Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
09-18-2023
07:38 AM
Hello @isoutamo , Sorry for the late response. So in the splunkd.logs all of the messages are - WARN TcpOutputProc [16779 indexerPipe] - The TCP output processor has paused the data flow. Forwarding...
See more...
Hello @isoutamo , Sorry for the late response. So in the splunkd.logs all of the messages are - WARN TcpOutputProc [16779 indexerPipe] - The TCP output processor has paused the data flow. Forwarding to host_dest=<IP> inside output group default-autolb-group from host_src=Splunk_Heavy_Forwarder has been blocked for blocked_seconds=355350. This can stall the data flow towards indexing and other network outputs. Review the receiving system's health in the Splunk Monitoring Console. It is probably not accepting data. And the last message in the splunkd_access.log is from June : ( I am trying to connect to the HF through the web, and the cURL command returned a 303 error "The resource has moved temporarily"
09-18-2023
06:50 AM
Hi team, I am not able to import the health rules using the API access token method or by my username and password. Whenever I try to import it using either of the methods, the response comes as "nu...
See more...
Hi team, I am not able to import the health rules using the API access token method or by my username and password. Whenever I try to import it using either of the methods, the response comes as "null". Could you please guide me as to where I am going wrong? The command I am using while pushing using the access token(I have all the default permissions set for my client id)(not working): curl -X POST "https://customername.saas.appdynamics.com/controller/healthrules/application_name" -F file=@test.xml -H "Authorization: Bearer <access_token>" Note: I am fetching the access token using the below command, which is working fine curl -X POST -H "Content-Type: application/x-www-form-urlencoded" "https://customername.saas.appdynamics.com/controller/api/oauth/access_token" -d 'grant_type=client_credentials&client_id=<client_id>@<account_name>&client_secret=<client_secret>' Command I am using while pushing using username, password(not working): curl -X POST --user username@accountname:password https://customername.saas.appdynamics.com/controller/healthrules/Application_name -F file=@test.xml The health rule xml file below contains seven health rules related to Average Response time, Calls, CPU, Error, Garbage collection, Heap, and Memory. The XML file of health rules: <health-rules>
<health-rule>
<name>APM_Average_Response_Time_x_tier_name</name>
<type>NODE_HEALTH_TRANSACTION_PERFORMANCE</type>
<description/>
<enabled>true</enabled>
<is-default>false</is-default>
<always-enabled>true</always-enabled>
<duration-min>30</duration-min>
<wait-time-min>30</wait-time-min>
<affected-entities-match-criteria>
<affected-infra-match-criteria>
<type>SPECIFIC_TIERS</type>
<application-components>
<application-component>x_tier_name</application-component>
</application-components>
</affected-infra-match-criteria>
</affected-entities-match-criteria>
<critical-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>Average Response time (ms)</display-name>
<short-name>A</short-name>
<condition-value-type>BASELINE_STANDARD_DEVIATION</condition-value-type>
<condition-value>9.0</condition-value>
<operator>EQUALS</operator>
<condition-expression/>
<use-active-baseline>true</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>Average Response Time (ms)</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</critical-execution-criteria>
<warning-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>Average Response time (ms)</display-name>
<short-name>A</short-name>
<condition-value-type>BASELINE_STANDARD_DEVIATION</condition-value-type>
<condition-value>7.0</condition-value>
<operator>EQUALS</operator>
<condition-expression/>
<use-active-baseline>true</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>Average Response Time (ms)</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</warning-execution-criteria>
</health-rule>
<health-rule>
<name>APM_Calls_x_tier_name</name>
<type>NODE_HEALTH_TRANSACTION_PERFORMANCE</type>
<description/>
<enabled>true</enabled>
<is-default>false</is-default>
<always-enabled>true</always-enabled>
<duration-min>30</duration-min>
<wait-time-min>30</wait-time-min>
<affected-entities-match-criteria>
<affected-infra-match-criteria>
<type>SPECIFIC_TIERS</type>
<application-components>
<application-component>x_tier_name</application-component>
</application-components>
</affected-infra-match-criteria>
</affected-entities-match-criteria>
<critical-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>Calls Per Minute</display-name>
<short-name>A</short-name>
<condition-value-type>BASELINE_STANDARD_DEVIATION</condition-value-type>
<condition-value>5.0</condition-value>
<operator>EQUALS</operator>
<condition-expression/>
<use-active-baseline>true</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>Calls per Minute</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</critical-execution-criteria>
<warning-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>Calls Per Minute</display-name>
<short-name>A</short-name>
<condition-value-type>BASELINE_STANDARD_DEVIATION</condition-value-type>
<condition-value>3.0</condition-value>
<operator>EQUALS</operator>
<condition-expression/>
<use-active-baseline>true</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>Calls per Minute</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</warning-execution-criteria>
</health-rule>
<health-rule>
<name>APM_CPU_x_tier_name</name>
<type>INFRASTRUCTURE</type>
<description/>
<enabled>true</enabled>
<is-default>false</is-default>
<always-enabled>true</always-enabled>
<duration-min>30</duration-min>
<wait-time-min>30</wait-time-min>
<affected-entities-match-criteria>
<affected-infra-match-criteria>
<type>SPECIFIC_TIERS</type>
<application-components>
<application-component>x_tier_name</application-component>
</application-components>
</affected-infra-match-criteria>
</affected-entities-match-criteria>
<critical-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>CPU | % Busy</display-name>
<short-name>A</short-name>
<condition-value-type>ABSOLUTE</condition-value-type>
<condition-value>90.0</condition-value>
<operator>GREATER_THAN</operator>
<condition-expression/>
<use-active-baseline>false</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>Hardware Resources|CPU|%Busy</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</critical-execution-criteria>
<warning-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>CPU | % Busy</display-name>
<short-name>A</short-name>
<condition-value-type>ABSOLUTE</condition-value-type>
<condition-value>75.0</condition-value>
<operator>GREATER_THAN</operator>
<condition-expression/>
<use-active-baseline>false</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>Hardware Resources|CPU|%Busy</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</warning-execution-criteria>
</health-rule>
<health-rule>
<name>APM_Errors_x_tier_name</name>
<type>NODE_HEALTH_TRANSACTION_PERFORMANCE</type>
<description/>
<enabled>true</enabled>
<is-default>false</is-default>
<always-enabled>true</always-enabled>
<duration-min>30</duration-min>
<wait-time-min>30</wait-time-min>
<affected-entities-match-criteria>
<affected-infra-match-criteria>
<type>SPECIFIC_TIERS</type>
<application-components>
<application-component>x_tier_name</application-component>
</application-components>
</affected-infra-match-criteria>
</affected-entities-match-criteria>
<critical-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>Errors per minute</display-name>
<short-name>A</short-name>
<condition-value-type>BASELINE_STANDARD_DEVIATION</condition-value-type>
<condition-value>5.0</condition-value>
<operator>GREATER_THAN</operator>
<condition-expression/>
<use-active-baseline>true</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>Errors per Minute</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</critical-execution-criteria>
<warning-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>Errors per minute</display-name>
<short-name>A</short-name>
<condition-value-type>BASELINE_STANDARD_DEVIATION</condition-value-type>
<condition-value>3.0</condition-value>
<operator>GREATER_THAN</operator>
<condition-expression/>
<use-active-baseline>true</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>Errors per Minute</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</warning-execution-criteria>
</health-rule>
<health-rule>
<name>APM_Memory_x_tier_name</name>
<type>INFRASTRUCTURE</type>
<description/>
<enabled>true</enabled>
<is-default>false</is-default>
<always-enabled>true</always-enabled>
<duration-min>30</duration-min>
<wait-time-min>30</wait-time-min>
<affected-entities-match-criteria>
<affected-infra-match-criteria>
<type>SPECIFIC_TIERS</type>
<application-components>
<application-component>x_tier_name</application-component>
</application-components>
</affected-infra-match-criteria>
</affected-entities-match-criteria>
<critical-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>Memory | Used (%)</display-name>
<short-name>A</short-name>
<condition-value-type>ABSOLUTE</condition-value-type>
<condition-value>90.0</condition-value>
<operator>GREATER_THAN</operator>
<condition-expression/>
<use-active-baseline>false</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>Hardware Resources|Memory|Used %</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</critical-execution-criteria>
<warning-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>Memory | Used (%)</display-name>
<short-name>A</short-name>
<condition-value-type>ABSOLUTE</condition-value-type>
<condition-value>75.0</condition-value>
<operator>GREATER_THAN</operator>
<condition-expression/>
<use-active-baseline>false</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>Hardware Resources|Memory|Used %</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</warning-execution-criteria>
</health-rule>
<health-rule>
<name>APM_Heap_JVM_x_tier_name</name>
<type>INFRASTRUCTURE</type>
<description/>
<enabled>true</enabled>
<is-default>false</is-default>
<always-enabled>true</always-enabled>
<duration-min>30</duration-min>
<wait-time-min>30</wait-time-min>
<affected-entities-match-criteria>
<affected-infra-match-criteria>
<type>SPECIFIC_TIERS</type>
<application-components>
<application-component>x_tier_name</application-component>
</application-components>
</affected-infra-match-criteria>
</affected-entities-match-criteria>
<critical-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>Memory:Heap|Used %</display-name>
<short-name>A</short-name>
<condition-value-type>BASELINE_STANDARD_DEVIATION</condition-value-type>
<condition-value>5.0</condition-value>
<operator>GREATER_THAN</operator>
<condition-expression/>
<use-active-baseline>true</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>JVM|Memory:Heap|Used %</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</critical-execution-criteria>
<warning-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>Memory:Heap|Used %</display-name>
<short-name>A</short-name>
<condition-value-type>BASELINE_STANDARD_DEVIATION</condition-value-type>
<condition-value>3.0</condition-value>
<operator>GREATER_THAN</operator>
<condition-expression/>
<use-active-baseline>true</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>JVM|Memory:Heap|Used %</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</warning-execution-criteria>
</health-rule>
<health-rule>
<name>APM_Garbage_Collection_JVM_x_tier_name</name>
<type>INFRASTRUCTURE</type>
<description/>
<enabled>true</enabled>
<is-default>false</is-default>
<always-enabled>true</always-enabled>
<duration-min>30</duration-min>
<wait-time-min>30</wait-time-min>
<affected-entities-match-criteria>
<affected-infra-match-criteria>
<type>SPECIFIC_TIERS</type>
<application-components>
<application-component>x_tier_name</application-component>
</application-components>
</affected-infra-match-criteria>
</affected-entities-match-criteria>
<critical-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>GC Time spent per min (ms)</display-name>
<short-name>A</short-name>
<condition-value-type>BASELINE_STANDARD_DEVIATION</condition-value-type>
<condition-value>5.0</condition-value>
<operator>GREATER_THAN</operator>
<condition-expression/>
<use-active-baseline>true</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>JVM|Garbage Collection|GC Time Spent Per Min (ms)</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</critical-execution-criteria>
<warning-execution-criteria>
<condition-aggregation-type>ALL</condition-aggregation-type>
<entity-aggregation-scope>
<type>ANY</type>
<value>0</value>
</entity-aggregation-scope>
<policy-condition>
<type>leaf</type>
<display-name>GC Time spent per min (ms)</display-name>
<short-name>A</short-name>
<condition-value-type>BASELINE_STANDARD_DEVIATION</condition-value-type>
<condition-value>3.0</condition-value>
<operator>GREATER_THAN</operator>
<condition-expression/>
<use-active-baseline>true</use-active-baseline>
<trigger-on-no-data>false</trigger-on-no-data>
<enable-triggers>false</enable-triggers>
<min-triggers>15</min-triggers>
<metric-expression>
<type>leaf</type>
<function-type>VALUE</function-type>
<value>0</value>
<is-literal-expression>false</is-literal-expression>
<display-name>null</display-name>
<metric-definition>
<type>LOGICAL_METRIC</type>
<logical-metric-name>JVM|Garbage Collection|GC Time Spent Per Min (ms)</logical-metric-name>
</metric-definition>
</metric-expression>
</policy-condition>
</warning-execution-criteria>
</health-rule>
</health-rules> Thank you Regards, Mohammed Saad
Labels
- Labels:
-
Controller
-
Licensing
-
User Management
09-18-2023
06:49 AM
I set I set "action_result.data" in the app's json file (short one like below), but it didn't help and was gone when I tried to edit it again. {
"data_path": "action_result.data",
...
See more...
I set I set "action_result.data" in the app's json file (short one like below), but it didn't help and was gone when I tried to edit it again. {
"data_path": "action_result.data",
"data_type": "string"
}, Is it something I have to update manually all the time after making any changes?
- Tags:
- I set
09-18-2023
06:32 AM
Hi there! I am attempting to set up the Microsoft Security Add-On on our Splunk Cloud (Victoria Experience). I was able to install the app on the Splunk Cloud Platform, and understand my next ste...
See more...
Hi there! I am attempting to set up the Microsoft Security Add-On on our Splunk Cloud (Victoria Experience). I was able to install the app on the Splunk Cloud Platform, and understand my next step is to configure the app to connect to Azure AD. I receive the following errors on the Configuration and Inputs tabs: I confirmed that the sc_admin role has all the needed permissions, and that my account has the role sc_admin. I also confirmed that the list_inputs permission is assigned (the closest post I could find on Splunk Answers said to check this). Any ideas what I should check next? Thank you!
Labels
- Labels:
-
data
09-18-2023
06:17 AM
Hi @ChaoticMike, if you can, please vote for this idea at https://ideas.splunk.com/ideas/EID-I-1731 Ciao. Giuseppe
09-18-2023
06:12 AM
Booo! But thank you for the answer, it wil lsave me looking for a thing that doesn't exist!
09-18-2023
06:10 AM
Hello, I am trying to get the above addon working in our environment. Our environment comprises of 2 heavy forwarders and a deployment server, the heavy forwarders filter all data to Splunk Cloud. ...
See more...
Hello, I am trying to get the above addon working in our environment. Our environment comprises of 2 heavy forwarders and a deployment server, the heavy forwarders filter all data to Splunk Cloud. When setting the above addon up I have confirmed that both Heavy forwarders can connect to our on-premise Jira server and both heavy forwarders pull down data from Jira e.g. projects etc. We have the setup in passthrough mode with passthrough being enabled within Splunk cloud, I'm aware that Splunk cloud will connect to the heavy forwarders and pull information from the KVstore but this does not appear to be happening. The addon within Splunk cloud still try's to connect to Jira when an account is populated in the configuration. When removing the configuration it complains about needing an account. A bearer token has been created within Splunk cloud and both heavy forwarders have been populated with the bearer token. Has anyone successfully set this up and if so do you have any pointers?
Labels
- Labels:
-
configuration
09-18-2023
06:02 AM
Hi, on a brand new Splunk install, the app tries using urrlib2, but Splunk only has urllib3. There is an exception where a "," is used instead of an "as" (line 388 of splunk_rest_client.py). It tr...
See more...
Hi, on a brand new Splunk install, the app tries using urrlib2, but Splunk only has urllib3. There is an exception where a "," is used instead of an "as" (line 388 of splunk_rest_client.py). It tries to use something from a module cStringIO which does not exist in Splunk or the app.
Labels
- Labels:
-
troubleshooting
09-18-2023
05:36 AM
1 Karma
Hi @ChaoticMike, there isn't a track of steps (I asked this on Splunk Ideas), so you can calculate only the global latency. Ciao. Giuseppe
09-18-2023
05:34 AM
Thanks Giuseppe. Our problem is we aren't sure if our latency is in the forwarding chain, or within Splunk Cloud. We can indeed determine the end-to-end latency, but we are trying to drill into eac...
See more...
Thanks Giuseppe. Our problem is we aren't sure if our latency is in the forwarding chain, or within Splunk Cloud. We can indeed determine the end-to-end latency, but we are trying to drill into each hop. Does anyone know of a way to do that? It sounds... 'tricky'!
- Tags:
- thanks
09-18-2023
05:30 AM
Hello all, The Splunk default admin name has been changed and now I get the below error on Splunk DB connect. Please can someone let me know which conf file holds this info so I can change it to ...
See more...
Hello all, The Splunk default admin name has been changed and now I get the below error on Splunk DB connect. Please can someone let me know which conf file holds this info so I can change it to the new username? Splunkd error: HTTP 400 -- User with name=admin does not exist
- Tags:
- dbconnect
Labels
- Labels:
-
administration
09-18-2023
05:25 AM
1 Karma
Hi @aditsss, there's something wrong in this search because there's a square parenthesis close but not the open, could you share the correct search? Ciao. Giuseppe
09-18-2023
05:23 AM
1 Karma
You are correct.
09-18-2023
05:22 AM
Hello Everyone.. Please reply if you have any solution to add show more and show less function in splunk dashboard table column. lets say there is one table with 4 columns - C1, C2, C3, C4 and 5 ro...
See more...
Hello Everyone.. Please reply if you have any solution to add show more and show less function in splunk dashboard table column. lets say there is one table with 4 columns - C1, C2, C3, C4 and 5 rows - R1, R2, R3, R4, R5. Consider Column C2 has 1 value in R1, 10 values in R2, 4 values in R3, 5 values in R4, 2 values in R5. I have to make 1 value to show as default and if there is value more than one then "show more" option should get enabled to expand the remaining details and "show less" option to collapse the expanded details. Thanks in Advance!
Labels
- Labels:
-
CSS
-
javascript
-
panel
09-18-2023
05:20 AM
What is not correct about the StartTime and EndTime fields? What do you expect them to be?
09-18-2023
05:14 AM
When you removed the blacklist setting do you also restart the forwarder(s)? Are there any transform or Ingest Actions in the data path that might also be discarding the events?
09-18-2023
05:12 AM
1 Karma
Please explain what you mean by "it doesn't fully work"? How does it fall short? What exactly are you trying to do with the coalesce function? Rather than ask how to use specific commands, I sugge...
See more...
Please explain what you mean by "it doesn't fully work"? How does it fall short? What exactly are you trying to do with the coalesce function? Rather than ask how to use specific commands, I suggest you explain your inputs and desired outputs. Then someone can recommend a query.
09-18-2023
04:36 AM
1 Karma
I figured out why this was throwing the error and posting here the solution just in case if it help someone. I was sure that I did not use any IP's while configuring the instances, however, I just...
See more...
I figured out why this was throwing the error and posting here the solution just in case if it help someone. I was sure that I did not use any IP's while configuring the instances, however, I just noticed that when I used cluster manager URI in server.conf for searchhead mode, it picked the IP address of peers (default behavior I think) instead of fqdn. The cert SAN did not had IP address in it. To overcome this, I added the below line in server.conf in each cluster peer and it resolved the issue. [clustering]
register_search_address = FQDN
09-18-2023
04:19 AM
Hi, I am myself a sysadmin and if you read my entire post with open eyes , i myself wrote that this information is available in /bash_history to check but that is manually after ssh into the serve...
See more...
Hi, I am myself a sysadmin and if you read my entire post with open eyes , i myself wrote that this information is available in /bash_history to check but that is manually after ssh into the server. If i wasn't aware how to check this, i wouldn't have mentioned about checking user's history. It doesn't matter which ever flavor of Linux you take be it Ubuntu or RHEL family anybody who is familiar with user deletion activity will know this issue because its same for any linux flavor. We are on RHEL 7.9 and under /var/log/secure all we see is following type of messages when someone runs userdel command: There is no further message or record in /var/log/secure of who ran this command. That's my use case and that is why i drew parallel with Windows Event Viewer logs to see how others are doing for similar use cases.
09-18-2023
04:02 AM
Hi Team, Below is my query search index="abc" sourcetype =$Regions$ source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval True=i...
See more...
Hi Team, Below is my query search index="abc" sourcetype =$Regions$ source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "ReadFileImpl - ebnc event balanced successfully"
| eval True=if(searchmatch("ebnc event balanced successfully"),"✔","")|head 7
| eval EBNCStatus="ebnc event balanced successfully"
| table EBNCStatus True ]
|rename busDt as Business_Date
|rename fileName as File_Name
|rename CARS.UNB_Duration as CARS.UNB_Duration(Minutes)
|table Business_Date File_Name StartTime EndTime CARS.UNB_Duration(Minutes) Records totalClosingBal totalRecordsWritten totalRecords EBNCStatus
|sort -Business_Date I am sorting on the basis of business date but my startTime and EndTime is not coming correct. Can someone guide me Below is the screenshot for the same
