Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
09-05-2023
09:51 AM
Hi FlorianScho
This question was posted in 2018, please go ahead and post a new question to get more visibility from the community.
Thanks!
09-05-2023
09:42 AM
If your problem is resolved, then please click the "Accept as Solution" button to help future readers.
09-05-2023
09:39 AM
Your search looks OK - can you share some of the events (anonymised of course) which are being found which shouldn't be?
09-05-2023
09:37 AM
I updated it here
https://community.appdynamics.com/t5/Dashboards/Need-to-configure-total-calls-per-1-Hours-amp-total-calls-per-24/m-p/51792/emcs_t/S2h8ZW1haWx8ZGlnZXN0X25vdGlmaWNhdGlvbnxMTTY5RVhYM...
See more...
I updated it here
https://community.appdynamics.com/t5/Dashboards/Need-to-configure-total-calls-per-1-Hours-amp-total-calls-per-24/m-p/51792/emcs_t/S2h8ZW1haWx8ZGlnZXN0X25vdGlmaWNhdGlvbnxMTTY5RVhYMDJKTk9STnwtMXxPVEhFUlN8aEs#M1382
09-05-2023
09:36 AM
Hi,
You can use the sum function as below
After this setting, you can change the time to 1 Hour or 24 Hour as needed. You can also raise support ticket for anything urgent.
Thanks, Satbir...
See more...
Hi,
You can use the sum function as below
After this setting, you can change the time to 1 Hour or 24 Hour as needed. You can also raise support ticket for anything urgent.
Thanks, Satbir Singh
09-05-2023
09:24 AM
1 Karma
Please help guys as it is very urgent. It will appreciate if we solve this.
09-05-2023
08:45 AM
I am trying to filter multiple values from two fields but not getting the expected result. index=test_01 EventCode=4670 NOT (Field 1 = value1 OR Field 1 = value2) NOT (Process_Name = value 3 OR Proc...
See more...
I am trying to filter multiple values from two fields but not getting the expected result. index=test_01 EventCode=4670 NOT (Field 1 = value1 OR Field 1 = value2) NOT (Process_Name = value 3 OR Process_Name = value 4) I am geting splunk results which includes Process_Name=value 3 and Process_Name=value 4
Labels
- Labels:
-
subsearch
09-05-2023
08:42 AM
Howdy Splunkers, Working on my Splunk deployment and ran into a funky issue. I am ingesting Palo Alto FW and Meraki network device logs via syslog server. Rsyslog is set to write logs down to a f...
See more...
Howdy Splunkers, Working on my Splunk deployment and ran into a funky issue. I am ingesting Palo Alto FW and Meraki network device logs via syslog server. Rsyslog is set to write logs down to a file and the UF is set to monitor the directories. No issues there, however I do run into an issue why I try to source type or set an index for these logs. I have edited the indexes.conf in the local folder on my cluster manager and pushed the required indexes to my indexers. When I go to search for the logs on my search head I cannot find any data. However it works properly whenever i do not have sourcetyping and index destination in my inputs.conf. Any idea as to why?
Labels
- Labels:
-
indexer
-
inputs.conf
-
universal forwarder
09-05-2023
08:37 AM
test_id": "CHICKEN-0123456", "last_test_date": "2023-09-04 12:34:00"
with such above file and todays date 09/25/2023
once it is monitored by the splunk, I cannot search this data with th...
See more...
test_id": "CHICKEN-0123456", "last_test_date": "2023-09-04 12:34:00"
with such above file and todays date 09/25/2023
once it is monitored by the splunk, I cannot search this data with the 'current' date or even current time; 15 or 60mintues.
instead it tends to read the dates off of the file which is the 'last test date' = 09/24/2023 therefore from the search I have to put either on that day or 1day to find the data.
Props.conf currently set as
DATETIME_CONFIG = CURRENT
I want the file to be 'read' today if it was uploaded today. (or 15 min if it was uploaded within 15min) NOT going off of the date in the file.
Gurus hop in plesae.
- Tags:
- props
- splunk search
09-05-2023
08:19 AM
EDIT: Nevermind, I had an issue in my splunk server that was returning incorrect results, the solution works perfect! Thanks!
09-05-2023
08:18 AM
Hi @jhilton90 , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
09-05-2023
08:17 AM
Hi All,
I am looking for a SPL query to generate the SLA metrics KPI dashboard for incidents in Splunk Mission Control. The dashboard should contain SLA status (met/not-met) and the Analyst assigne...
See more...
Hi All,
I am looking for a SPL query to generate the SLA metrics KPI dashboard for incidents in Splunk Mission Control. The dashboard should contain SLA status (met/not-met) and the Analyst assigned to the incident.
Thank You
Labels
- Labels:
-
Mission Control
09-05-2023
08:10 AM
Hello, Does "WHERE" SQL clause have the same row limitation as "INNER JOIN"? Does "WHERE" and "INNER JOIN" have the same function and result? Thank you for your help For example: | dbxquery co...
See more...
Hello, Does "WHERE" SQL clause have the same row limitation as "INNER JOIN"? Does "WHERE" and "INNER JOIN" have the same function and result? Thank you for your help For example: | dbxquery connection=DBtest query="SELECT a.name, b.department FROM tableEmployee a INNER JOIN tableCompany b ON a.id = b.emp_id | dbxquery connection=DBtest query="SELECT a.name, b.department FROM tableEmployee a, tableCompany b WHERE a.id = b.emp_id
Labels
- Labels:
-
data
09-05-2023
07:53 AM
2 Karma
Hi @JohnnyMnemonic, if the threshold value is fixed when not present in the lppkup, you can use an eval: index=main
| loopup thresholds_table.csv object output threshold
| eval threshold=if(isnull(...
See more...
Hi @JohnnyMnemonic, if the threshold value is fixed when not present in the lppkup, you can use an eval: index=main
| loopup thresholds_table.csv object output threshold
| eval threshold=if(isnull(threshold),10,threshold)
| where number > threshold Ciao. Giuseppe
09-05-2023
07:49 AM
Hi,
I'm trying to create a filter based on a threshold value that is unique for some objects and fixed for the others.
index=main | loopup thresholds_table.csv object output threshold | ...
See more...
Hi,
I'm trying to create a filter based on a threshold value that is unique for some objects and fixed for the others.
index=main | loopup thresholds_table.csv object output threshold | where number > threshold
The lookup contains something like:
object
threshold
chair
20
pencil
40
The problem here is that no all objects are inside the lookup, so I want to fix a threshold number for all other objects, for example I want to fix a threshold of 10 for every object except for those inside the lookup.
I tried these things without success:
index=main | loopup thresholds_table.csv object output threshold | eval threshold = coalesce(threshold, 10) | where number > threshold
index=main | fillnull value=10 threshold | loopup thresholds_table.csv object output threshold | where number > threshold
index=main | eval threshold = 10 | loopup thresholds_table.csv object output threshold | where number > threshold
The objective is identify when an object reach an X average value, except for those objects that have a higher average value.
- Tags:
- splunk search
Labels
- Labels:
-
lookup
09-05-2023
07:49 AM
I am trying to create a timeline dashboard that shows the number of events for a specific user over the last 7 days (x-axis being _time and y-axis being the number of events). We do not have a field ...
See more...
I am trying to create a timeline dashboard that shows the number of events for a specific user over the last 7 days (x-axis being _time and y-axis being the number of events). We do not have a field option for individual users yet. The syntax I have here will show a nice timeline from Search in Splunk but when I try to create a dashboard line chart for it, I either get nothing or mismatching info. Syntax I use for search: index="myindex1" OSPath="C:\\Users\\Snyder\\*".
Labels
- Labels:
-
Dashboard Studio
-
table
-
timechart
09-05-2023
07:42 AM
Hi Shaiju, when your engineering team will fix this bug?
09-05-2023
07:38 AM
1 Karma
Thank you @richgalloway for help. Really appriciate your time. Thank you
09-05-2023
07:23 AM
Have you tried resetting your password?
