Having converted the number to hex, perform 16 replacements, starting with 0, then 1, replacing the hex digit with the corresponding binary equivalent.
Yes, but in /var/log there are many different kinds of files (and typically even many different kinds of events within some files) and each of them should be parsed differently. If you just ingest al...
See more...
Yes, but in /var/log there are many different kinds of files (and typically even many different kinds of events within some files) and each of them should be parsed differently. If you just ingest all of them into one big "sack", you will most definitely lose at least some info (like properly parsed timestamps on some events) and you will not have properly parsed fields for many of those events. So if you have - for example - /var/log/exim/main.log you should ingest it separately with exim_main sourcetyp (and reject.log should have own input stanza with exim_reject sourcetype). Apache httpd access logs should be ingested separately with one of the access_* sourcetypes depending on your apache configuration. And so on. If you just pull everything with one generic sourcetype... well, you can do a full-text search but not much more. You're losing a lot of functionality.
Hello @ITWhisperer , Thanks for that. I'm currebtly using Splunk Enterprise with Version 9.1.1, So thats the reason. Any alternative way to work on this with this version? Thanks for...
See more...
Hello @ITWhisperer , Thanks for that. I'm currebtly using Splunk Enterprise with Version 9.1.1, So thats the reason. Any alternative way to work on this with this version? Thanks for pointing it out. regards, Manoj Kumar S
OK so there is probably something different about the search which is not working - perhaps if you shared that with us we might be able to spot something, but at the moment this knowledge is unavaila...
See more...
OK so there is probably something different about the search which is not working - perhaps if you shared that with us we might be able to spot something, but at the moment this knowledge is unavailable to us.
bit-wise functions only came into Splunk Enterprise in 9.2.0 and in 9.1 in Cloud Services (according to the documentation) - which version of Splunk are you using?
Hello @yuanliu , Thanks for your response! I'm having this error "Error in 'EvalCommand': The arguments to the 'tostring' function are invalid.", can you please help me in this. Thanks ...
See more...
Hello @yuanliu , Thanks for your response! I'm having this error "Error in 'EvalCommand': The arguments to the 'tostring' function are invalid.", can you please help me in this. Thanks in advance!
@mayankrojo- Your Technology Add-on seems to be built by UCC Framework of Splunk. Which as of today not providing option to hide that button. https://splunk.github.io/addonfactory-ucc-generator/open...
See more...
@mayankrojo- Your Technology Add-on seems to be built by UCC Framework of Splunk. Which as of today not providing option to hide that button. https://splunk.github.io/addonfactory-ucc-generator/openapi/ I hope this helps!!!
@nicholaszn- Easiest thing to do is load your existing Add-on on to Add-on Builder and re-build the Add-on with new version, will automatically upgrade all the libraries. I hope this helps!!!
Thankyou for your information, reason why i create /var/log because i want ingest everything in /log and Splunk do it perfectly. It will be named default by Splunk but its okay And for .bash_h...
See more...
Thankyou for your information, reason why i create /var/log because i want ingest everything in /log and Splunk do it perfectly. It will be named default by Splunk but its okay And for .bash_history i input that because that's a request. Once again thanks sir, now i no need worries anymore about this newIndex size.
@sbel- It is not recommend to install the package on install of App/Add-on, for a lot of reasons, it always good idea to bundle it as part of the App/Add-on build. Now the case of what OS version Sp...
See more...
@sbel- It is not recommend to install the package on install of App/Add-on, for a lot of reasons, it always good idea to bundle it as part of the App/Add-on build. Now the case of what OS version Splunk Cloud is running, you can ask this to Splunk Cloud Support. I hope this helps!!! Kindly upvote if it does!!
@vjsplunk- If that is the case and you said you are not using base-searches then the only issue could be browser caching or cookie issue. Try incognito window.
Hi @vjsplunk , are you using a post process search? if yes, you have to declare all the fields that you use in the panels, using fields. Ciao. Giuseppe
@vjsplunk- Is your Panel and Direct search using the same time-range?? Try increasing the time-range on the dashboard maybe! Also, what happens when you open the panel in "Open in Search" from...
See more...
@vjsplunk- Is your Panel and Direct search using the same time-range?? Try increasing the time-range on the dashboard maybe! Also, what happens when you open the panel in "Open in Search" from the bottom right of the panel? Do you see the results or no? I hope this helps!!! Kindly upvote if it does!!!
Hi @fahimeh , this is a Splunk maintenad add-on, so you can open a case to Splunk Support. Without accessing your system it's hard to identify the issue. Ciao. Giuseppe
@icecreamkid98- You can use both into your existing or new App. React dashboard within App - https://www.youtube.com/watch?v=a_DQ9VtwTDY (There are many App examples if you google it) Visualizatio...
See more...
@icecreamkid98- You can use both into your existing or new App. React dashboard within App - https://www.youtube.com/watch?v=a_DQ9VtwTDY (There are many App examples if you google it) Visualization within App - All Viz on the Splunkbase is example for this - ex. https://splunkbase.splunk.com/app/4378 I hope this helps!!! Kindly upvote if it does!!!
Hello @tscroggins , Thanks for your reply! I'm having this error - "Error in 'EvalCommand': The 'bit_shift_right' function is unsupported or undefined." Can you help in resolving this er...
See more...
Hello @tscroggins , Thanks for your reply! I'm having this error - "Error in 'EvalCommand': The 'bit_shift_right' function is unsupported or undefined." Can you help in resolving this error. Thanks in Advance!