Hi Shaiju, thank you for your answer. Does this mean that support for version 2022.5.0 will not be actually ended until this issue will be fixed? According to the https://docs.appdynamics.com/ap...
See more...
Hi Shaiju, thank you for your answer. Does this mean that support for version 2022.5.0 will not be actually ended until this issue will be fixed? According to the https://docs.appdynamics.com/appd/23.x/latest/en/product-and-release-announcements/maintenance-support-for-software-versions , support for version 2022.5.0 was ended on June 23, 2023.
I have a UF that's configured to forward to a healthy intermediate HF (9997) . The UF is producing "forcibly closed" errors but the HF is healthy and is accepting TCP 9997 from other UFs. What could...
See more...
I have a UF that's configured to forward to a healthy intermediate HF (9997) . The UF is producing "forcibly closed" errors but the HF is healthy and is accepting TCP 9997 from other UFs. What could be the reason for this? Troubleshooting attempts made: 1. Confirming with network team that rules are in place. 2. TCP Dump from the dest (HF), packets received. 3. Telnet from UF to dest (9997), telnet completes. Any other things I missed? tcpdump from the HF HF's splunkd.log
Is there a way to send a notification automatically to an analyst's email address they are assigned as the owner of a notable event? I have seen the email response action, but that only triggers ...
See more...
Is there a way to send a notification automatically to an analyst's email address they are assigned as the owner of a notable event? I have seen the email response action, but that only triggers when the notable event is created. I have seen the ticketing system apps and that function is not what I am looking for. If this is not an option currently please think about implementing it as a base feature of ES.
This is currently being investigated to evaluate the alamofire incompatibility for versions succeeding 2022.5.0.
Recommend continue using version 2022.5.0 to solve the problem.
Hello, Thanks for the feedback. I will be more specific next time. I wasn’t aware of the dc (distinct count) option in search. In the example you provided, how would I alert in which the dc h...
See more...
Hello, Thanks for the feedback. I will be more specific next time. I wasn’t aware of the dc (distinct count) option in search. In the example you provided, how would I alert in which the dc has a count of over 5? Thank You
I had the same issue after a recent Splunk upgrade, the token height was working then it suddenly didn't. I found that it no longer liked the default condition being blank: <set to...
See more...
I had the same issue after a recent Splunk upgrade, the token height was working then it suddenly didn't. I found that it no longer liked the default condition being blank: <set token="table1TableHeightCSS"></set> <set token="table1TableAlertCSS"></set> so i set default to '1' and it worked for me: <set token="table1TableHeightCSS">1</set> <set token="table1TableAlertCSS">1</set>
Hello, I need help with increasing the default height of a Dashboard label. I can't figure out how this can be done. Currently, when loading the Dashboard, the label and Description look like this...
See more...
Hello, I need help with increasing the default height of a Dashboard label. I can't figure out how this can be done. Currently, when loading the Dashboard, the label and Description look like this: I can manually increase the Height to look like this: But, i need it to be defaulted at this Height: If it's not possible, is there a way to add a static text box below the Label? Here's the Source for the Label I currently have. <label>SiteOne Automated Health Check Clone</label> <description>test Infrastructure - +13 Press 1 for the Batch Processing Team Press 2 for the Security Team Press 3 for the Network Team Press 4 for the VOIP Team Press 5 for the Monitoring Team Press 6 for the Citrix Team Press 7 for the Server Team</description> <row> <panel> Thanks for any help on this one, Tom
Use the strptime function to convert the current format into epoch form then use strftime to convert that into the required format. The two functions can be used in a single eval. | eval timefield=...
See more...
Use the strptime function to convert the current format into epoch form then use strftime to convert that into the required format. The two functions can be used in a single eval. | eval timefield=strftime(strptime(timefield, "%d/%m/%y"), "%Y-%m-%d")
Hi @dhiraj , you have to use the eval command with the strftime and strptime options, like this: | eval new_date=strftime(strptime(date,"%d/0m/%y"),"%Y-%m-%d") Ciao. Giuseppe
Hello, I tested your suggestion and it worked, but my CSV file does not have /128. Can you answer the following questions? I appreciate your help 1. a) Should I add /128 on all IPv6 on my CSV ...
See more...
Hello, I tested your suggestion and it worked, but my CSV file does not have /128. Can you answer the following questions? I appreciate your help 1. a) Should I add /128 on all IPv6 on my CSV file to get this to work? b) If yes, does it mean I need to put extra layer to check which one is IPv6 or IPv4 and then append /128? 2. Will OUPUTNEW work just fine as regular lookup? 3. a) If I update CSV file (with new fields), will the definition lookup still work? b) Is there a way to automate update on the definition lookup? I plan on creating automatic update on CSV, but it looks like the definition ties on specific field. 4. Note that if I use /120, it could return multiple result like the following: expected ip test mask 2 test mask 4 test mask 6 2001:db8:3333:4444:5555:6666::2101
Hi, I have dozens of HTML Dashboards (I know it's deprecated...) running on iPad in our production. The Dashboards are used for user input for data our machine can't deliver themselves (like why was...
See more...
Hi, I have dozens of HTML Dashboards (I know it's deprecated...) running on iPad in our production. The Dashboards are used for user input for data our machine can't deliver themselves (like why was the produced unit bad instead of only that is was bad). Basically there are a few big buttons to choose from and select a error reason for example. If the button is pressed a Splunk search is executed with a collect command and the selected data is written into a summary index. This works most of the time but not always. I assume in 10-20% of searches, the search could not be finished because of network connection error. This also happens at logging in into Splunk sometimes, an error "no network connection " occurs. Our network guys didn't find any issues on their side. And the other interesting part is, it only happens on iPads/iOS. On Windows machines it never happens! Does anybody came across the same issues or something similar? Thanks!
Hi @Bastiaan, as I said, follow the Splunk Search Tutorial and you'll quickly learn how to search on Splunk. Anyway, if you have only to search some strings, you can put them in the main search usi...
See more...
Hi @Bastiaan, as I said, follow the Splunk Search Tutorial and you'll quickly learn how to search on Splunk. Anyway, if you have only to search some strings, you can put them in the main search using the boolean operator to correlate them, remembering that the AND operator is by default. So if you want to find all events containing the strings you define, you could try to run: index=your_index host=your_host ("CONFIG, commit* but not Succeeded" OR "snmpd.log")
| table _time host TS_Agent Then you can add the time conditions, but, as I said, follow the Search Tutotial. At least, don't use the "-" char in field names because Splunk uses it as subtraction operator, use underscore "_". Ciao. Giuseppe
I see I have a lot to learn. The essence is: I want to get three things from the log of host "hostname". First, "CONFIG, commit* but not Succeeded", I also want "snmpd.log" messages and I want to ge...
See more...
I see I have a lot to learn. The essence is: I want to get three things from the log of host "hostname". First, "CONFIG, commit* but not Succeeded", I also want "snmpd.log" messages and I want to get "TS-Agent" from the logging. But from the last one I'm not interested in what happens between 01:00 and 05:00 since they give errors during that time frame that I don't care about. The other two filter/searches I want to get 24/7 messages from.