Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
10-05-2023
04:13 PM
I am going to run my query using a scheduler so I want to record in each event the time span the query used to capture that event
10-05-2023
03:08 PM
Our java agent isnt reporting to the controller thougn in the logs we see a message saying the agent was successfully started. I dont see any mesage that it is connected to the controller but the nod...
See more...
Our java agent isnt reporting to the controller thougn in the logs we see a message saying the agent was successfully started. I dont see any mesage that it is connected to the controller but the node is shown as [null] Picked up _JAVA_OPTIONS: -Djdk.tls.maxCertificateChainLength=20
Java 9+ detected, booting with Java9Util enabled.
Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_APPLICATION_NAME] for application name [App_Name]
Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_TIER_NAME] for tier name [Tier_Name]
Full Agent Registration Info Resolver using selfService [false]
Full Agent Registration Info Resolver using selfService [false]
Full Agent Registration Info Resolver using ephemeral node setting [false]
Full Agent Registration Info Resolver using application name [App_Name]
Read property [reuse node name] from system property [appdynamics.agent.reuse.nodeName]
Full Agent Registration Info Resolver using tier name [Tier_Name]
Full Agent Registration Info Resolver using node name [null]
Install Directory resolved to[/opt/appdyn/javaagent/23.8.0.35032]
getBootstrapResource not available on ClassLoader
Class with name [com.ibm.lang.management.internal.ExtendedOperatingSystemMXBeanImpl] is not available in classpath, so will ignore export access.
[AD Agent init] Thu Oct 05 17:45:32 UTC 2023[DEBUG]: JavaAgent - Setting AgentClassLoader as Context ClassLoader
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Low Entropy Mode: Attempting to swap to non-blocking PRNG algorithm
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - UUIDPool size is 10
Agent conf directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Agent conf directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[DEBUG]: AgentInstallManager - Full Agent Registration Info Resolver is running
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_APPLICATION_NAME] for application name [App_Name]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_TIER_NAME] for tier name [Tier_Name]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using selfService [false]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using selfService [false]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using ephemeral node setting [false]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using application name [App_Name]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Read property [reuse node name] from system property [appdynamics.agent.reuse.nodeName]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using tier name [Tier_Name]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using node name [null]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[DEBUG]: AgentInstallManager - Full Agent Registration Info Resolver finished running
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Agent runtime directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Agent node directory set to [Tier_Name-35-vvcbk]
Agent runtime conf directory set to /opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Agent runtime conf directory set to /opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - JDK Compatibility: 1.8+
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Using Java Agent Version [Server Agent #23.8.0.35032 v23.8.0 GA compatible with 4.4.1.0 rc2229efcc98cb79cc989b99ed8d8e30995dc1e70 release/23.8.0]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Running IBM Java Agent [No]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Java Agent Directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Java Agent AppAgent directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032]
Agent logging directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/logs]
[AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Agent logging directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/logs]
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Logging set up for log4j2
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - ####################################################################################
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Java Agent Directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032]
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Java Agent AppAgent directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032]
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Using Java Agent Version [Server Agent #23.8.0.35032 v23.8.0 GA compatible with 4.4.1.0 rc2229efcc98cb79cc989b99ed8d8e30995dc1e70 release/23.8.0]
[AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - All agent classes have been pre-loaded
getBootstrapResource not available on ClassLoader
Agent will mark node historical at normal shutdown of JVM
Started AppDynamics Java Agent Successfully.
Labels
- Labels:
-
Agent Management
10-05-2023
02:57 PM
Yup, I was trying to do the BY _time after each count ((...)) AS ... by _time instead of doing it after the very last one... I knew I was close I just was not seeing it !!!
10-05-2023
02:53 PM
2 Karma
@sjringo You're so close... you need a "BY _time" on your stats line index=anIndex sourcetype=aSourcetype "SFTP upload finished" OR "File sent to MFS" OR "File download sent to user" OR "HTTP u...
See more...
@sjringo You're so close... you need a "BY _time" on your stats line index=anIndex sourcetype=aSourcetype "SFTP upload finished" OR "File sent to MFS" OR "File download sent to user" OR "HTTP upload finished"
earliest=-0month@month latest=now
| bucket _time span=day
| stats count(eval(searchmatch("SFTP upload finished"))) as SFTPCount
count(eval(searchmatch("File sent to MFS"))) as MFSCount
count(eval(searchmatch("File download sent to user"))) as DWNCount
count(eval(searchmatch("HTTP upload finished"))) as HTTPCount BY _time
10-05-2023
02:51 PM
1 Karma
Not sure if I understand the question. You already bucketed _time. The simplest is to just use it as groupby index=anIndex sourcetype=aSourcetype "SFTP upload finished" OR "File sent to MFS" OR "Fi...
See more...
Not sure if I understand the question. You already bucketed _time. The simplest is to just use it as groupby index=anIndex sourcetype=aSourcetype "SFTP upload finished" OR "File sent to MFS" OR "File download sent to user" OR "HTTP upload finished"
earliest=-0month@month latest=now
| bucket _time span=day
| stats count(eval(searchmatch("SFTP upload finished"))) as SFTPCount
count(eval(searchmatch("File sent to MFS"))) as MFSCount
count(eval(searchmatch("File download sent to user"))) as DWNCount
count(eval(searchmatch("HTTP upload finished"))) as HTTPCount by _time Will this work?
- Tags:
- groupby
10-05-2023
02:50 PM
Thanks @bowesmana . I had a fleeing it was not going to be as easy as I had hoped. I'm rethinking my approach to see if I can find a way to achieve what I need. Thanks again.
10-05-2023
02:36 PM
Hi @eranhauser ... i am sorry, i am unable to understand your query.. you are running a search.. Would you like to know exactly when the SPL started to run and exactly when the SPL finished running...
See more...
Hi @eranhauser ... i am sorry, i am unable to understand your query.. you are running a search.. Would you like to know exactly when the SPL started to run and exactly when the SPL finished running? or you want to include these values inside the search itself? Did you check the "Inspect Job" ?!?!
10-05-2023
02:34 PM
For your Alert, make sure the Trigger setting is Once in the Trigger Conditions section:
10-05-2023
02:32 PM
I have a query that gives me four totals for a month. I am trying to figure out how to show each four total for each day searched ? Here is what I have so far: index=anIndex sourcetype=aSourcetype...
See more...
I have a query that gives me four totals for a month. I am trying to figure out how to show each four total for each day searched ? Here is what I have so far: index=anIndex sourcetype=aSourcetype "SFTP upload finished" OR "File sent to MFS" OR "File download sent to user" OR "HTTP upload finished" earliest=-0month@month latest=now | bucket _time span=day | stats count(eval(searchmatch("SFTP upload finished"))) as SFTPCount count(eval(searchmatch("File sent to MFS"))) as MFSCount count(eval(searchmatch("File download sent to user"))) as DWNCount count(eval(searchmatch("HTTP upload finished"))) as HTTPCount | table SFTPCount MFSCount DWNCount HTTPCount SFTPCount MFSCount DWNCount HTTPCount 30843 535 1584 80 Now to show the results by each day ? I have a line to specify my bucket ?
10-05-2023
02:27 PM
Have you checked the Troubleshooting section of their docs? There's some searches they have you run to see if your time settings are off. If the visualizations aren't rendering anything, try se...
See more...
Have you checked the Troubleshooting section of their docs? There's some searches they have you run to see if your time settings are off. If the visualizations aren't rendering anything, try seeing what search they are running (hover over viz to get the little magnifying class to see the search being ran). Digging into that SPL a bit might give you a hint on what could be wrong. Also, if you *ust* turned on the data models there might be some lag before those behind-the-scenes things create the models from your data. Much of that is dependent on how Palo Alto created their models and I'm not familiar with the timing of their stuff.
10-05-2023
02:14 PM
How can one add to the result of a Splunk query running on Splunk UI the time span i.e. the values one can put in earliest_time and latest_time (the earliest and latest time are coming only from the ...
See more...
How can one add to the result of a Splunk query running on Splunk UI the time span i.e. the values one can put in earliest_time and latest_time (the earliest and latest time are coming only from the drop down of the time span in Splunk UI)
10-05-2023
02:06 PM
Hi @kamal5 ... the system says the command is not found. it means, either the command is not found or you typed the command wrong. One line reply can not help us to help you. You should provide ...
See more...
Hi @kamal5 ... the system says the command is not found. it means, either the command is not found or you typed the command wrong. One line reply can not help us to help you. You should provide mooooore details(with screenshots if possible), the full command of what you ran, etc. thanks, happy learning splunk.
10-05-2023
01:52 PM
Firstly, it's unclear what logs we're talking about and how they relate to syslog. If it's a cloud platform it's quite unusual to send raw syslog over open internet. If it's your local part of the in...
See more...
Firstly, it's unclear what logs we're talking about and how they relate to syslog. If it's a cloud platform it's quite unusual to send raw syslog over open internet. If it's your local part of the installation (like the logs from the endpoints themselves) are you sure they are configured correctly? Are they supposed to send syslog?
10-05-2023
01:50 PM
Without seeing your screen I am not sure if you're in the incorrect directory or just don't have Splunk installed yet.
10-05-2023
01:48 PM
it's showing that command not found.
10-05-2023
01:48 PM
1 Karma
Come on. Put at least a little bit of effort into your "question". From what you wrote we could as well assume that you haven't even installed your server yet. We don't know how you installed the se...
See more...
Come on. Put at least a little bit of effort into your "question". From what you wrote we could as well assume that you haven't even installed your server yet. We don't know how you installed the server, we don't know how/if you started it, we don't know if/what erors you got. And we don't know what "is not working" means.
10-05-2023
01:44 PM
Is your Splunk instance up and running? For example, assuming you are on *nix based on your URL, can you run the following from the /bin directory of the splunk install: splunk status What does...
See more...
Is your Splunk instance up and running? For example, assuming you are on *nix based on your URL, can you run the following from the /bin directory of the splunk install: splunk status What does your output look like?
10-05-2023
01:42 PM
Since you're looking for help for syslog-ng configuration, your best bet is to join the syslog-ng community. But, from a Splunk architecture/design perspective you are on the right track. Typicall...
See more...
Since you're looking for help for syslog-ng configuration, your best bet is to join the syslog-ng community. But, from a Splunk architecture/design perspective you are on the right track. Typically people use a separate syslog receiver that writes to disk (like syslog-ng), and then have Splunk monitor that. This way you reduce the coupling for situations where you have to restart Splunk and don't want your syslog ports to be down. That being said, there is a Splunk Connect for Syslog app that can be used for receiving syslog data, but I am unsure if it can handle the decryption for you if you are in a bind. Overall I much prefer having syslog being received outside of Splunk.
10-05-2023
01:37 PM
Hi @Thulasinathan_M , i tried your xml and generated PDF the start and end date are showing as Invalid in PDF report. And moreover can u take my xml and show me how to add tokens to the panels. so...
See more...
Hi @Thulasinathan_M , i tried your xml and generated PDF the start and end date are showing as Invalid in PDF report. And moreover can u take my xml and show me how to add tokens to the panels. so that i can see start and end date in the report.
- Tags:
- Splunk Enterprise
