Try specifying which index and sourcetype you want to search to narrow your search. Also, look at the time frame used to see if that can be narrowed but still deliver the results you require.
The issue is probably that the stats values part of the search will give you a multivalue field in a single event when you actually need separate events for each value. Try removing the stats command.
I created the following query to check the status of ldap service but i was wonder if there a better query
tag=NAME "AuthenticationResult=Passed" "Authentication failed" NOT "Identity Groups" NOT...
See more...
I created the following query to check the status of ldap service but i was wonder if there a better query
tag=NAME "AuthenticationResult=Passed" "Authentication failed" NOT "Identity Groups" NOT "ExternalGroups=CN" |
stats count by host | search count > 15
Eventually I would like to add this search to my dashboard
Hi, I am trying to install API gateway extension. For this I have installed machine agent independently on a server with SIM Enabled. The server does not have an App agent. Then I cloned and extracte...
See more...
Hi, I am trying to install API gateway extension. For this I have installed machine agent independently on a server with SIM Enabled. The server does not have an App agent. Then I cloned and extracted the API gateway extension from github in /machineagent/monitors. After extraction i couldn't find yml file. I have installed java 8 in server. Machine agent version os 24.9. Please let me know where this is wrong and whether any additional things to be done. Regards Fadil
Hi Guys.
I've configured the Splunk_TA_nix plug-in running on a Linux server and this is providing data for a Metric Based Index in Splunk Enterprise v9.2.1
I've configured the most basic (Classi...
See more...
Hi Guys.
I've configured the Splunk_TA_nix plug-in running on a Linux server and this is providing data for a Metric Based Index in Splunk Enterprise v9.2.1
I've configured the most basic (Classic) Dashboard with just a dropdown and search based on this Index.
The drop down never populates, so my question is whether dropdown searches can be based on Metric Indexes? My search works in the Search and Reporting field:
|mstat min(df_metric.*) WHERE (host=myhost) span=1h index="linux_os_metric" BY MountedOn
|stats values(MountedOn) as MountedOn
|sort MountedOn
|table MountedOn
It says populating and does not return an error, but the dropdown is greyed out and not selectable. I was hoping it was going to present a list of mounted Filesystems
thanks in advance if anyone can solve this.
Hi @Tim.Manley,
Were you able to find a solution? If you still need help, you can contact AppDynamics Support: How to contact AppDynamics Support and manage existing cases with Cisco Support Case M...
See more...
Hi @Tim.Manley,
Were you able to find a solution? If you still need help, you can contact AppDynamics Support: How to contact AppDynamics Support and manage existing cases with Cisco Support Case Manager (SCM)
Hi @hazem , this is the only app for that technology in Splunkbase, I understand that it isn't supported neither by Splunk and another developer, but this is the only alternative solution than crea...
See more...
Hi @hazem , this is the only app for that technology in Splunkbase, I understand that it isn't supported neither by Splunk and another developer, but this is the only alternative solution than create your own custom add-on, so I hint to use it, eventually customizing it and supporting by yourself. Ciao. Giuseppe
My search returns something like this: SESSION URI b4db1013-e31d-4df5-94ed-3b5b2fc0dc1f Page1.html b4db1013-e31d-4df5-94ed-3b5b2fc0dc1f Page2.html b4db1013-e31d-4df5-94ed-3b5b2fc0dc1f...
See more...
My search returns something like this: SESSION URI b4db1013-e31d-4df5-94ed-3b5b2fc0dc1f Page1.html b4db1013-e31d-4df5-94ed-3b5b2fc0dc1f Page2.html b4db1013-e31d-4df5-94ed-3b5b2fc0dc1f Page3.html 42b772ff-b142-471c-a780-080261b084a0 Page2.html 42b772ff-b142-471c-a780-080261b084a0 Page1.html 42b772ff-b142-471c-a780-080261b084a0 Page4.html 42b772ff-b142-471c-a780-080261b084a0 Page5.html 5136941f-a2e7-4c39-83bd-bd5d2709fb18 Page3.html 5136941f-a2e7-4c39-83bd-bd5d2709fb18 Page1.html And I'd like to transform the results into this (preserving the sort sequence): SESSION URI b4db1013-e31d-4df5-94ed-3b5b2fc0dc1f Page1.html, Page2.html, Page3.html 42b772ff-b142-471c-a780-080261b084a0 Page2.html, Page1.html, Page4.html, Page5.html 5136941f-a2e7-4c39-83bd-bd5d2709fb18 Page3.html, Page1.html We can either concatenate the URIs into the same field (as in this example), or we can create a separate column for each URI, whichever is easier. Thanks!
I have a splunk search that returns two columns, SESSION and URI. How can I show the sequence of URIs visited by each SESSION as columns, with a separate row for each SESSION? Thanks!
Appreciate your response @marnall . My questions comes from our recent scenario, where we did a splunk upgrade using Infrastructure as code and we are using smartstore for indexing. We were in the ...
See more...
Appreciate your response @marnall . My questions comes from our recent scenario, where we did a splunk upgrade using Infrastructure as code and we are using smartstore for indexing. We were in the opinion that the data get moved to external storage once it hits the warm bucket but unfortunately, we lost some of the data during the migration. The only reason we could think of is the hot buckets which are stored locally did not get rolled over to warm bucket which could have been available in the external storage and are available for later searches. We have another migration scheduled for this weekend, so I want to be cent percent sure we don't have any data loss.