I have created test user and assigned to viwer role, my requirements is to hide the settings & manage setting options,,test user not able to see the above options. Please help me detailed pr...
See more...
I have created test user and assigned to viwer role, my requirements is to hide the settings & manage setting options,,test user not able to see the above options. Please help me detailed process. Regards, Vijay
Have a log with related event One event has the number widgets made in the period and another event has the actual time taken to make the widgets in that period. i can do a search and get a time ...
See more...
Have a log with related event One event has the number widgets made in the period and another event has the actual time taken to make the widgets in that period. i can do a search and get a time chart of number of widgets and time used . But, what I want is a timechart of the actualtime/number of widgets made.. How do i construct a search to do that.
You can't use regex in a search command but could do this search ...
| where match(user, "^[A-L]") which will filter only users starting with A-L or this search...
[| makeresults
...
See more...
You can't use regex in a search command but could do this search ...
| where match(user, "^[A-L]") which will filter only users starting with A-L or this search...
[| makeresults
| fields - _time
| eval user=split("ABCDEFGHIJKL","")
| mvexpand user
| eval user=user."*" ] which uses a subsearch which effectively turns the search into search ((user=A* OR user=B* OR user=C*...))
Hi All.. how can I search a range of characters in splunk.. example I want to search name of people whose name starts with A-L but not M-Z user = [A*-Z*] , can I have something like this ?
Hi everyone, I tried combining two REST command by using append. However it does not work. The first rest command , I would need to get info on who is the Search Head captain, and the 2nd rest comma...
See more...
Hi everyone, I tried combining two REST command by using append. However it does not work. The first rest command , I would need to get info on who is the Search Head captain, and the 2nd rest command I would need to get the bundle replication file size from the search head captain to display the bundle size. Hope some one can assist. Thank you. | rest splunk_server=local /services/shcluster/captain/info | fields Captain | rename label as Captain | append [ rest splunk_server=Captain /services/search/distributed/bundle-replication-files ] | eval timestamp=strftime(timestamp,"%m/%d/%y %H:%M:%S") | eval size=size/1024/1024/1024 | table filename timestamp size
Thanks for the reply! I confirmed that there is a Trigger in the Alert Settings screen. However, this case is about setting up a Report to perform an action based on the search results. The configur...
See more...
Thanks for the reply! I confirmed that there is a Trigger in the Alert Settings screen. However, this case is about setting up a Report to perform an action based on the search results. The configuration item you told me was not present in the Report Schedule Settings. After doing some research on my own, I found that the item alert.digest_mode in savedsearches.conf may correspond to this, so I will try changing this setting.
Without seeing how you assign the tokens, it's hard to say why they are not showing anything, but you have to assign the click names and values in the <drilldown> section - these will not show any va...
See more...
Without seeing how you assign the tokens, it's hard to say why they are not showing anything, but you have to assign the click names and values in the <drilldown> section - these will not show any value outside that, so this will never work. <b>$$clickname$$</b>: $click.name$<br/>
<b>$$clickvalue$$</b>: $click.value$<br/>
<b>$$clickname2$$</b>: $click.name2$<br/>
<b>$$clickvalue2$$</b>: $click.value2$<br/> Here is a working example of a <row> that shows you how it works <row>
<panel>
<chart>
<search>
<query>index=_audit
| chart count over user by action</query>
<earliest>-4h@m</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<drilldown>
<set token="user">$row.user$</set>
<set token="CV">$click.value$</set>
<set token="CN">$click.name$</set>
<set token="CV2">$click.value2$</set>
<set token="CN2">$click.name2$</set>
</drilldown>
</chart>
<html depends="$CV$">
<h2>CV=$CV$</h2>
<h2>CN=$CN$</h2>
<h2>CV2=$CV2$</h2>
<h2>CN2=$CN2$</h2>
<h2>User=$user$</h2>
</html>
</panel>
</row>
Our java agent isnt reporting to the controller thougn in the logs we see a message saying the agent was successfully started. I dont see any mesage that it is connected to the controller but the nod...
See more...
Our java agent isnt reporting to the controller thougn in the logs we see a message saying the agent was successfully started. I dont see any mesage that it is connected to the controller but the node is shown as [null] Picked up _JAVA_OPTIONS: -Djdk.tls.maxCertificateChainLength=20
Java 9+ detected, booting with Java9Util enabled.
Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_APPLICATION_NAME] for application name [App_Name]
Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_TIER_NAME] for tier name [Tier_Name]
Full Agent Registration Info Resolver using selfService [false]
Full Agent Registration Info Resolver using selfService [false]
Full Agent Registration Info Resolver using ephemeral node setting [false]
Full Agent Registration Info Resolver using application name [App_Name]
Read property [reuse node name] from system property [appdynamics.agent.reuse.nodeName]
Full Agent Registration Info Resolver using tier name [Tier_Name]
Full Agent Registration Info Resolver using node name [null]
Install Directory resolved to[/opt/appdyn/javaagent/23.8.0.35032]
getBootstrapResource not available on ClassLoader
Class with name [com.ibm.lang.management.internal.ExtendedOperatingSystemMXBeanImpl] is not available in classpath, so will ignore export access.
[AD Agent init] Thu Oct 05 17:45:32 UTC 2023[DEBUG]: JavaAgent - Setting AgentClassLoader as Context ClassLoader
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Low Entropy Mode: Attempting to swap to non-blocking PRNG algorithm
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - UUIDPool size is 10
Agent conf directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Agent conf directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[DEBUG]: AgentInstallManager - Full Agent Registration Info Resolver is running
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_APPLICATION_NAME] for application name [App_Name]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_TIER_NAME] for tier name [Tier_Name]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using selfService [false]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using selfService [false]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using ephemeral node setting [false]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using application name [App_Name]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Read property [reuse node name] from system property [appdynamics.agent.reuse.nodeName]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using tier name [Tier_Name]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using node name [null]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[DEBUG]: AgentInstallManager - Full Agent Registration Info Resolver finished running
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Agent runtime directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Agent node directory set to [Tier_Name-35-vvcbk]
Agent runtime conf directory set to /opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Agent runtime conf directory set to /opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - JDK Compatibility: 1.8+
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Using Java Agent Version [Server Agent #23.8.0.35032 v23.8.0 GA compatible with 4.4.1.0 rc2229efcc98cb79cc989b99ed8d8e30995dc1e70 release/23.8.0]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Running IBM Java Agent [No]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Java Agent Directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Java Agent AppAgent directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032]
Agent logging directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/logs]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Agent logging directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/logs]
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Logging set up for log4j2
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - ####################################################################################
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Java Agent Directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032]
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Java Agent AppAgent directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032]
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Using Java Agent Version [Server Agent #23.8.0.35032 v23.8.0 GA compatible with 4.4.1.0 rc2229efcc98cb79cc989b99ed8d8e30995dc1e70 release/23.8.0]
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - All agent classes have been pre-loaded
getBootstrapResource not available on ClassLoader
Agent will mark node historical at normal shutdown of JVM
Started AppDynamics Java Agent Successfully.
Yup, I was trying to do the BY _time after each count ((...)) AS ... by _time instead of doing it after the very last one... I knew I was close I just was not seeing it !!!
@sjringo You're so close... you need a "BY _time" on your stats line index=anIndex sourcetype=aSourcetype "SFTP upload finished" OR "File sent to MFS" OR "File download sent to user" OR "HTTP u...
See more...
@sjringo You're so close... you need a "BY _time" on your stats line index=anIndex sourcetype=aSourcetype "SFTP upload finished" OR "File sent to MFS" OR "File download sent to user" OR "HTTP upload finished"
earliest=-0month@month latest=now
| bucket _time span=day
| stats count(eval(searchmatch("SFTP upload finished"))) as SFTPCount
count(eval(searchmatch("File sent to MFS"))) as MFSCount
count(eval(searchmatch("File download sent to user"))) as DWNCount
count(eval(searchmatch("HTTP upload finished"))) as HTTPCount BY _time
Not sure if I understand the question. You already bucketed _time. The simplest is to just use it as groupby index=anIndex sourcetype=aSourcetype "SFTP upload finished" OR "File sent to MFS" OR "Fi...
See more...
Not sure if I understand the question. You already bucketed _time. The simplest is to just use it as groupby index=anIndex sourcetype=aSourcetype "SFTP upload finished" OR "File sent to MFS" OR "File download sent to user" OR "HTTP upload finished"
earliest=-0month@month latest=now
| bucket _time span=day
| stats count(eval(searchmatch("SFTP upload finished"))) as SFTPCount
count(eval(searchmatch("File sent to MFS"))) as MFSCount
count(eval(searchmatch("File download sent to user"))) as DWNCount
count(eval(searchmatch("HTTP upload finished"))) as HTTPCount by _time Will this work?
Thanks @bowesmana . I had a fleeing it was not going to be as easy as I had hoped. I'm rethinking my approach to see if I can find a way to achieve what I need. Thanks again.