Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
09-27-2023
06:37 AM
First of all @kamlesh_vaghela Thank you so much for trying to help, But we can't enter in: mySearchResults.on("data", function () {
resultArray = mySearchResults.data().rows;
...
See more...
First of all @kamlesh_vaghela Thank you so much for trying to help, But we can't enter in: mySearchResults.on("data", function () {
resultArray = mySearchResults.data().rows;
// Iterate Result set
$.each(resultArray, function (index, value) {
console.log(index, value)
console.log(index, value[0])
console.log(index, value[1])
console.log(index, value[2])
})
}); We can get the action and the results of this Data. Thanks again
09-27-2023
06:30 AM
I have an alert that fires and while generating the alert, uses appendpipe to collect fields and generate an event in another index for collection by a third party tool. Is there a way to add the ...
See more...
I have an alert that fires and while generating the alert, uses appendpipe to collect fields and generate an event in another index for collection by a third party tool. Is there a way to add the View Results link to the event that's generated so that it can map it in our third party tool to link the analysts back to the original alert?
Labels
- Labels:
-
alert action
09-27-2023
06:10 AM
1 Karma
You are correct. In the first architecture, the two SHCs are independent and unaware of each other. Independent clusters do not share/replicate KOs with/to each other.
09-27-2023
05:53 AM
I understand that there are 2 approved architectures for multi site search head clustering. One, where each site has their own independent search head clustering that has search affinity with index c...
See more...
I understand that there are 2 approved architectures for multi site search head clustering. One, where each site has their own independent search head clustering that has search affinity with index clusters, and a second option where there is a search head cluster stretched across the two sites. For the first option where the search head clusters are independent to each site, I have read that search head clusters are not site-aware. Does this mean that things saved through the search head cluster on site 1 would not replicate to site 2? For example, if I were to create a new dashboard at site 1 on the web UI through the search head cluster, that would not replicate to site 2?
Labels
- Labels:
-
search head clustering
09-27-2023
05:33 AM
See if this helps index=error-data sourcetype=error:logs source=https://error:appliocation.logs
("logs started" "tarnsaction recevied") OR (" timeouterror" AND "failed logs confirmed ") OR (" ap...
See more...
See if this helps index=error-data sourcetype=error:logs source=https://error:appliocation.logs
("logs started" "tarnsaction recevied") OR (" timeouterror" AND "failed logs confirmed ") OR (" application logs continuted")
[|inputlookup append=t errorlogs.csv where error=2
|fields host
|format]
| eval initialError=if(searchmatch("logs started" AND "tarnsaction recevied"),1,0)
| eval transLogs=if(searchmatch(" timeouterror" AND "failed logs confirmed "),1, 0)
| eval Failed=if(searchmatch(" application logs continuted"), 1,0)
|stats count(eval(initialError=1)) as "initial error logs ", count(eval(transLogs=1) as "logs in transactions", count(eval(failed=1) as "total failed"
09-27-2023
05:20 AM
@alvesri It should work. Can you please just compare your code with my code. var mySearch = mvc.Components.get("mySearch");
var mySearchResults = mySearch.data("results");
mySearch...
See more...
@alvesri It should work. Can you please just compare your code with my code. var mySearch = mvc.Components.get("mySearch");
var mySearchResults = mySearch.data("results");
mySearchResults.on("data", function () {
resultArray = mySearchResults.data().rows;
// Iterate Result set
$.each(resultArray, function (index, value) {
console.log(index, value)
console.log(index, value[0])
console.log(index, value[1])
console.log(index, value[2])
})
}); I hope this will help you. Thanks KV If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.
09-27-2023
05:14 AM
Hi, @PickleRick @gcusello When I tried to refresh/debug inputs.conf using btool in deployment server , I can see the below errors. Refreshing admin/collections-conf RESTException [HTTP 503] ...
See more...
Hi, @PickleRick @gcusello When I tried to refresh/debug inputs.conf using btool in deployment server , I can see the below errors. Refreshing admin/collections-conf RESTException [HTTP 503] [{'type': 'ERROR', 'code': None, 'text': 'KV Store initialization failed. Please contact your system administrator.'}] Refreshing admin/deploymentserver SplunkdConnectionException Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/search/admin/deploymentserver/_reload: The read operation timed out',) Refreshing admin/ingest-rfs-destinations SplunkdConnectionException Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/search/admin/ingest-rfs-destinations/_reload: The read operation timed out',) Refreshing admin/serverclasses SplunkdConnectionException Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/search/admin/serverclasses/_reload: The read operation timed out',) How we can trouble shoot this ERROR Messages ??
09-27-2023
04:53 AM
Wait. What do you mean? You're editing the app on DS? Then you have to reload the deployment server (you don't have to restart it) so that it notices a new version of the app and offers it to the for...
See more...
Wait. What do you mean? You're editing the app on DS? Then you have to reload the deployment server (you don't have to restart it) so that it notices a new version of the app and offers it to the forwarder(s) for download. Also: https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/Inputsconf#Event_Log_allow_list_and_deny_list_formats
09-27-2023
04:45 AM
Yes I had restarted forwarder but in the host inputs.conf I dnt see the applied regex from deployment server ! As we are using all the blacklisted in the quotes!!
09-27-2023
04:26 AM
Hello fellow Splunkthiasts! I need some insights to understand how comparison functions in mstats could be used. Consider the following query: | mstats latest(cpu_metric.*) as * WHERE index="osn...
See more...
Hello fellow Splunkthiasts! I need some insights to understand how comparison functions in mstats could be used. Consider the following query: | mstats latest(cpu_metric.*) as * WHERE index="osnix_metrics" sourcetype=cpu_metric CPU=all BY host
| where pctUser > 50 As expected, it returns a list of hosts having latest CPU usage value higher than 50%. However, according to mstats command reference, I can have comparison expression within WHERE clause and I'd expect it would be more efficient to rewrite the above query like this: | mstats latest(cpu_metric.*) as * WHERE index="osnix_metrics" sourcetype=cpu_metric CPU=all pctUser > 50 BY host Unfortunately, this doesn't return any results. I tried to refer to metric before aggregation with no luck: | mstats latest(cpu_metric.*) as * WHERE index="osnix_metrics" sourcetype=cpu_metric CPU=all cpu_metric.pctUser > 50 BY host What am I missing here?
09-27-2023
04:26 AM
Regexes in blacklists can be tricky sometimes. btool will just show you what is the effective config you just wrote so it won't show you if it works or not. I assume you restarted your forwarder aft...
See more...
Regexes in blacklists can be tricky sometimes. btool will just show you what is the effective config you just wrote so it won't show you if it works or not. I assume you restarted your forwarder after configuring the blacklist. Anyway, you should not enclose the blacklist parameter in quotes.
09-27-2023
04:20 AM
Hello Guys, I have weird problem with Javascript after the latest upgrade(8.2.8 to 9.0.6). Javascript Code var queryResults = smAlerteGetter.data("results");
console.log("Sear...
See more...
Hello Guys, I have weird problem with Javascript after the latest upgrade(8.2.8 to 9.0.6). Javascript Code var queryResults = smAlerteGetter.data("results");
console.log("Search done", queryResults);
console.log("pimba - ---- " + JSON.stringify(queryResults));
// when we have the result
queryResults.on("data", function()
{
console.log("Data received"); We should received the events and should see the log "Data received". The query goes well and we can see in the Activity Jobs that we received our events. However we have other splunk apps with similar scripts that have the correct behavior. Do we miss something in our app or configurations related to Javascript ? Please help!
Labels
09-27-2023
04:06 AM
Hi @Claudia.Landivar , it is because of the fire wall setting in the machine agent which restricts the machine from connecting to server , then we used this command to resolve it cscript InstallSer...
See more...
Hi @Claudia.Landivar , it is because of the fire wall setting in the machine agent which restricts the machine from connecting to server , then we used this command to resolve it cscript InstallService.vbs -Dappdynamics.http.proxyHost=proxy1-***.***.com -Dappdynamics.http.proxyPort=8080 -Dappdynamics.http.proxyUser=user -Dappdynamics.http.proxyPasswordFile=D:\machineagent-bundle-64bit-windows-23.7.0.3689\password.txt
09-27-2023
04:04 AM
There is no master , whatever the values which are present that should be same and not different.
09-27-2023
04:00 AM
Still getting the same PORT issue @SanjayReddy
09-27-2023
03:56 AM
Hi @SanjayReddy If i execute the above process check command getting the below.
09-27-2023
03:46 AM
Hi @sivakrishna instaed of changing rhe port, if 8191 is already used by splunk then please kill and start the splunk have you checked which process using 8191 , if you wan the change the ...
See more...
Hi @sivakrishna instaed of changing rhe port, if 8191 is already used by splunk then please kill and start the splunk have you checked which process using 8191 , if you wan the change the port , you need to change port on rest search heads, which is not recomended
09-27-2023
03:40 AM
Thanks for the reply!! can we change the port for this server?? What will happen if i change the PORT for this single server when it's in the cluster? Remaining 3 servers are running on the 819...
See more...
Thanks for the reply!! can we change the port for this server?? What will happen if i change the PORT for this single server when it's in the cluster? Remaining 3 servers are running on the 8191 PORT.
09-27-2023
03:31 AM
Hi @sivakrishna it seems KVstrore port 8191 is used by other application. can you check which process using 8191 port , ps -ef | grep -i 8191 if is used by other application check with ...
See more...
Hi @sivakrishna it seems KVstrore port 8191 is used by other application. can you check which process using 8191 port , ps -ef | grep -i 8191 if is used by other application check with os team to check and ask them use other port, then you can start splunk and kvstore will start on port 8191
09-27-2023
03:25 AM
1 Karma
update for this case: specify the server want to collect, in my example is dc-tdi-redis02 here is full path Application Infrastructure Performance|Root|Individual Nodes|dc-tdi-redis02|Custom M...
See more...
update for this case: specify the server want to collect, in my example is dc-tdi-redis02 here is full path Application Infrastructure Performance|Root|Individual Nodes|dc-tdi-redis02|Custom Metrics|Redis|dc-tdi-redis02|Clients|blocked_clients when i try select from Hardware resouces, it will show: Hardware Resources|CPU|%Busy so let remove "Application Infrastructure Performance|Root|Individual Nodes|dc-tdi-redis02|", it will work now Thanks everyone!!! Phucdq from Vietnam with love!!
