Hello @ITWhisperer , Thanks for that. I'm currebtly using Splunk Enterprise with Version 9.1.1, So thats the reason. Any alternative way to work on this with this version? Thanks for...
See more...
Hello @ITWhisperer , Thanks for that. I'm currebtly using Splunk Enterprise with Version 9.1.1, So thats the reason. Any alternative way to work on this with this version? Thanks for pointing it out. regards, Manoj Kumar S
OK so there is probably something different about the search which is not working - perhaps if you shared that with us we might be able to spot something, but at the moment this knowledge is unavaila...
See more...
OK so there is probably something different about the search which is not working - perhaps if you shared that with us we might be able to spot something, but at the moment this knowledge is unavailable to us.
bit-wise functions only came into Splunk Enterprise in 9.2.0 and in 9.1 in Cloud Services (according to the documentation) - which version of Splunk are you using?
Hello @yuanliu , Thanks for your response! I'm having this error "Error in 'EvalCommand': The arguments to the 'tostring' function are invalid.", can you please help me in this. Thanks ...
See more...
Hello @yuanliu , Thanks for your response! I'm having this error "Error in 'EvalCommand': The arguments to the 'tostring' function are invalid.", can you please help me in this. Thanks in advance!
@mayankrojo- Your Technology Add-on seems to be built by UCC Framework of Splunk. Which as of today not providing option to hide that button. https://splunk.github.io/addonfactory-ucc-generator/open...
See more...
@mayankrojo- Your Technology Add-on seems to be built by UCC Framework of Splunk. Which as of today not providing option to hide that button. https://splunk.github.io/addonfactory-ucc-generator/openapi/ I hope this helps!!!
@nicholaszn- Easiest thing to do is load your existing Add-on on to Add-on Builder and re-build the Add-on with new version, will automatically upgrade all the libraries. I hope this helps!!!
Thankyou for your information, reason why i create /var/log because i want ingest everything in /log and Splunk do it perfectly. It will be named default by Splunk but its okay And for .bash_h...
See more...
Thankyou for your information, reason why i create /var/log because i want ingest everything in /log and Splunk do it perfectly. It will be named default by Splunk but its okay And for .bash_history i input that because that's a request. Once again thanks sir, now i no need worries anymore about this newIndex size.
@sbel- It is not recommend to install the package on install of App/Add-on, for a lot of reasons, it always good idea to bundle it as part of the App/Add-on build. Now the case of what OS version Sp...
See more...
@sbel- It is not recommend to install the package on install of App/Add-on, for a lot of reasons, it always good idea to bundle it as part of the App/Add-on build. Now the case of what OS version Splunk Cloud is running, you can ask this to Splunk Cloud Support. I hope this helps!!! Kindly upvote if it does!!
@vjsplunk- If that is the case and you said you are not using base-searches then the only issue could be browser caching or cookie issue. Try incognito window.
Hi @vjsplunk , are you using a post process search? if yes, you have to declare all the fields that you use in the panels, using fields. Ciao. Giuseppe
@vjsplunk- Is your Panel and Direct search using the same time-range?? Try increasing the time-range on the dashboard maybe! Also, what happens when you open the panel in "Open in Search" from...
See more...
@vjsplunk- Is your Panel and Direct search using the same time-range?? Try increasing the time-range on the dashboard maybe! Also, what happens when you open the panel in "Open in Search" from the bottom right of the panel? Do you see the results or no? I hope this helps!!! Kindly upvote if it does!!!
Hi @fahimeh , this is a Splunk maintenad add-on, so you can open a case to Splunk Support. Without accessing your system it's hard to identify the issue. Ciao. Giuseppe
@icecreamkid98- You can use both into your existing or new App. React dashboard within App - https://www.youtube.com/watch?v=a_DQ9VtwTDY (There are many App examples if you google it) Visualizatio...
See more...
@icecreamkid98- You can use both into your existing or new App. React dashboard within App - https://www.youtube.com/watch?v=a_DQ9VtwTDY (There are many App examples if you google it) Visualization within App - All Viz on the Splunkbase is example for this - ex. https://splunkbase.splunk.com/app/4378 I hope this helps!!! Kindly upvote if it does!!!
Hello @tscroggins , Thanks for your reply! I'm having this error - "Error in 'EvalCommand': The 'bit_shift_right' function is unsupported or undefined." Can you help in resolving this er...
See more...
Hello @tscroggins , Thanks for your reply! I'm having this error - "Error in 'EvalCommand': The 'bit_shift_right' function is unsupported or undefined." Can you help in resolving this error. Thanks in Advance!
Yes, it is perfectly normal. By default splunk reads all it can from the specified input file(s) and then keeps track of how much it has already read and only reads newly written entries. Nothing to ...
See more...
Yes, it is perfectly normal. By default splunk reads all it can from the specified input file(s) and then keeps track of how much it has already read and only reads newly written entries. Nothing to worry about. I have two issues with your inputs. One is that monitoring .bash_history alone makes relatively little sense (things you want to find are usually pretty easy to avoid being written to bash histiry). Anotheris that ingesting all /var/log with single sourcetype will end with a horrible mess since you have many different kinds of logs there.