All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hi Forum, I want to chart a list - say for example  {1..100}  and represent this in a mosaic type visual presentation., if a number has been used, or not. So I would probably look to introduce a s... See more...
Hi Forum, I want to chart a list - say for example  {1..100}  and represent this in a mosaic type visual presentation., if a number has been used, or not. So I would probably look to introduce a second dimension, 1 = used , 0 = unused. Punch card looks interesting - anyone done anything similar - maybe ip addressing or something else?  my use case is charting ldap attributes (I generate the data with a script so I can control the shape of it) Want to get everyone away from spreadsheets....
Hi Why you don't want to use your own git? I prefer to add all installed apps & TAs from splunkbase and other source to my own git to be sure that I have those also later if/when needed. It's not gu... See more...
Hi Why you don't want to use your own git? I prefer to add all installed apps & TAs from splunkbase and other source to my own git to be sure that I have those also later if/when needed. It's not guaranteed that you could found those same versions from splunkbase later on if/when you are needing those again? If you don't want to use that approach you must write own tasks to replace this - name: "Synchronize {{ item.name }} repo from local Ansible host to {{ splunk_home }}/{{ app_dest }}/{{ item.name }} on remote host" I haven't check this, but I suppose that it could be enough if you just unpack splunkbase apps to your workspace and update src to correct. But probably it's better to write own tasks for this. That way it's easiest to keep that git repo up to date when splunk make updates for it. r. Ismo
Hi , issue fixed , time range i was taken static instead of default.  Thanks.
Hi here is link how to move index database to the nee location https://docs.splunk.com/Documentation/Splunk/9.1.1/Indexer/Moveanindex When I need to move db to the new node I have followed this htt... See more...
Hi here is link how to move index database to the nee location https://docs.splunk.com/Documentation/Splunk/9.1.1/Indexer/Moveanindex When I need to move db to the new node I have followed this https://community.splunk.com/t5/Installation/How-to-migrate-indexes-to-new-indexer-instance/m-p/528064/highlight/true That was for linux node, but you can do same procedure with windows with small changes to used commands. Copy data + configurations to correct place As you are moving SPLUNK_DB to a new directory,  you must update correct parameters (see docs link) Install fresh splunk (same version than in old node) Start splunk Check that all is ok Update to the latest/needed version r. Ismo
Hello If servers are missing from your AppDynamics dashboard but visible elsewhere, first check dashboard filters, permissions, and widget settings. Ensure servers are actively reporting data, agent... See more...
Hello If servers are missing from your AppDynamics dashboard but visible elsewhere, first check dashboard filters, permissions, and widget settings. Ensure servers are actively reporting data, agents are running, and there are no recent compatibility issues. If the problem persists, consider contacting AppDynamics support for assistance. https://docs.appdynamics.com/appd/21.x/21.6/en/appdynamics-essentials/getting-started/appdynamics-support/Salesforce Marketing Cloud Training Thank you
Hello I was also facing the smae issue.
You're encountering a 500 error when trying to access ABAP system details in AppDynamics. Here are some quick steps to resolve it: Check your network connection. Verify the Controller URL. Check ... See more...
You're encountering a 500 error when trying to access ABAP system details in AppDynamics. Here are some quick steps to resolve it: Check your network connection. Verify the Controller URL. Check Controller server logs. Ensure Controller server is running. Verify authentication and permissions. Ensure version compatibility. Try restarting services. Contact AppDynamics support if the issue persists.
Hi @Dhivakarpn , I don't know exactly AWS Linux 3 but Spluk UF is compatible with every Linux kernel from 3.x, so it should be compatible (Amazon Linux 3 shoud use a combination of Fedora Linux and ... See more...
Hi @Dhivakarpn , I don't know exactly AWS Linux 3 but Spluk UF is compatible with every Linux kernel from 3.x, so it should be compatible (Amazon Linux 3 shoud use a combination of Fedora Linux and CentOS Stream). Ciao. Giuseppe
https://docs.splunk.com/Documentation/Splunk/9.0.1/Installation/Systemrequirements
Another thing - if you want to find which server is captain to dynamically decide to which server you should send the next rest call, you can't just say splunk_server=Captain. That would be looking f... See more...
Another thing - if you want to find which server is captain to dynamically decide to which server you should send the next rest call, you can't just say splunk_server=Captain. That would be looking for a server called Captain which you most probably don't have. You need to use one of the two possible techniques here - map command or subsearch.
Does Splunk UF agent 9.0.1 supports AWS Linux 3?
Hi @alex4 , at first, using the search command after the main search you have a slower search, the best prectices say to put the search terms as left as possible. Then, don't use the search for ter... See more...
Hi @alex4 , at first, using the search command after the main search you have a slower search, the best prectices say to put the search terms as left as possible. Then, don't use the search for terms (e.g. 4794 or 4657) when tese values are extracted in the EventCode field then whar are the unwanted results with the search you're using? did you tried to add the last condition you shared to your starting search? Last information: can the properties field have two values in the same event: Properties="msLAPS-Password" AND Properties=*EncryptedDSRMPasswordHistory. I try to re-write your starting search with the hinted updates: index=winsec_prod EventCode=4794 OR (EventCode=4657 DSRMAdminLogonBehavior) OR (EventCode IN (4104,4103) DsrmAdminLogonBehavior) ((EventCode=4794) OR (EventCode=4657 ObjectName="*HKLM\System\CurrentControlSet\Control\Lsa\DSRMAdminLogonBehavior*") OR (EventCode IN (4104,4103) ScriptBlockText="*DsrmAdminLogonBehavior*")) | eval username=coalesce(src_user,user,user_id), Computer=coalesce(Computer,ComputerName) | stats values(dest) values(Object_Name) values(ScriptBlockText) by _time, index, sourcetype, EventCode, Computer, username | rename values(*) as * Ciao. Giuseppe
Hi @vijreddy30, it isn't possible to hide the Settings menu because there are some voices that are usually permitted to all users. Anyway, you can work in the Roles Permission menu [Settings > Grou... See more...
Hi @vijreddy30, it isn't possible to hide the Settings menu because there are some voices that are usually permitted to all users. Anyway, you can work in the Roles Permission menu [Settings > Groups] to exactly define the features of your role, in this way the not permitted Settings voices will be hided. Ciao. Giuseppe
Hi @vijreddy30, it isn't possible to hide the Settings menu because there are some voices that are usually permitted to all users. Anyway, you can work in the Roles Permission menu [Settings > Grou... See more...
Hi @vijreddy30, it isn't possible to hide the Settings menu because there are some voices that are usually permitted to all users. Anyway, you can work in the Roles Permission menu [Settings > Groups] to exactly define the features of your role, in this way the not permitted Settings voices will be hided. Ciao. Giuseppe
Hi @jip31, this seems to be a trendline and doesn't require a viz. Anyway, if you add some add-on as e.g. Timeline, you can see this visualization in the possible visualization panel. You can find... See more...
Hi @jip31, this seems to be a trendline and doesn't require a viz. Anyway, if you add some add-on as e.g. Timeline, you can see this visualization in the possible visualization panel. You can find some very useful examples about this topic in the Splunk Dashboard Examples App ( https://splunkbase.splunk.com/app/1603 ). Ciao. Giuseppe
Hi I would like to integrate a viz like below in my dashboard But i wonder what is used to integrate a chart in a table row What kind of vizualisation is really used? Is anybody have xml examples... See more...
Hi I would like to integrate a viz like below in my dashboard But i wonder what is used to integrate a chart in a table row What kind of vizualisation is really used? Is anybody have xml examples? Thanks  
@ahhloy - The append command does not combine the results, it generates two different results and append. To combine it you need to use the stats command after append. See the last line in the answer... See more...
@ahhloy - The append command does not combine the results, it generates two different results and append. To combine it you need to use the stats command after append. See the last line in the answer from @richgalloway 
Thanks No sys admin unfortunately So im going to try to correct it...
This? - Update your field names as necessary search events | timechart sum(number_of_widgets) as widget_count sum(creation_time) as creation_time