All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hello; Is there any solution available as of now to get a numeric value for Max Calls Per Minute in a time range? IF so, please explain how to get it. IF Not then please provide a date to implemen... See more...
Hello; Is there any solution available as of now to get a numeric value for Max Calls Per Minute in a time range? IF so, please explain how to get it. IF Not then please provide a date to implement something like this, this is pretty basic and all metrics should have the ability to get Min, Max, Avg at the minimum . Thanks! +Hector
Hi, I am using the Db connect 3.18.1 to collect sql audit logs FROM sys.fn_get_audit_file function.  When I use event_time as the indexing column, no events are collected with no error messages. But... See more...
Hi, I am using the Db connect 3.18.1 to collect sql audit logs FROM sys.fn_get_audit_file function.  When I use event_time as the indexing column, no events are collected with no error messages. But when I changed the indexing to be Current, I got the audit events logged to the indexer. But no logs were collected when I used event_time as indexing column. I did not see any useful or error messages from debug logs.  Appreciate any help or tips.   thanks,
I want to extract error code from the below text but getting unexpected closing tag. The name of the column in the Database is SERVICE_RESPONSE Text: Service execution forgetGCPPauseAndResumeCall F... See more...
I want to extract error code from the below text but getting unexpected closing tag. The name of the column in the Database is SERVICE_RESPONSE Text: Service execution forgetGCPPauseAndResumeCall Failed. Error -> Status Code - > 404, Status Text -> Not Found, Response Body ->{"message":"HTTP 404 Not Found","code":"not found","status":404,"contextId":"c496bcae-115b-456c-a557-3d5e2daae0b8","details":[],"errors":[]}. Check Business audit for more details Solution1: | rex field=SERVICE_RESPONSE "\"status\"\s*:\s*(?P<ERROR_CODE>\d+)" //above expression is giving unexpected close tag   Solution2:  | rex field=SERVICE_RESPONSE "&lt;dqt&gt;status&lt;dqt&gt;\:(?P<ERROR_CODE>.\w+)"
Sadly its still not working all is colored red as the last defined one:   <format type="color"> <colorPalette type="expression"> case(match(value,"logLevel=INFO"),"#4f34eb",match(value,... See more...
Sadly its still not working all is colored red as the last defined one:   <format type="color"> <colorPalette type="expression"> case(match(value,"logLevel=INFO"),"#4f34eb",match(value,"logLevel=WARNING"),"#ffff00",match(value,"logLevel=ERROR"),"#53A051") </colorPalette> </format>  
Try something like this <format type="color"> <colorPalette type="expression"> case(match(value,"logLevel=INFO"),"#4f34eb",match(value,"logLevel=WARNING"),"#ffff00",match(value,"logLevel=ERROR"),"#... See more...
Try something like this <format type="color"> <colorPalette type="expression"> case(match(value,"logLevel=INFO"),"#4f34eb",match(value,"logLevel=WARNING"),"#ffff00",match(value,"logLevel=ERROR"),"#53A051") </colorPalette> </format>
We are having 3 indexers with 2 cluster managers and 3 SH with one Deployer. its multi site cluster. Please help me to configure this setting before on-boarding rather than spath command? Please tell... See more...
We are having 3 indexers with 2 cluster managers and 3 SH with one Deployer. its multi site cluster. Please help me to configure this setting before on-boarding rather than spath command? Please tell me in detail how to perform?
Veryy helpful! Thx! My case is with three conditions , can you help me color different cases as such please? LogLevel : INFO -> Blue LogLevel : WARRNING -> Yellow LogLevel : Error -> Red   ... See more...
Veryy helpful! Thx! My case is with three conditions , can you help me color different cases as such please? LogLevel : INFO -> Blue LogLevel : WARRNING -> Yellow LogLevel : Error -> Red   What I come up with is below but not working      <format type="color"> <colorPalette type="expression"> if(match(value,"logLevel=INFO"),"#4f34eb",null), if(match(value,"logLevel=WARNING"),"#ffff00",null), if(match(value,"logLevel=ERROR"),"#53A051",null) </colorPalette> </format>  
Anyone else having trouble implementing this? I have an app, it has the following setting in app.conf, but still when users log into the app, they are forced into light mode, even if their user prefe... See more...
Anyone else having trouble implementing this? I have an app, it has the following setting in app.conf, but still when users log into the app, they are forced into light mode, even if their user preference is dark mode. We are using Splunk 9.2.2. [ui] is_visible = 1 label = MyApp supported_themes = light,dark
So far pretty useful to my dashboard but do you know how to add conditions  as such :   LogLevel : INFO -> Blue LogLevel : WARRNING -> Yellow LogLevel : Error -> Red
Thank you. It worked. One small doubt, will it be worked for upcoming new events also right? Is there any way to hide this in search rather than creating macro?  and can we do it during on-boarding ... See more...
Thank you. It worked. One small doubt, will it be worked for upcoming new events also right? Is there any way to hide this in search rather than creating macro?  and can we do it during on-boarding itself during index or search time extraction? Please help me
It's not about Splunk components' config as much as your network config.
| rex "(?<json>\{.*\})" | spath input=json
Hi,  please check now
The sample event that you posted does not contain valid json. I presume this is a copy/paste error or other typo. Please repost the raw data from your event (anonymised as required) in a code block (... See more...
The sample event that you posted does not contain valid json. I presume this is a copy/paste error or other typo. Please repost the raw data from your event (anonymised as required) in a code block (using the </> button above) to preserve formatting details.
Please help me to get these logs in a way that it provides all the fields please... Nov 9 17:34:28 128.160.82.28 [local0.warning] <132>1 2024-11-09T17:34:28.436542Z AviVantage v-epswafhic2-wdc.hc.cl... See more...
Please help me to get these logs in a way that it provides all the fields please... Nov 9 17:34:28 128.160.82.28 [local0.warning] <132>1 2024-11-09T17:34:28.436542Z AviVantage v-epswafhic2-wdc.hc.cloud.uk.hc-443 NILVALUE NILVALUE - {"adf":true,"significant":0,"udf":false,"virtualservice":"virtualservice-4583863f-48a3-42b9-8115-252a7fb487f5","report_timestamp":"2024-11-09T17:34:28.436542Z","service_engine":"GB-DRN-AB-Tier2-se-vxeuz","vcpu_id":0,"log_id":10181,"client_ip":"128.12.73.92","client_src_port":44908,"client_dest_port":443,"client_rtt":1,"http_version":"1.1","method":"HEAD","uri_path":"/path/to/monitor/page/","host":"udg1704n01.hc.cloud.uk.hc","response_content_type":"text/html","request_length":93,"response_length":94,"response_code":400,"response_time_first_byte":1,"response_time_last_byte":1,"compression_percentage":0,"compression":"","client_insights":"","request_headers":3,"response_headers":12,"request_state":"AVI_HTTP_REQUEST_STATE_READ_CLIENT_REQ_HDR","significant_log":["ADF_HTTP_BAD_REQUEST_PLAIN_HTTP_REQUEST_SENT_ON_HTTPS_PORT","ADF_RESPONSE_CODE_4XX"],"vs_ip":"128.160.71.14","request_id":"61e-RDl6-OZgZ","max_ingress_latency_fe":0,"avg_ingress_latency_fe":0,"conn_est_time_fe":1,"source_ip":"128.12.73.92","vs_name":"v-epswafhic2-wdc.hc.cloud.uk.hc-443","tenant_name":"admin"}
hi @gcusello  I have shared the details, could you check   
thank you for explaining much appreciated 
That's as I described it. There are ways to remove this extra information but they are a little involved and may not give you what you need. One of the more simpler ways is to do this | stats count ... See more...
That's as I described it. There are ways to remove this extra information but they are a little involved and may not give you what you need. One of the more simpler ways is to do this | stats count by techGroupLevel problem_detail | eventstats sum(count) as total by techGroupLevel | stats list(problem_detail) as problem_detail list(count) as count values(total) as total by techGroupLevel Note that problem_detail and count are now multivalue fields and you have to visually align the count with the problem detail rather than them being in separate events and therefore in alternating background colours. Btw, total is also technically a multivalue field but since there is only one value per techGroupLevel, this isn't immediately obvious!
Each input has effectively two tokens, one for what the user has chosen on the form, and one for the result of the selection. Try something like this <change> <condition value="reset_all_field_searc... See more...
Each input has effectively two tokens, one for what the user has chosen on the form, and one for the result of the selection. Try something like this <change> <condition value="reset_all_field_search"> <unset token="form.search"></unset> <set token="form.search">*</set> <unset token="form.search2"></unset> <set token="form.search2">*</set> <unset token="form.search12"></unset> <set token="form.search12">*</set> <unset token="form.field4"></unset> <set token="form.field4">*</set> <unset token="form.field5"></unset> <set token="form.field5">*</set> </condition>  
thanks  i used the first line and that looks better the second line just repeats the total on each line like this