All Topics

Top

All Topics

Hello, We have a dbinput that pull in data from an Oracle database. Yesterday, there was some problems with our indexer so we lost a bit of data in that time. I know that I can change the rising che... See more...
Hello, We have a dbinput that pull in data from an Oracle database. Yesterday, there was some problems with our indexer so we lost a bit of data in that time. I know that I can change the rising checkpoint value to yesterday but it will reindex data till that point to now. I want to know are there any other way to reindex those missing data in the pass without delete it all? Edit: I try the delete and reindex all by changing the tail_rising_column_checkpoint_value to the epoch time in the pass but when it's start it only start indexing from the point that I refresh please help
Hi Splunkers, this might be a dumb question but I am a bit confused in regard to ITSI licensing. I understand that ITSI requires an ingest of at least 50GB as well as a separate ITSI license in add... See more...
Hi Splunkers, this might be a dumb question but I am a bit confused in regard to ITSI licensing. I understand that ITSI requires an ingest of at least 50GB as well as a separate ITSI license in addition to the Splunk Core license. Does that mean a 50GB Core license and a 0GB ITSI license? Or could you get a 0GB Core license (like you would use on a HF that doesn't ingest anything) and a 50GB ITSI license?  And can both be installed in the same place in the GUI of the license master or is there a special process for the ITSI license?
Hello, I have a lookup on which we have two columns, one with the computer name and the other with the OS version. When I do a search in the windows index via splunk (event logs) I want to us... See more...
Hello, I have a lookup on which we have two columns, one with the computer name and the other with the OS version. When I do a search in the windows index via splunk (event logs) I want to use this lookup to add the OS version in the result In fact, I want to display the information in my lookup in the result field of my index search. Greetings
Hi All,  I have this simple search that shows logins from same SRC IP  to multiple Destination hosts.  Can someone pls explain why does dc(dest_ip) not match the # of values reported by values(dest)... See more...
Hi All,  I have this simple search that shows logins from same SRC IP  to multiple Destination hosts.  Can someone pls explain why does dc(dest_ip) not match the # of values reported by values(dest) in the Results ?  You will notice in the results, that if values(dest) shows 2 hostnames then dc(dest) shows 4 . Should't it be  that if dc(dest_ip) shows 4  then values(dest) should also report 4 unique host names?  What am i missing ?   Thanks   index=xxx source="WinEventLog:Security" EventCode=5140 | stats dc(dest_ip) as dest_count values(dest) values(Account_Name) values(user_first) values(user_last)by Source_Address | rename values(*) as *     Results:  Source_Address dest_count dest Account_name user_first user_last 10.x.x.11 4 server01@domain.com server02@domain.com xxxx xxx xxx 10.x.x.12 4 server01@domain.com server02@domain.com xxxx xx xx 10.x.x.13 2 server03@domain.com xxx xx xx
Hi  below is one of the requirement I have multiple lookuptable example  number  name   lookuptable 1               abc       1stlookuptable   number  name     lookuptable 1               a... See more...
Hi  below is one of the requirement I have multiple lookuptable example  number  name   lookuptable 1               abc       1stlookuptable   number  name     lookuptable 1               abc       2ndlookuptable   number  name    lookuptable 1               dxc       3rdlookuptable   number  name    lookuptable 1               xyz       4thlookuptable   number  name    lookuptable 1               abc       5thlookuptable   requirement is how to build query where name=abc (from above example) to shows below table fields stating abc belong to which lookuptable on run name lookuptable   example out name  lookuptable abc       1stlookuptable                2ndlookuptable                5thlookuptable
Lets assume, I have a linux machine and installed universal forwarder in that. can i improve the performance by changing some parameters in os kernel ?
Hello Splunkers, On many of sites, we are experiencing this Buckets Error.  Does anyone have the same issues? and how can we solve this issue?  I really appreciate about your work will be prov... See more...
Hello Splunkers, On many of sites, we are experiencing this Buckets Error.  Does anyone have the same issues? and how can we solve this issue?  I really appreciate about your work will be provided.    Buckets Root Cause(s): The percentage of small buckets (100%) created over the last hour is high and exceeded the red thresholds (50%) for index=_internal, and possibly more indexes, on this indexer. At the time this alert fired, total buckets created=4, small buckets=4 Unhealthy Instances idx3 idx4
WATCH THIS PAGE FOR UPDATES — Click the caret menu above right, then Subscribe Want a notification of new monthly Product Update editions? Click this link, then Subscribe on the message bar In Jun... See more...
WATCH THIS PAGE FOR UPDATES — Click the caret menu above right, then Subscribe Want a notification of new monthly Product Update editions? Click this link, then Subscribe on the message bar In June, the AppDynamics SaaS Controller v22.6.0 was released with key product enhancements, as well as a number of agent enhancements. AppDynamics Cloud, our new purpose-built, cloud-native monitoring product was released on June 28, 2022. The AppDynamics Accounts portal now includes the ability to use single sign-on access for all account management activities without the need to re-enter passwords. In this article... Feature Enhancements Heads Up - What Else You Should Know Resolved and Known Issues Get Started What release highlights should I know about? These release highlights include the newest features and capabilities this month, at a glance. In the grid below, we’ve flagged who within your organization may be most interested or impacted for each enhancement.  CATEGORY ENHANCEMENT USER and PERFORMANCE ANALYST ADMIN and IMPLEMENTER  DEVELOPER FULL-STACK OBSERVABILITY AppDynamics Cloud ✓  ✓   AGENT UPDATES Cluster Agent   ✓   Database Agent ✓     Flutter Agent    ✓   Java Agent   ✓ ✓ Javascript Agent ✓ ✓   Machine Agent   ✓   .NET Agent ✓ ✓   Private Synthetic Agent   ✓   SAAS CONTROLLER Experience Journey Map ✓     Account Management ✓ ✓   Full-Stack Observability AppDynamics Cloud AppDynamics Cloud is our brand new, purpose-built, cloud-native monitoring product. It provides full-stack observability for large, managed Kubernetes deployments on public clouds, with support for account and user onboarding, cloud onboarding, infrastructure onboarding, and installation of OpenTelemetry-compatible agents to instrument your microservices.  Providing observability across all of your domains without requiring you to switch from tab to tab, ApDynamics Cloud delivers a cohesive at-a-glance health analysis across your entire cloud native stack. See the release notes describing enhancements and new features for this release of AppDynamics Cloud, and the AppDynamics Cloud launches at Cisco Live announcement for an overview of its impact to the technology community. (GA v22.6 Released June 28, 2022) Agent Updates Cluster Agent You can now deploy more than 100 pods during instrumentation using the instrumentationMaxPollingAttempts argument. Please refer to the Configure the Cluster Agent documentation for more details.  Additionally, the Cluster Agent and Operator images have been upgraded to version 1.17.11. (GA v22.6 Released June 21, 2022) Database Agent CPU core counts in the RDS instances are now supported when hardware monitoring is enabled, which applies to MySQL and Postgres databases. Please see Configure the Database Agent to Monitor Server Hardware. (v22.6.0 Released June 13, 2022)   Flutter Agent This release includes a bug fix regarding running the plugin on iOS 12.4 simulators. (v22.6.0 Released June 7, 2022) Java Agent JavaAgent v22.6 includes support for AWS SQS SDK for JAVA 2.x. See Amazon Simple Queue Service Backends.  It also includes the option to configure the transaction stall threshold. See the min-transaction-stall-threshold-in-seconds node property. (v22.6.0 Released June 28, 2022) JavaScript Agent There have been updates in the way Visually Complete Time (VCT) and Page Complete Time (PCT) metrics are calculated through SVGUseElement. Additionally, there is a new API function call for creating custom names for pre-existing SPA2 virtual pages. See Set Custom Virtual Page Names for more details on that. (v22.6.0 Released June 15, 2022)   Machine Agent In release 22.6.0: Machine Agent 22.6.0 is tested and confirmed to be supported on Red Hat Enterprise Linux (RHEL) 9 and Windows 2012. See Tested Platforms. The dropwizard-jetty library has been upgraded to 2.0.22 2.0.29 PLEASE NOTE | AppDynamics recommends using Machine Agent 22.2.0 for AIX OS As of this release, the Machine Agent installation link was removed from the Getting Started Wizard. To download the Machine Agent, visit https://accounts.appdynamics.com/downloads  and see Install the Machine Agent.   .NET Agent This .NET Agent release includes integration of the OpenTelemetry SDK: See Enable OpenTelemetry in the .NET Agent, enabling the enable_tls12 configuration for the .NET Machine Agent, and other fixes and adjustments. See the Release Notes for details. (v22.6.0 Released June 30, 2022)   Private Synthetic Agent This release includes new proxy server configurations for the Agent and Heimdall. See Configure Web Monitoring PSA and API Monitoring PSA. (v22.6.0 Released June 28, 2022)   SaaS Controller Experience Journey Map The 22.6 Controller release includes new custom labels being available which can be used to rename end-user events in user journeys. Additionally, Mobile Sessions are no longer created from connection transitions or network request end-user events. (v22.6.0 Released June 23, 2022) Account Management The Accounts Management portal now allows users to use single sign-on for all activities, enabling all AppDynamics IdP-managed users to access all authorized AppDynamics products and services from any entry point and navigate to any other service or Controller Tenant without entering their password again. This enhancement includes a slight change to the sign-in screen For more information please see Configure Single Sign-on through SAML. (v22.6.0 Released June 1, 2022) NOTE | To view all technical documentation associated with this month’s releases, please visit Product Announcements, Alerts, and Hot Fixes in our documentation portal.  To Table of Contents  |  To Resource List What else you should know  Did you notice the new Community look? Your Community Team is thrilled to unveil the site redesign we’ve been working on. We hope you find the modernized new style more usable. And this is just the beginning, with substantive additional enhancements planned, ongoing.  How is it working for you? What else would you like to see? Please let us know what you think! The current changes include new announcement tiles that link to current topics on the Community’s homepage. There are also updates to the Discussion Forums, as well as reorganized settings (Community Profile, Notifications, and Private Messages). You can find details in this short post: What do you think of our new AppDynamics Community look? AppDynamics University streamlined Learning Plans Throughout the month, University has been streamlining some learning plans included in the Learning Recognition Program, so customers will have a more straightforward path to gain recognition for their learning.  See the full details of what has changed in the Changes to our Learning Plans post here in Community. Also see all the most recent University posts in News and Announcements. Enhancements to University subscription voucher self-service tools The University team has been diligently building additional self-service tools for customers to manage your University subscriptions. Learn about the latest enhancements and what’s to come in our Community post. To Table of Contents  |  To Resource List Resolved and known issues The following key issues were resolved this month. You can see a complete listing of this month’s Agent and Controller Resolved Issues, as well as additional detail around known issues in the Release Notes.  Database Monitoring | In the Databases, Events view doesn't show expected results (DBMON-8621) To Table of Contents  |  To Resource List Get Started PLEASE NOTE | customers are advised to check backward compatibility in the Agent and Controller Compatibility documentation.  Download Essential Components (Agents, Enterprise Console, Controller (on-prem), Events Service, EUM Components) Download Additional Components (SDKs, Plugins, etc.) How do I get started upgrading my AppDynamics components for any release? Product Announcements, Alerts, and Hot Fixes Open Source Extensions License Entitlements and Restrictions Can’t find what you’re looking for? Need assistance? Connect in the Community Discussions forums! To Table of Contents
Background story: We have some customers using a site to site VPN to reach our corporate networks.  The customer has like 3-4 network prefixes in their environment. I want to check network traffic co... See more...
Background story: We have some customers using a site to site VPN to reach our corporate networks.  The customer has like 3-4 network prefixes in their environment. I want to check network traffic counters to see if the customer networks are sending/receiving any traffic to/from my corporate network.  Please share some suggested searches.  I'm looking for ANY type of network traffic. For example: customer network A 192.168.1.0/24 customer network B 192.168.2.0/24
Splunk data retention period is for 7 days. But i could still see 2 years back data now. I am not sure why?  Can anyone help on this 
I have two queries from the same set of index and app names using different search terms from which I am extracting a set of fields as below: Query1: index=A cf_app_name=B  "search string 1" | r... See more...
I have two queries from the same set of index and app names using different search terms from which I am extracting a set of fields as below: Query1: index=A cf_app_name=B  "search string 1" | rex field=_raw "(?ms)Id: (?P<Id>[^,]+), service: (?P<service>[^,]+), serial: (?P<serial>[^,]+), Type: (?P<Type>[a-zA-Z-]+)" | table serial Id Type service _time Query 2: index=A cf_app_name=B "search string 2" | rex field=_raw "(?ms)serial\\W+(?P<serial>[^\\\\]+)\\W+\\w+\\W+(?P<Type>[^\\\\]+)\\W+\\w+\\W+\\w+\\W+(?P<Id>[a-zA-Z]+-\\d+-\\d+)\\W+\\w+\\W+(?P<gtw>[^\\\\]+)\\W+\\w+\\W+(?P<service>[^\\\\]+)" | table serial Type Id service _time My requirement is to list all the values in Query1 and then show a Y/N flag if there is a match in Query2 based on the field 'Id'. Tried join and append, but do not seem to be getting the right results, any suggestions will be appreciated.
Hello, I'm new working with Splunk and I want to create reports and email notification to me  when  any systems go down. Can any of you help me with any search string for that? Thank you! Thelma
Hello,  I have the following log: Month date time, ip address, host, [system] 2022 194 16:15:14 X01: Freq error: phase start: -13.5 ns, phase end: +4.7 ns I'm trying to create custom fields nam... See more...
Hello,  I have the following log: Month date time, ip address, host, [system] 2022 194 16:15:14 X01: Freq error: phase start: -13.5 ns, phase end: +4.7 ns I'm trying to create custom fields named "Start" and "End" that hold the positive and negative numerical values only, but I am fairly new to field extraction and can't seem to find a way to tie the values to "phase start" and "phase end" without having them included in the field....  
Can we do the event sampling in forwarder before indexing the event in indexer to reduce the event size ?
Hello, I have in the "Network_Traffic.All_Traffic" a Calculated Field called "rule". The Datamodel is accelerated, therefore the eval expression is not editable from Web UI and I cannot see the e... See more...
Hello, I have in the "Network_Traffic.All_Traffic" a Calculated Field called "rule". The Datamodel is accelerated, therefore the eval expression is not editable from Web UI and I cannot see the expression to extract/calculate the field. I tried searching in all the *.conf files but I do not find it, I was expecting to find it on a props.conf I know the workaround is to temporary disable the acceleration, so that the calculated field becomes editable and I can see how it is calculated, but I would like to avoid doing that. Is there any other way to do that OR do you know where the Datamodel Calculated Fields are saved? Thanks a lot, Edoardo
Hi Team, I have a field like below : Cost : 0.4565534553453 0.0000435463466 0.0021345667788 0.0000000005657 I want to get values from this cost field which has value till 4 decimals i.e ... See more...
Hi Team, I have a field like below : Cost : 0.4565534553453 0.0000435463466 0.0021345667788 0.0000000005657 I want to get values from this cost field which has value till 4 decimals i.e only 0.4565534553453 and 0.0021345667788.  How can I achieve this in my splunk query. Please can anyone help me . Regards, NVP
Hi Splunkers, I struggled badly trying to get this solved, but no luck? I need to join to a different search using the ip_address to get the host name : Base search for the join: index= X  sour... See more...
Hi Splunkers, I struggled badly trying to get this solved, but no luck? I need to join to a different search using the ip_address to get the host name : Base search for the join: index= X  sourcetype=server  dv_ir=4311.00. The dv_name field is the host name and the dv_ip_address is the ip_address. Any help will be appreciated. Thank you all!  
I have the following sample data in a csv file.I am trying to import it but its  unable to break the line and detect the timestamp. Sample events "Jun30.22.21.55, LVVL@abc.LOCAL, InOctets, 557766... See more...
I have the following sample data in a csv file.I am trying to import it but its  unable to break the line and detect the timestamp. Sample events "Jun30.22.21.55, LVVL@abc.LOCAL, InOctets, 557766140, OutOctets, 3462815293, Total MB used, 502.572679125" "Jun30.22.21.55, ALU@abc.LOCAL, InOctets, 4238119433, OutOctets, 3683403330, Total MB used, 990.190345375" "Jun30.22.21.55, RXGH@abc.LOCAL, InOctets, 233853544, OutOctets, 485536206, Total MB used, 89.92371875"    
Anyone else having issues with returning all the Business Transactions from an application using the Splunk addon for AppDynamics? Experiencing this issue across all our apps in AppD. For instance, w... See more...
Anyone else having issues with returning all the Business Transactions from an application using the Splunk addon for AppDynamics? Experiencing this issue across all our apps in AppD. For instance, we have one app with a couple hundred BTs and the addon will only capture 19 of them. When I run the same command that the addon is using as a CURL it will return all the BTs. Running v1.9.0 of the addon on Splunk 8.2.5 on Linux.
I've had quite a good look around the internet and have been unable to find an answer to this question. This question in particular touches on it, but the performance comparison is left unanswered. W... See more...
I've had quite a good look around the internet and have been unable to find an answer to this question. This question in particular touches on it, but the performance comparison is left unanswered. We are thinking about moving away from Splunk UF to an open source solution, which will likely only support HEC. Before making this change I'd like to know any consequences on performance/resource usage on the indexers. What are the impacts on resource usage and index/search performance between UF and HEC?