Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
11-29-2023
03:27 AM
Here is the suggestion for best performance with no issues for your case. https://splunkbase.splunk.com/app/7130 Give me a like if that solves yours https://splunkbase.splunk.com/app/7130
11-29-2023
03:26 AM
Here is the suggestion for best performance with no issues for your case. https://splunkbase.splunk.com/app/7130 Give me a like if that solves yours https://splunkbase.splunk.com/app/7130
11-29-2023
03:25 AM
\"message\": \"Invalid Application ID\", \"messages\": null, \"error_response\": null, Need to extract the above message field without dropping other log messages. Like Nodrop option
- Tags:
- spl
Labels
- Labels:
-
using Splunk Cloud
11-29-2023
03:25 AM
Here is the suggestion for best performance with no issues for your case. https://splunkbase.splunk.com/app/7130 Give me a like if that solves yours https://splunkbase.splunk.com/app/7130
11-29-2023
03:22 AM
the addon you mentioned having multiple issues more than you faced. I suggest you to use another addon which is working perfectly for me. https://splunkbase.splunk.com/app/7130 Give me a like ...
See more...
the addon you mentioned having multiple issues more than you faced. I suggest you to use another addon which is working perfectly for me. https://splunkbase.splunk.com/app/7130 Give me a like if that solves yours https://splunkbase.splunk.com/app/7130
11-29-2023
03:09 AM
Well, ive changed it to this : | eval category=exposure_level
| timechart span=1d count(Computer_Name) as totalNumberOfPatches by category but still no results
11-29-2023
03:06 AM
Correct, after the stats command you will only have totalNumberOfPatches and exposure_level. If you need _time after this point it should be added to the by clause, however, you may wish to bin it fi...
See more...
Correct, after the stats command you will only have totalNumberOfPatches and exposure_level. If you need _time after this point it should be added to the by clause, however, you may wish to bin it first, or replace the stats command with timechart
11-29-2023
03:03 AM
<format type="color" field="nemeOfColumn">
<colorPalette type="expression">case(value=="True", "#00ff00")</colorPalette>
</format>
11-29-2023
03:03 AM
when i access a data model (authentication for example) I noticed the below shown error "This object has no explicit index constraint. Consider adding one for better performance."
11-29-2023
02:58 AM
Hello I have this query : index="report" Computer_Name="*" |chart dc(Category__Names_of_Patches) as totalNumberOfPatches by Computer_Name
| eval exposure_level = case(
totalNumberOfPatches >= ...
See more...
Hello I have this query : index="report" Computer_Name="*" |chart dc(Category__Names_of_Patches) as totalNumberOfPatches by Computer_Name
| eval exposure_level = case(
totalNumberOfPatches >= 3 AND totalNumberOfPatches <= 6, "Low Exposure",
totalNumberOfPatches >= 7 AND totalNumberOfPatches <= 10, "Medium Exposure",
totalNumberOfPatches >= 11, "High Exposure",
totalNumberOfPatches == 2, "Compliant",
totalNumberOfPatches == 1, "<not reported>",
1=1,"other"
)
| stats count(Computer_Name) as totalNumberOfPatches by exposure_level
| eval category=exposure_level Looks like I've lost the _time field on the way so when im trying to run timechart im getting no results
Labels
- Labels:
-
timechart
11-29-2023
02:57 AM
Thank @gcusello for your response i edited that in all cases, but the notable was already created so no problem if continous or real time or even if the trigger>1 what do you think regarding inci...
See more...
Thank @gcusello for your response i edited that in all cases, but the notable was already created so no problem if continous or real time or even if the trigger>1 what do you think regarding incident review page?
11-29-2023
02:48 AM
I tried the props settings you suggested but still same issue. ###### BEGIN STATUS ##### is coming as a separate event. #LAST UPDATE : Wed, 29 Nov 2023 10:39:57 +0000 GlobalStatus.status=OK ...
See more...
I tried the props settings you suggested but still same issue. ###### BEGIN STATUS ##### is coming as a separate event. #LAST UPDATE : Wed, 29 Nov 2023 10:39:57 +0000 GlobalStatus.status=OK , this is also coming as a separate event Both these events should come under one event.
11-29-2023
02:44 AM
As I said before, these searches appear to have been executed on 22nd, you should check your audit around these times (for my time zones, this appears to be just before 02:10am and 04:04am)
11-29-2023
02:35 AM
1 Karma
Can you describe what and why you want? Currently I haven’t any hints how and where you would like to get it Usually you could should use sub query to add it, but we should know what you are looking.
11-29-2023
02:26 AM
Hi, I have a dashboard in Splunk and I have a question
About the query, I have a line of fields and I have a column. and I want to color specific color if a specific field is true. how to do that. ...
See more...
Hi, I have a dashboard in Splunk and I have a question
About the query, I have a line of fields and I have a column. and I want to color specific color if a specific field is true. how to do that. the line in the dashboard of a specific column looks like this:
<format type="color" field="nemeOfColumn"> <colorPallete></colorPallete></format>
Labels
- Labels:
-
deployer
11-29-2023
02:03 AM
hi @parthiban , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
11-29-2023
01:48 AM
Hi @parthiban , good for you, see next time! let me know if I can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Po...
See more...
Hi @parthiban , good for you, see next time! let me know if I can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
11-29-2023
01:35 AM
index = Test1 invoked_component="XXXX" "genesys" correlation_id="*" message="Successfully received" [ search index = Test2 invoked_component="YYYY" correlation_id="*" message IN ("Successfully crea...
See more...
index = Test1 invoked_component="XXXX" "genesys" correlation_id="*" message="Successfully received" [ search index = Test2 invoked_component="YYYY" correlation_id="*" message IN ("Successfully created" , "Successfully updated") | dedup correlation_id | fields correlation_id ]
| stats count by correlation_id This query is working as expected, slightly I modified the query, Just I put Test 2 is a main search and Test 1 is sub search. Thanks for your support@gcusello
11-29-2023
01:28 AM
Hi @Mohamad_Alaa , if you insert the threshold in the search (where count>3), you don't need to put the condition results>1 also in the Trigger conditions, use results>0. In addition, avoid realtim...
See more...
Hi @Mohamad_Alaa , if you insert the threshold in the search (where count>3), you don't need to put the condition results>1 also in the Trigger conditions, use results>0. In addition, avoid realtime searches, always use continous. at least,whey do you have a time period of 24 hours and a scheduling of every 5 minutes? Ciao. Giuseppe
11-29-2023
01:27 AM
Hi all, First of all thank you for your time. I am quite new to splunk and I am struggling with this issue for some time but it seems quite more challenging than I initially expected. I have thi...
See more...
Hi all, First of all thank you for your time. I am quite new to splunk and I am struggling with this issue for some time but it seems quite more challenging than I initially expected. I have this following sample data in tabular form: A B C D E F 0.1 b1 0.1 d1 0.1 f1 0.11 b2 0.2 d2 0.35 f2 0.2 b3 0.3 d3 0.9 f3 0.22 b4 1.0 f4 0.4 b5 0.5 b6 0.55 b7 0.9 b8 and I need to generate something like: A B C D E F 0.1 b1 0.1 d1 0.1 f1 0.11 b2 0.2 b3 0.2 d2 0.22 b4 0.3 0.3 d3 0.35 0.35 f2 0.4 b5 0.5 b6 0.55 b7 0.9 b8 0.9 f3 1.0 1.0 f4 So, first I need to merge column A with C and E sorted and then I need to make columns C and E match with column A including data in columns D and F respectively. I guess there is an easy way to achieve this. I have tried with joins but I cannot make it work. Any help would be much appreciated.
Labels
- Labels:
-
eval
-
field extraction
-
subsearch
-
table
