I have a generic catchall for syslog traffic that is breaking when i try and use an acceptFrom for a subnet.   --- Generic Catchall ---- [udp://514] connection_host = ip index = syslog sourcetype = syslog   The catch all functions correctly when using a single specific IP going to specified index : [udp://192.168.1.1:514] host = srv-lb-2 connection_host = none index = a10 sourcetype = syslog     But if I try and add a new UDP input to capture a full /24 to shove it in a separate index, that overrides/disables the generic input from the first one. I do see messages in the checkpoint index however the [udp://514] from the first block stops.   [udp://514] acceptFrom = 192.168.2.0/24 connection_host = ip index = checkpoint sourcetype = syslog   Anyone know how to do this in a way that works please?? Thanks! 

I have the following Query: index=obh_prod sourcetype=obh:edge:api proxy!="ow*" | lookup blink_six_providers ProviderId as pxrq_h_x-corapi-target-id OUTPUT ProviderId ProviderName | fillnull value=target_id ProviderId ProviderName | dedup ProviderName ProviderId | table ProviderId ProviderName If no values are found ProviderId, ProviderName should both get the value of pxrq_h_x-corapi-target-id. If actually now produces: ProviderId ProviderName pxrq_h_x-corapi-target-id pxrq_h_x-corapi-target-id IIDP06300 Valiant Bank AG IIDP00761 Aargauische Kantonalbank       If should produce the following if the xrq_h_x-corapi-target-id e.g. contains IIDP099999 and this value is not found in the lookup. How do I get the contents of the variable and  not the name of the variable itself?   ProviderId ProviderName IIDP099999 IIDP099999 IIDP06300 Valiant Bank AG IIDP00761 Aargauische Kantonalbank  

I have a dashboard that show/hide panel whenever option/s in checkbox is ticked, which is already working. My problem is whenever I select the option as default value, the panel is still hidden whenever I open the dashboard. Any idea on this? or am I missing something   Heres some part of my xml. <input type="checkbox" token="check"> <label>Category Type</label> <choice value="db_gc_wait">DB GC Waits</choice> <choice value="concurrent_manager">Concurrent Managers</choice> <choice value="blocking_session">Blocking Session</choice> <choice value="longrunning_job">Long Running Jobs</choice> <choice value="crm_top_request">CRM Top Requests</choice> <choice value="workflow_mailer">Workflow Mailer</choice> <change> <condition match="$check$ = &quot;db_gc_wait&quot;"> <set token="show_db_gc_wait">1</set> <unset token="show_concurrent_manager"></unset> <unset token="show_blocking_session"></unset> <unset token="show_longrunning_job"></unset> <unset token="show_crm_top_request"></unset> <unset token="show_workflow_mailer"></unset> </condition> ... <condition match="$check$ = &quot;db_gc_wait concurrent_manager blocking_session longrunning_job crm_top_request workflow_mailer&quot;"> <set token="show_db_gc_wait">1</set> <set token="show_concurrent_manager">1</set> <set token="show_blocking_session">1</set> <set token="show_longrunning_job">1</set> <set token="show_crm_top_request">1</set> <set token="show_workflow_mailer">1</set> </condition> <!-- Unset all tokens --> <condition> <unset token="show_db_gc_wait"></unset> <unset token="show_concurrent_manager"></unset> <unset token="show_blocking_session"></unset> <unset token="show_longrunning_job"></unset> <unset token="show_crm_top_request"></unset> <unset token="show_workflow_mailer"></unset> </condition> </change> ... <row> <panel depends="$show_db_gc_wait$"> <table> <title>Database GC Waits</title> <search> <query> MY QUERY</query> <earliest>$time_tok.earliest$</earliest> <latest>$time_tok.latest$</latest> </search> <option name="drilldown">cell</option> </table> </panel> </row>

I have a windows server and it's OS got crashed but i have the splunk database  in the another drive which is fine now the steps I have performed are in the new splunk installation are: 1. Copied the configurations of the previous splunk application from the backup i have in to the new application. 2. Changed the database location and created the database structure in another drive apart from C: drive. 3. Now from the earlier database i copied the indexed data in to the new data base where i have overwritten the already present indexes which are created as per the indexer configuration. 4. Now when i restart the splunk i am getting a "DIRTY_DATABASE File (.dirty_database)" file generated. 5. But i can see the data in the indexes when i ran a search So, the question is whether the procedure i followed is correct or is there any other way to do this Thanks, Your well wisher

I'm struggling to find documents on AppDynamics Saas for ingestion capability in an agentless approach. Basically, I know I have to find a way of monitoring  SAP CPI (in the cloud) and no agent can be installed there. I need a way of calling data from an external source and then gathering it in AppD or directly shipping the data to AppD. Does a feature like this exist and where are they documented? Best regards