Hi @Real_captain , these are the options to define colours of the areas: <option name="charting.legend.labels">[YES,NO,UND]</option>
<option name="charting.seriesColors">[0xff3f31,0x0dc681,0xe1dfdf...
See more...
Hi @Real_captain , these are the options to define colours of the areas: <option name="charting.legend.labels">[YES,NO,UND]</option>
<option name="charting.seriesColors">[0xff3f31,0x0dc681,0xe1dfdf]</option> you have to insert the values in the first option and the colours in the second one. Ciao. Giuseppe
I hope you did the following configuration to connect search head with indexer. If not, then do it as mentioned below, else verify the configuration. Configure the Indexer as a Search Peer Log in ...
See more...
I hope you did the following configuration to connect search head with indexer. If not, then do it as mentioned below, else verify the configuration. Configure the Indexer as a Search Peer Log in to the Splunk web interface on your search head. Go to Settings > Distributed Search > Search Peers. Click Add New to add a new search peer (indexer). Enter the management port (usually 8089) and the hostname or IP address of the indexer. If required, enter the username and password of the indexer to establish the connection. Click Save to add the indexer as a search peer. ------ If you find this solution helpful, please consider accepting it and awarding karma points !!
Hello, I have configured an index inside an indexer and when i try to fetch data from that index in search head not getting any data. when i search that same index in indexer i could get the data...
See more...
Hello, I have configured an index inside an indexer and when i try to fetch data from that index in search head not getting any data. when i search that same index in indexer i could get the data from the index but not from search head. Could you please assist what configuration needs to be checked on my search head and indexer ? Note - it's not clustered setup. Thanks
This YouTube video on Search Optimization in Splunk is highly useful https://www.youtube.com/watch?v=U3A1zxag_lc ------ If you find this solution helpful, please consider accepting it and awarding...
See more...
This YouTube video on Search Optimization in Splunk is highly useful https://www.youtube.com/watch?v=U3A1zxag_lc ------ If you find this solution helpful, please consider accepting it and awarding karma points !!
Hi All, We Are using earliest and latest commands in splunk test environment search and those are working fine but in production environment earliest and latest commands are not working in SPL query...
See more...
Hi All, We Are using earliest and latest commands in splunk test environment search and those are working fine but in production environment earliest and latest commands are not working in SPL query due to some reason. Can you please help me with alternative commands for those commands and provide the solution to fix this issue why earliest and latest commands are not working in production environment. Thanks, Srinivasulu S
Try this : <your_search>|rex field=source "\/audit\/logs\/(?<environment>[^\/]*)\/(?<hostname>[^-]*)\-(?<component>[^-]*)\-(?<filename>.*$)" ------ If you find this solution helpful, please consid...
See more...
Try this : <your_search>|rex field=source "\/audit\/logs\/(?<environment>[^\/]*)\/(?<hostname>[^-]*)\-(?<component>[^-]*)\-(?<filename>.*$)" ------ If you find this solution helpful, please consider accepting it and awarding karma points !!
Hi @karthi2809 , you can use this regex: | rex field=source "^\/\w+\/\w+\/(?<environment>\w+)\/\w+-(?<component>[^-]+)-(?<filename>.*)" you can test this regex at https://regex101.com/r/0VJvAw/1 ...
See more...
Hi @karthi2809 , you can use this regex: | rex field=source "^\/\w+\/\w+\/(?<environment>\w+)\/\w+-(?<component>[^-]+)-(?<filename>.*)" you can test this regex at https://regex101.com/r/0VJvAw/1 Ciao. Giuseppe
How to extract fields from below source. /audit/logs/QTEST/qtestw-core_server4-core_server4.log
I need extract QTEST as environment qtestw as hostname core_server4 as component core_server4.log as ...
See more...
How to extract fields from below source. /audit/logs/QTEST/qtestw-core_server4-core_server4.log
I need extract QTEST as environment qtestw as hostname core_server4 as component core_server4.log as filename
Alright, if the "TEST" keyword is in the search title, you can filter it as shown below. search_name!=*TEST* ------ If you find this solution helpful, please consider accepting it and awarding...
See more...
Alright, if the "TEST" keyword is in the search title, you can filter it as shown below. search_name!=*TEST* ------ If you find this solution helpful, please consider accepting it and awarding karma points !!
You can achieve this by creating Custom Notable Event Suppressions. Please refer to the link below for more details. https://docs.splunk.com/Documentation/ES/7.3.2/Admin/Customizenotables#Create_and...
See more...
You can achieve this by creating Custom Notable Event Suppressions. Please refer to the link below for more details. https://docs.splunk.com/Documentation/ES/7.3.2/Admin/Customizenotables#Create_and_manage_notable_event_suppressions ------ If you find this solution helpful, please consider accepting it and awarding karma points !!
Take a look into the index itsi_grouped_alerts and try to find your alert which should fire the alert action. Check if you can find the field you are referring to in this event and if there is content.
Hello @fernan2ruiz Since its not supported driver you have to get Driver from vendor from this link : https://documentation.softwareag.com/adabas/cxx146/install/CONNXInstall/Connecting_to_CONNX_JDBC_...
See more...
Hello @fernan2ruiz Since its not supported driver you have to get Driver from vendor from this link : https://documentation.softwareag.com/adabas/cxx146/install/CONNXInstall/Connecting_to_CONNX_JDBC_Server.htm and create server class something like below: [ADABAS]
displayName = adabas
serviceClass = com.splunk.dbx2.DefaultDBX2JDBC
jdbcDriverClass = com.Connx.jdbc.TCJdbc.TCJdbcDriver
jdbcUrlFormat = jdbc:adabas://:/ Splunk doc for not supported driver server class creation : https://docs.splunk.com/Documentation/DBX/3.18.1/DeployDBX/Installdatabasedrivers#:~:text=on%20Windows%20hosts).-,Add%20the%20custom%20database%20to%20db_connection_types.conf,For%20more%20information%2C%20see%20Configuration%20file%20reference.,-Database%20connection%20validation
As far as I know the only way is to build this by yourself. An idea would be to establish this with a correlation search which detects the change, will create a notable event which will be added to t...
See more...
As far as I know the only way is to build this by yourself. An idea would be to establish this with a correlation search which detects the change, will create a notable event which will be added to the episode because the neap will fetch it and trigger the event you want to have. As a common way to do this, this event should have a specific field like send_email=yes and email_content=>YOURCINTENT< so you can use this field as trigger and preconfigured the content of your email.
Hi, maybe you are searching for this: https://docs.splunk.com/Documentation/Splunk/9.3.1/Alert/EmailNotificationTokens please take also a look into index=_internal if there is a hint why your...
See more...
Hi, maybe you are searching for this: https://docs.splunk.com/Documentation/Splunk/9.3.1/Alert/EmailNotificationTokens please take also a look into index=_internal if there is a hint why your emails aren’t send. Have you tried if a normal spl query with the command „sendemail“ works? Email server settings are correct?