Yes, you can create searches using the REST API in Splunk Cloud. Here are the basic steps: Get a Session Key: Authenticate with Splunk to get a session key. Create a Search Job: Use the /servic...
See more...
Yes, you can create searches using the REST API in Splunk Cloud. Here are the basic steps: Get a Session Key: Authenticate with Splunk to get a session key. Create a Search Job: Use the /services/search/jobs endpoint to create a search job. You’ll need to send a POST request with your search query in the body. Check Search Status: Use the search ID (sid) returned from the previous step to check the status of your search job. Here’s a simple example using curl: curl -k -u username:password https://<splunk-cloud-url>/services/search/jobs -d search="search index=_internal | head 10"
This command will create a search job that retrieves the first 10 events from the _internal index.
I am trying to remove the year from from the time labels on the area chart without it messing up the charts format. I've tried fieldformat but that would mess up the chart when the new year hap...
See more...
I am trying to remove the year from from the time labels on the area chart without it messing up the charts format. I've tried fieldformat but that would mess up the chart when the new year happens, any help would be great.
I am trying to create a new field called "description" that contains values from two other existing fields.
If field "app" is equal to linux than i want to combine existing fields "host" and "aler...
See more...
I am trying to create a new field called "description" that contains values from two other existing fields.
If field "app" is equal to linux than i want to combine existing fields "host" and "alert_type". If field "app" is equal to windows than i want to combine existing field values "host" and "severity"
If app equals anything else, i want the value to be false. Below is the eval i have, buts its not working:
| eval description=if('app'=="linux", host. "-" .alert_type', 'app'==windows, host. "-" .severity, "false")
Hi Ryan, Unfortunately, the uninstall-smart-agent instructions did not work. I need to remove the dead/inactive Smart Agent from the controller Agent Management--->Agents--->Smart Agents section. ...
See more...
Hi Ryan, Unfortunately, the uninstall-smart-agent instructions did not work. I need to remove the dead/inactive Smart Agent from the controller Agent Management--->Agents--->Smart Agents section. Thanks!
Hi can anybody help with this problem, please?
source1: lookup Tab (lookup.csv)
att1 att2 att3
F1 1100 12.09.2024
F2 1100 23.04.2024
F3 1100 15.06.2024
F4 1100 16.03.2024
att1 is also in index=...
See more...
Hi can anybody help with this problem, please?
source1: lookup Tab (lookup.csv)
att1 att2 att3
F1 1100 12.09.2024
F2 1100 23.04.2024
F3 1100 15.06.2024
F4 1100 16.03.2024
att1 is also in index=myindex
I want to have in a table for all att1 from lookup.csv count of all events from index=myindex att1=$att1$ AND earliest=strptime($att3$, "%d.%m.%Y")
output:
att1 count(from myindex) att2 att3
F1 count 1100 12.09.2024
F2 count 1100 23.04.2024
F3 count 1100 15.06.2024
F4 count 1100 16.03.2024
Hello @Kathryn.Green,
I was told you should be having a conversation soon with ApPDynamics about your questions here, as they have reached our privately.
Is there a way to get Service Endpoint values (response time, load, errors) into Analytics so it can be queried? I have multiple custom service endpoints that are looking at the performance of api c...
See more...
Is there a way to get Service Endpoint values (response time, load, errors) into Analytics so it can be queried? I have multiple custom service endpoints that are looking at the performance of api calls from a specific customer. They are calls like createCart and placeOrder etc. Is there a way for me to get the values like load, response time, and error counts for these service endpoints, in Analytics? I know I can get those metrics for business transactions, but these service endpoints are subsets within the BTs. I don't want to have to create a custom BT for each of these custom service endpoints if I can avoid that. Thanks, Greg
Hi @Huy.Nguyen,
First off, cool profile pic! Second, I found this AppD Docs page that could be helpful on how to uninstall a Smart Agent with Command line. https://docs.appdynamics.com/appd/24.x...
See more...
Hi @Huy.Nguyen,
First off, cool profile pic! Second, I found this AppD Docs page that could be helpful on how to uninstall a Smart Agent with Command line. https://docs.appdynamics.com/appd/24.x/24.8/en/agent-management/smart-agent/uninstall-smart-agent
If you want to avoid using 2 streamstats you shall try this way,
| streamstats count as Rank
| delta Score as Diff
| eval Rank=if(Diff=0,Rank-1,Rank)
| fields - Diff
And with 2 streamstats you sh...
See more...
If you want to avoid using 2 streamstats you shall try this way,
| streamstats count as Rank
| delta Score as Diff
| eval Rank=if(Diff=0,Rank-1,Rank)
| fields - Diff
And with 2 streamstats you shall try this so to avoid 1 extra filldown command,
| streamstats count as Rank
| streamstats window=2 range(Score) as range
| eval Rank=if(Rank=1 OR range != 0, Rank, Rank-1)
Hi, What if we are unable to upgrade the controller (v24.4.1) to version 24.6 or higher at this time, is there a way to remove the inactive Smart Agent from the controller via the command line or fr...
See more...
Hi, What if we are unable to upgrade the controller (v24.4.1) to version 24.6 or higher at this time, is there a way to remove the inactive Smart Agent from the controller via the command line or from the database? Thanks!
Hi Team
Can you please help me to provide a solution to use a csv file with the external vs internal user id data in the splunk.
Below is the current query and output that extracts the internal...
See more...
Hi Team
Can you please help me to provide a solution to use a csv file with the external vs internal user id data in the splunk.
Below is the current query and output that extracts the internal userid and i need another column to add corresponding external user id.
Csv file : ABC.csv
usr_id,eml_add_ds
internal user id 1 , external user id 1
internal user id 2 , external user id 2
internal user id 3 , external user id 3
internal user id 4 , external user id 4
Query :
(index=ABC) ("Start" OR "Finish") Properties.AspNetCoreEnvironment="*"
| rex field=Message "Start:\s*(?<start_info>[^\s]+)"
| rex field=Message "user\s(?<Userid>[^\took|.]+)"
| search start_info=*
| table Userid
| sort time
Output :
It is difficult to tell without seeing your events and lookup file values but taking a clue from the field name "cidr", does your lookup file contain CIDR-style values, and if so, have you created a ...
See more...
It is difficult to tell without seeing your events and lookup file values but taking a clue from the field name "cidr", does your lookup file contain CIDR-style values, and if so, have you created a lookup definition with advanced setting for match type CIDR(cidr)?
@richgalloway @jawahir007 Thank you both for the nice explanation. As part of my migration activity, I want to clean up or remove all the unnecessary sourcetypes from Splunk so that we may use ...
See more...
@richgalloway @jawahir007 Thank you both for the nice explanation. As part of my migration activity, I want to clean up or remove all the unnecessary sourcetypes from Splunk so that we may use less disk space and move data more quickly from the old server to the new one. But as per your suggestion, delete command will never reduce disk space and in migration the entire data will have to be copied. Am I understanding it correctly ? Some more addition on my first ask. 1. All the sourcetypes coming from one source. 2. All the sourcetypes belongs to only one index. 3. We are using transforms and props to build the sourcetypes. When a particular type of pattern events comes; then transforms create the sourcetype( as mentioned regex inside ) 4. All the parsing and filtering will take care by python script. 5. Both unnecessary and necessary sourcetypes are included in that one index. Thanks