Hi @Henry.Tellez,
Thanks for asking your question on the community. I was not able to find any existing information on this. Did you find a solution yourself that you can share? If you still nee...
See more...
Hi @Henry.Tellez,
Thanks for asking your question on the community. I was not able to find any existing information on this. Did you find a solution yourself that you can share? If you still need help, you can contact AppD Support: How to contact AppDynamics Support and manage existing cases with Cisco Support Case Manager (SCM)
Hi @Fadil.CK,
Have you been able to find a solution or any new information you can share here? If you still need help, you can contact AppD Support: How to contact AppDynamics Support and manage ex...
See more...
Hi @Fadil.CK,
Have you been able to find a solution or any new information you can share here? If you still need help, you can contact AppD Support: How to contact AppDynamics Support and manage existing cases with Cisco Support Case Manager (SCM)
Hi @Srujana.Mora,
I have not been able to find any help on this. If you have not yet, you can try contacting AppD Support. How to contact AppDynamics Support and manage existing cases with Cisco Su...
See more...
Hi @Srujana.Mora,
I have not been able to find any help on this. If you have not yet, you can try contacting AppD Support. How to contact AppDynamics Support and manage existing cases with Cisco Support Case Manager (SCM)
HI, Recently, we integreted AudioCodes RVI and CIC to Splunk entreprise, and i'm looking for interesting Dashboards , unfortunately i don't found an APP/ADD-on for this techno, Thx
Hello, I recently updated a distributed environment with a bundle via the deployer to update the authentication.conf to have an updated LDAP strategy. Since then there have been a number of issue w...
See more...
Hello, I recently updated a distributed environment with a bundle via the deployer to update the authentication.conf to have an updated LDAP strategy. Since then there have been a number of issue with users not being able to delete their knowledge objects which prompted me to try as my Admin user. However this is the error I am receiving when trying to delete via the web ui: 09-24-2024 16:52:13.948 +0000 ERROR SavedSearchAdminHandler [2802356 TcpChannelThread] - This saved search failed to handle removal request due to Object id=<alert/report name> cannot be deleted in config=savedsearches. I am using Splunk Enterprise version 9.3.0.
| timechart span=15m max(SysStatsUtilizationCpu) by host limit=0
| untable _time host SysStatsUtilizationCpu
| stats avg(SysStatsUtilizationCpu) as average by host
Im currently using the query to find the cpu utilization for a few host but i want to see the average utilization per host tag=name "CPU Utilization" | timechart span=15m max(SysStatsUtilizationCp...
See more...
Im currently using the query to find the cpu utilization for a few host but i want to see the average utilization per host tag=name "CPU Utilization" | timechart span=15m max(SysStatsUtilizationCpu) by host limit=0 Any information would be helpful
Thank you, I am aware of that modal in MC but it gives me the same arcane name for example >>> _ACCELERATE_111111-22222-333-4444-123456789_search_nobody_123456978_ACCELERATE_" However, the ...
See more...
Thank you, I am aware of that modal in MC but it gives me the same arcane name for example >>> _ACCELERATE_111111-22222-333-4444-123456789_search_nobody_123456978_ACCELERATE_" However, the origin host is my dedicated MC splunk server and there is only 1 accelerate report icon listed for >License Usage Data Cube, so I assume that is the culprit. But why is it skipping? I clicked the accelerate option, perhaps I need to adjust the max scheduled searches? Yes I found a number of garbage scheduled reports from years ago eating up resources and starving the accelerated report for the License Usage Data Cube. I incorrectly assumed that report would have priority to resources. Thank you for your help.
Hi @Glasses2 you can look for skipped searches in moniotoring console Scheduler Activity: Instance or deployment and bottom of the dashboard you will find panel named Count of Skipped Rep...
See more...
Hi @Glasses2 you can look for skipped searches in moniotoring console Scheduler Activity: Instance or deployment and bottom of the dashboard you will find panel named Count of Skipped Reports by Name and Reason
I have noticed that a saved search is chronically skipped, almost 100% but I cannot trace it back to the origin. The search name is >>> _ACCELERATE_<redacted>_search_nobody_<redacted>_ACCELERATE_ ...
See more...
I have noticed that a saved search is chronically skipped, almost 100% but I cannot trace it back to the origin. The search name is >>> _ACCELERATE_<redacted>_search_nobody_<redacted>_ACCELERATE_ From _internal its in search app, report acceleration, and user nobody. _Audit provides no clues either. How do I trace this to the source? Thank you
Splunk audit logs will pick the src ip for the log from the incoming packet. To me this indicates your LB is doing full blow SNAT rather than maintaining the source IP on the 'inside' portion of the...
See more...
Splunk audit logs will pick the src ip for the log from the incoming packet. To me this indicates your LB is doing full blow SNAT rather than maintaining the source IP on the 'inside' portion of the connection. This would be an issue for your network/LB admin team to resolve if possible based on their network design. This is not something that Splunk administration/configuration can fix.
| stats values(SID) as SID values(VALUE) as VALUE by SERVICE_NAME FILE_NAME SECTION KEY
| eval match=if(mvcount(SID) = 2 AND mvcount(VALUE) = 1,"Yes", "No")
Hello, I have the following dataset. It consists of configuration parameters from multiple systems. Each system has somewhere in the neighborhood of 3000-5000 parameters, some of which will not exist...
See more...
Hello, I have the following dataset. It consists of configuration parameters from multiple systems. Each system has somewhere in the neighborhood of 3000-5000 parameters, some of which will not exist in all systems. I am trying to come up with a list of unique combinations of parameters with an Matching flag which shows whether the value is identical between both systems. It should indicate a false flag if the parameter exists in either system, but not the other, or if the parameter exists in both systems but with different values. The parameters are identified by a unique combination of SERVICE_NAME, FILE_NAME, SECTION and KEY (all four are required to be the same). And the system is identified by SID. The data look like this: SID SERVICE_NAME FILE_NAME SECTION KEY VALUE AAA index global.ini global timezone_dataset 123 AAA dpserver index.ini password policy minimal_password_length 16 AAA index index.ini flexible_table reclaim_interval 3600 AAA dpserver global.ini abstract_sql_plan max_count 1000000 BBB dpserver index.ini password policy minimal_password_length 16 BBB index index.ini password policy minimal_password_length 25 BBB dpserver global.ini abstract_sql_plan max_count 1000000 BBB index index.ini mergedog check_interval 60000 The data is in a dashboard, along with drop-downs to select two systems to be compared. One a user selects system AAA and system BBB, I would like the result to show: SERVICE_NAME FILE_NAME SECTION KEY Match index global.ini global timezone_dataset No dpserver index.ini password policy minimal_password_length Yes index index.ini flexible_table reclaim_interval No dpserver global.ini abstract_sql_plan max_count Yes index index.ini password policy minimal_password_length No index index.ini mergedog check_interval No I have tried many different SPL searches, but none have provided the intended result. I would greatly appreciate any assistance or guidance. Cheers, David
Could the Splunk Add-on for Salesforce team clarify whether FIPS mode is supported? Per https://docs.splunk.com/Documentation/AddOns/released/Overview/Add-onsandFIPsmode it seems certain Add-on do b...
See more...
Could the Splunk Add-on for Salesforce team clarify whether FIPS mode is supported? Per https://docs.splunk.com/Documentation/AddOns/released/Overview/Add-onsandFIPsmode it seems certain Add-on do but there doesn't seem to be a definitive list of what supports it and what doesn't.
thank you for your response, I have tried your query but not getting the user not logged in for last 7 days 30d or 90d. it showing total 0,i need to show by selecting the time range it should automat...
See more...
thank you for your response, I have tried your query but not getting the user not logged in for last 7 days 30d or 90d. it showing total 0,i need to show by selecting the time range it should automatically show the result which user not logged into splunk web UI. For example we have 100 account in user list, only 10 users are actively login in, remaining user need to identify the when they last logged into splunk.
thank you for your response, I have tried your query but not getting the user not logged in for last 7 days 30d or 90d. By selecting the time range it should automatically show the result which user ...
See more...
thank you for your response, I have tried your query but not getting the user not logged in for last 7 days 30d or 90d. By selecting the time range it should automatically show the result which user not logged into splunk web UI. For example we have 100 account in user list, only 10 users are actively login in, remaining user need to identify the when they last logged into splunk.