 4.x?
kindly find the screenshot for the full correlation search and notable configuration
hi @Mohamad_Alaa , which time period did you used in the Correlation Search? Ciao. Giuseppe
Hi @parthiban , yes, sorry, I forgot a parenthesis in the eval command: (index = Test1 invoked_component="XXXX" "genesys" correlation_id="*" message="Successfully received") OR (index = Test2 inv... See more...
Hi @parthiban , yes, sorry, I forgot a parenthesis in the eval command: (index = Test1 invoked_component="XXXX" "genesys" correlation_id="*" message="Successfully received") OR (index = Test2 invoked_component="YYYY" correlation_id="*" message IN ("Successfully created" , "Successfully updated")) | stats count(eval(index="Test1")) AS Test1_count count(eval(index="Test2")) AS Test2_count count BY correlation_id Ciao. Giuseppe
Hi @Mohamad_Alaa , you should check if the population scheduled searches are running and if they have results. It seems that these scheduled searches are running, but they always have empty results... See more...
Hi @Mohamad_Alaa , you should check if the population scheduled searches are running and if they have results. It seems that these scheduled searches are running, but they always have empty results. Are you using CIM>4.X compliant add-ons? Ciao. Giuseppe
@bowesmana  This is my current query: index= "abc" "pace api iaCode - YYY no valid pace arrangementId as response!!!" OR "pace api iaCode - ZZZ no valid pace arrangementId as response!!!" source!... See more...
@bowesmana  This is my current query: index= "abc" "pace api iaCode - YYY no valid pace arrangementId as response!!!" OR "pace api iaCode - ZZZ no valid pace arrangementId as response!!!" source!="/var/log/messages" sourcetype=600000304_gg_abs_ipc1| rex "-\s+(?<Exception>.*)" | table Exception source host sourcetype _time And My cron schedule is shown as below:   @bowesmana can you please suggest me what changes I need to make in my query and cron to get incidents and email on time
is the output of the attached image right? i can see data model per run duration but by size has no values
yes exactly the same, the only different they used deep search but i didn't Noting that notable already exist so the trigger is working and the response is working by creating a notable The severit... See more...
yes exactly the same, the only different they used deep search but i didn't Noting that notable already exist so the trigger is working and the response is working by creating a notable The severity is high for this notable Any other advice?
Hi @gcusello  the correlation_ID is a unique value for each record, and each record has distinct messages for each lambda. Yes, I want to correlate both Test1 and Test2, but the result with the c... See more...
Hi @gcusello  the correlation_ID is a unique value for each record, and each record has distinct messages for each lambda. Yes, I want to correlate both Test1 and Test2, but the result with the common correlation_ID is printed only in Test2. I have already shared the example. the below mentioned query is not working throwing  error  mismatch quotes  and/or parenthesis error.
good day, please help. DB agent has a problem with connecting more detailed metrics. I restarted and reinstalled the agent but the error persists #|2023-11-28T13:37:39.480+0100|SEVERE|glassfish 4.1... See more...
good day, please help. DB agent has a problem with connecting more detailed metrics. I restarted and reinstalled the agent but the error persists #|2023-11-28T13:37:39.480+0100|SEVERE|glassfish 4.1|com.sun.jersey.spi.container.ContainerResponse|_ThreadID=56;_ThreadName=http-listener-1(6);_TimeMillis=17011750594 80;_LevelValue=1000;|The RuntimeException could not be mapped to a response, re-throwing to the HTTP container RestException(statusCode=500, code=Unknown, errorMessage=Unknown server error., developerMessage=null, logCorrelationId=5041de7e-2229-4c14-a847-5e8cd4703df6) at com.appdynamics.analytics.client.common.exceptions.RestExceptionFactory.makeException(RestExceptionFactory.java:56) at com.appdynamics.analytics.client.common.RestClientUtils.validateResponse(RestClientUtils.java:278) at com.appdynamics.analytics.client.common.RestClientUtils.resolve(RestClientUtils.java:85) at com.appdynamics.analytics.client.common.GenericHttpRequestBuilder.executeAndReturnRawResponseString(GenericHttpRequestBuilder.java:287) at com.appdynamics.analytics.shared.rest.client.eventservice.DefaultEventServiceClient.searchEvents(DefaultEventServiceClient.java:479) at sun.reflect.GeneratedMethodAccessor20202.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.singularity.ee.controller.beans.analytics.client.AccountCreatingAnalyticsClient$ProxyingEventServiceClient.invoke(AccountCreatingAnalyticsClient.java:10 4) at com.sun.proxy.$Proxy620.searchEvents(Unknown Source) at com.appdynamics.analytics.shared.rest.client.DefaultAnalyticsClient.searchEvents(DefaultAnalyticsClient.java:68) at com.appdynamics.ui.dbmon.impl.query.QueryHelper.search(QueryHelper.java:165) at com.appdynamics.ui.dbmon.impl.esHelpers.DBReportsHelper2.getWaitStateInfoForDB(DBReportsHelper2.java:28) at com.appdynamics.ui.dbmon.impl.services.dashboard.DBServerDashboardUiServiceImpl.getWaitStateData(DBServerDashboardUiServiceImpl.java:215) at sun.reflect.GeneratedMethodAccessor22351.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java :185) at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409) at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:540) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:715) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:286) at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:276) at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:181) at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120) at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:135) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.filter.RestSessionFilter.doFilter(RestSessionFilter.java:209) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.CsrfFilter.doFilter(CsrfFilter.java:139) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.AgentRejectionFilter.doFilter(AgentRejectionFilter.java:59) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.RequestOriginMarkingFilter.lambda$doFilter$0(RequestOriginMarkingFilter.java:26) at com.appdynamics.platform.RequestOrigin.runAs(RequestOrigin.java:64) at com.singularity.ee.controller.servlet.RequestOriginMarkingFilter.doFilter(RequestOriginMarkingFilter.java:24) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.CacheControlFilter.doFilter(CacheControlFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.UnsecuredUrlsRejectFilter.doFilter(UnsecuredUrlsRejectFilter.java:78) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:316) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734) at org.apache.catalina.core.StandardPipeline.doChainInvoke(StandardPipeline.java:678) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174) at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:416) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:283) at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167) at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:206) at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:180) at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235) at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201) at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133) at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112) at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77) at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:539) at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:593) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:573) at java.lang.Thread.run(Thread.java:748)
hi @Muthu_Vinith , using my search, you have the count for each status, so you can sum thre three values using eval and calculate the percentage, this is a simplified version: <your_search> | stats... See more...
hi @Muthu_Vinith , using my search, you have the count for each status, so you can sum thre three values using eval and calculate the percentage, this is a simplified version: <your_search> | stats count(eval(status="Completed")) AS Completed_count count(eval(status!="Completed")) AS Not_Completed_count BY status | eval perc=(Completed_count/Not_Completed_count/*100 without eventual missing statuses. Ciao. Giuseppe
My requirement is I need to show chart completed vs target my target value is 100 based on this I need to show what is the query for that @gcusello 
Hi @parthiban  let me understand: you said the you want to correlate the count of Correrlation_IDs in the two searches, is it correct? I don't understand where are correlation_IDs in your results a... See more...
Hi @parthiban  let me understand: you said the you want to correlate the count of Correrlation_IDs in the two searches, is it correct? I don't understand where are correlation_IDs in your results and what's the rule  please try this: (index = Test1 invoked_component="XXXX" "genesys" correlation_id="*" message="Successfully received") OR (index = Test2 invoked_component="YYYY" correlation_id="*" message IN ("Successfully created" , "Successfully updated")) | stats count(eval(index="Test1") AS Test1_count count(eval(index="Test2") AS Test2_count count BY correlation_id in this way, you have the results of both searches for corre.atio_ID. Ciao Giuseppe
While the Speakatoo API performs as expected in POSTMAN, it encounters challenges when integrated into my system.
Hi @gcusello  Thanks for your response, I need to print count of Test 2 correletion_ID with comparing the test 1 results common correletion_ID, Here the sample results I mentioned.   
please tell me. How do I hide filters in Splunk Dashboard Studio? Is it an XML-only option? XML → <form hideFilters="true"> JSON → ???
Hi @Muthu_Vinith , so what's its issue or different requirement? Ciao. Giuseppe
Yes @gcusello 
Hi @Mohamad_Alaa , did you inserted also the other values in the Correlation search panel? especially Action: create Notable with all the requested information? See the information in another Corr... See more...
Hi @Mohamad_Alaa , did you inserted also the other values in the Correlation search panel? especially Action: create Notable with all the requested information? See the information in another Correlation Search to understand if you forgot something. Ciao. Giuseppe