All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

All Topics

How to generate logs from a custom Python script?

by in Splunk Dev
‎04-25-2022 09:20 AM
‎04-25-2022 09:20 AM
Hey there Splunk community. I'm new here and I would appreciate some help if it is possible. So, I have to create a Splunk app that runs a Python script each day and it should generate random log ev... See more...
Hey there Splunk community. I'm new here and I would appreciate some help if it is possible. So, I have to create a Splunk app that runs a Python script each day and it should generate random log events and index them into Splunk. I'm not sure what's the best approach for this. I already wrote a custom script and successfully tested it by implementing it in Splunk (Data Inputs > Scripts...) but I don't know how to run it once a day and get x amount of log events. I did use Cron schedule for scheduling it once a day but I only get one log event. Is there a way Splunk can run a script x amount of times at once? Thank you!

Dashboard Initial Token input.

by in Dashboards & Visualizations
‎04-25-2022 08:15 AM
‎04-25-2022 08:15 AM
Hi, All  Since the last Splunk update I've noticed some unexpected behavior when it comes to tokens with Splunk Dashboard Studio. If you have an input (dropdown or multiselect) with a default valu... See more...
Hi, All  Since the last Splunk update I've noticed some unexpected behavior when it comes to tokens with Splunk Dashboard Studio. If you have an input (dropdown or multiselect) with a default value set to None. After loading the dashboard page, then setting the input value, The base searches in the dashboard that use the input token will update,  but any chain searches of that base search do not. It does however update if you either refresh the page with the tokens set in the url, or a change to the input for a second time. (any other action which causes the page to refresh in some way eg: editing page will update the dashboard and the chain search will update) is this behaviour a bug, and is there currently a way to fix this behaviour? Thanks Daniel  Below is a self contained minimal example to demonstrate this. Splunk Dashboard Studio: Absolute/Full control layout   { "visualizations": { "viz_cdPoxmBV": { "type": "splunk.table", "dataSources": { "primary": "ds_CJTH14Fk" }, "title": "Base" }, "viz_t4aAHmKH": { "type": "splunk.table", "title": "Chain", "dataSources": { "primary": "ds_aqLh17e3" } } }, "dataSources": { "ds_CJTH14Fk": { "type": "ds.search", "options": { "query": "| makeresults\n| eval a=\"$input$\"\n| table a ", "queryParameters": { "earliest": "0", "latest": "" } }, "name": "Search_Base" }, "ds_aqLh17e3": { "type": "ds.chain", "options": { "extend": "ds_CJTH14Fk", "query": "| eval a=a+\"_END\"" }, "name": "Search_1" } }, "defaults": { "dataSources": { "ds.search": { "options": { "queryParameters": { "latest": "$global_time.latest$", "earliest": "$global_time.earliest$" } } } } }, "inputs": { "input_aXQ6s8I2": { "options": { "items": [ { "label": "All", "value": "*" }, { "label": "Item 1", "value": "item001" }, { "label": "Item 2", "value": "item002" } ], "token": "input" }, "title": "Dropdown Input Title", "type": "input.dropdown" } }, "layout": { "type": "absolute", "options": { "display": "auto-scale" }, "structure": [ { "item": "viz_cdPoxmBV", "type": "block", "position": { "x": 10, "y": 10, "w": 410, "h": 140 } }, { "item": "viz_t4aAHmKH", "type": "block", "position": { "x": 430, "y": 10, "w": 400, "h": 140 } } ], "globalInputs": [ "input_aXQ6s8I2" ] }, "description": "", "title": "Test_Token" }  
Labels

Can we submit events over HEC to an index other than main?

by in Getting Data In
‎04-25-2022 07:44 AM
‎04-25-2022 07:44 AM
  Hi people. I'm attempting to submit an event over HEC to an index called dev_game-publishing. This looks like: curl -k 'https://so1:8088/services/collector/event?index=dev_game-publishing' ... See more...
  Hi people. I'm attempting to submit an event over HEC to an index called dev_game-publishing. This looks like: curl -k 'https://so1:8088/services/collector/event?index=dev_game-publishing' -H "Authorization: Splunk 11111111-2222-3333-4444-555555555555" -d '{"event": "hello world unique"}'; echo {"text":"Success","code":0} Or: curl -k 'https://so1:8088/services/collector/event' -H "Authorization: Splunk 11111111-2222-3333-4444-555555555555" -d '{"event": "hello world unique"}'; echo {"text":"Success","code":0} I've of course changed my token to nonsense. Those "Success" strings sound to me like the submission has worked. However, when I go to Search in the web interface and look for "index=*" (for All time), I see only a small number of my test events, and they're all on the main index.   The token I'm using defaults to the dev_game-publishing index. I believe I'm using a Trial license. What do I need to do to get Splunk to accept events on the dev_game-publishing index? Thanks!

How to get the new errors that don't appear yesterday?

by in Splunk Search
‎04-25-2022 07:36 AM
‎04-25-2022 07:36 AM
Hi everyone! We want to get the new errors that don't appear yesterday. For example, if an action named A. Its yesterday's error codes are A1, A2, A3. But its today's error codes are A1, A2, A4, A5. ... See more...
Hi everyone! We want to get the new errors that don't appear yesterday. For example, if an action named A. Its yesterday's error codes are A1, A2, A3. But its today's error codes are A1, A2, A4, A5. A4 and A5 are new errors. The fields we use in Splunk is below: application: the name of an application transId: the name of an action in our system errorCode: the error code of an action once an exception occurred The result we want to get for the example above is like below: application transId errorCode exp A A4 exp A A5   I've tried subsearch but it doesn't work well! Subsearch will be auto-finalized after 60s!
Labels

Why are CIM fields missing fields for ESXi audit events?

by in All Apps and Add-ons
‎04-25-2022 06:49 AM
‎04-25-2022 06:49 AM
Hello all, I suspect I am missing something obvious, but where are all the CIM fields for ESXi audit logs?   - I have VMware logs being sent to a syslog port. Have a mix of vmware 7.0 and 6.7 v... See more...
Hello all, I suspect I am missing something obvious, but where are all the CIM fields for ESXi audit logs?   - I have VMware logs being sent to a syslog port. Have a mix of vmware 7.0 and 6.7 vcenters (Splunk 8.2) # https://docs.splunk.com/Documentation/AddOns/released/VMW/ESXihosts - I am using the latest Splunk Add-on for VMware ESXi Logs (4.2.1) - I have had to modify line breaking rules - I have an index cluster, so I had to update the DATETIME_CONFIG field (from .../apps/... to slave_apps) - I am capturing the hostname via rsyslog and putting into into the directory. I am reading it as my host value (example: /var/log/vmware/hostname/day_hour/log.log) - I am capturing logs as "vmw-syslog," logs are being renamed to things such as "vmware:esxlog:vpxd" by the TA The TA as-is captures application and message fields for most events. But I don't see any configurations that would capture a user or action field, CIM fields or tags for login events, etc. Am I missing something? I am seeing logs that look like this, but no attempt to parse CIM fields: 2022-04-21T17:37:17.686700+00:00 <host> vpxd 3115 - - Event [49110010] [1-1] [2022-04-21T17:37:17.685845Z] [vim.event.UserLogoutSessionEvent] [info] [AD\<user>] [] [49111254] [User AD\<user>@127.0.0.1 logged out (login time: Thursday, 21 April, 2022 05:27:42 PM, number of API invocations: 1, user agent: VMware vim-java 1.0)]   2022-04-21T17:27:42.654618+00:00 <host> vpxd 3115 - - Event [49109228] [1-1] [2022-04-21T17:27:42.654052Z] [vim.event.UserLoginSessionEvent] [info] [AD\<user>] [] [49104519] [User AD\<user>@127.0.0.1 logged in as VMware vim-java 1.0]
Labels

How to do TimeChart implementation with DB SQL query?

by in Dashboards & Visualizations
‎04-25-2022 04:49 AM
‎04-25-2022 04:49 AM
I want to implement timechart with span in db sql query. But while implementation, I am getting zero result. Basically, I want to show count with timechart. Even, I verified that data is com... See more...
I want to implement timechart with span in db sql query. But while implementation, I am getting zero result. Basically, I want to show count with timechart. Even, I verified that data is coming with the same query with created_timestamp column.   I don't know what step I am doing missing, while using timechart.
Labels

How to do regex Extraction on multiple lines?

by in Splunk Search
‎04-25-2022 03:03 AM
‎04-25-2022 03:03 AM
I have been avoiding RegEx for quite sometime in Splunk but I now I really need to deal with it and understand it. I really need help with this three cases; First Case: I have events that usual... See more...
I have been avoiding RegEx for quite sometime in Splunk but I now I really need to deal with it and understand it. I really need help with this three cases; First Case: I have events that usually start with things like 57A,53A and followed by other strings. I want to match 57A but the field value will be FMDKNTLA :57A:3232324646 FMDKNTLA Second Case: Another extraction example will be extracting  field 31A but the value will be "NKN" :32A:200117NKN200000000,00 Third Case: extracting field 31A but the value will be "200000000,00" :31A:200117NKN200000000,00   Any help will be appreciated
Labels

Why is Splunk slow when using radius authentication?

by in All Apps and Add-ons
‎04-25-2022 02:59 AM
‎04-25-2022 02:59 AM
Hello I have installed and setup RADIUS Authentication radius_auth 1.4.1, all autentiction is correct and radius user are comming up with the admin role. The problem is that when searching a inde... See more...
Hello I have installed and setup RADIUS Authentication radius_auth 1.4.1, all autentiction is correct and radius user are comming up with the admin role. The problem is that when searching a index splunk is taking a long time to fetch the data, when looking through logs I found the logs below in splunkd.log, these lines appear when running a search, alot of them. Only when using radius, not when using a local user. Seems like this is the reason for search being slow, but not sure what is going on. Can anyone help ?. Thnx    4-25-2022 11:45:24.154 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~55.19 milliseconds to execute. elapsed_msec=56 04-25-2022 11:45:24.204 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~49.04 milliseconds to execute. elapsed_msec=50 04-25-2022 11:45:24.248 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.72 milliseconds to execute. elapsed_msec=44 04-25-2022 11:45:24.293 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~44.53 milliseconds to execute. elapsed_msec=45 04-25-2022 11:45:24.342 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~49.53 milliseconds to execute. elapsed_msec=50 04-25-2022 11:45:24.397 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.63 milliseconds to execute. elapsed_msec=55 04-25-2022 11:45:24.453 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.95 milliseconds to execute. elapsed_msec=55 04-25-2022 11:45:24.496 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.16 milliseconds to execute. elapsed_msec=44 04-25-2022 11:45:24.558 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~61.56 milliseconds to execute. elapsed_msec=62 04-25-2022 11:45:24.609 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~50.98 milliseconds to execute. elapsed_msec=51 04-25-2022 11:45:24.652 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~41.98 milliseconds to execute. elapsed_msec=42 04-25-2022 11:45:24.704 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.82 milliseconds to execute. elapsed_msec=52 04-25-2022 11:45:24.756 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.36 milliseconds to execute. elapsed_msec=52 04-25-2022 11:45:24.798 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~42.03 milliseconds to execute. elapsed_msec=43 04-25-2022 11:45:24.851 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.72 milliseconds to execute. elapsed_msec=53 04-25-2022 11:45:24.898 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~47.39 milliseconds to execute. elapsed_msec=48 04-25-2022 11:45:24.954 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.91 milliseconds to execute. elapsed_msec=55 04-25-2022 11:45:24.996 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~41.97 milliseconds to execute. elapsed_msec=42 04-25-2022 11:45:25.041 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~44.70 milliseconds to execute. elapsed_msec=45 04-25-2022 11:45:25.085 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.48 milliseconds to execute. elapsed_msec=44 04-25-2022 11:45:25.135 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~50.13 milliseconds to execute. elapsed_msec=51 04-25-2022 11:45:25.183 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~47.50 milliseconds to execute. elapsed_msec=48 04-25-2022 11:45:25.237 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.03 milliseconds to execute. elapsed_msec=55 04-25-2022 11:45:25.290 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.35 milliseconds to execute. elapsed_msec=53 04-25-2022 11:45:25.334 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.71 milliseconds to execute. elapsed_msec=44 04-25-2022 11:45:25.388 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.50 milliseconds to execute. elapsed_msec=54 04-25-2022 11:45:25.439 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.03 milliseconds to execute. elapsed_msec=52 04-25-2022 11:45:25.490 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.24 milliseconds to execute. elapsed_msec=52 04-25-2022 11:45:25.534 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~42.78 milliseconds to execute. elapsed_msec=43 04-25-2022 11:45:25.587 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.18 milliseconds to execute. elapsed_msec=54 04-25-2022 11:45:25.641 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.47 milliseconds to execute. elapsed_msec=54 04-25-2022 11:45:25.686 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~44.53 milliseconds to execute. elapsed_msec=45 04-25-2022 11:45:25.729 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.21 milliseconds to execute. elapsed_msec=44 04-25-2022 11:45:25.775 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~45.34 milliseconds to execute. elapsed_msec=46 04-25-2022 11:45:25.829 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.74 milliseconds to execute. elapsed_msec=54 04-25-2022 11:45:25.882 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.27 milliseconds to execute. elapsed_msec=53 04-25-2022 11:45:25.924 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~41.69 milliseconds to execute. elapsed_msec=42 04-25-2022 11:45:25.976 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.32 milliseconds to execute. elapsed_msec=53 04-25-2022 11:45:26.032 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~55.64 milliseconds to execute. elapsed_msec=56 04-25-2022 11:45:26.084 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.54 milliseconds to execute. elapsed_msec=52 04-25-2022 11:45:26.136 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.70 milliseconds to execute. elapsed_msec=52    
Labels

How to find the time difference between the event and the current time?

by in Splunk Search
‎04-25-2022 02:51 AM
‎04-25-2022 02:51 AM
I have " threatInfo.updatedAt" information in my logs. I want to get an alert if the time difference between "threatInfo.updatedAt" & "_time" is more than 4 hours.   My Search Query index=tes... See more...
I have " threatInfo.updatedAt" information in my logs. I want to get an alert if the time difference between "threatInfo.updatedAt" & "_time" is more than 4 hours.   My Search Query index=test "file_name"=* "threatInfo.incidentStatus"=unresolved |transaction threatInfo.updatedAt | table _time threatInfo.updatedAt file_name file_path category    
Labels

Why Splunk filter data NOT IN subquery?

by in Splunk Search
‎04-25-2022 02:50 AM
‎04-25-2022 02:50 AM
index=xt DONT_MATCH | spath input=log path=message.extra.dj output=dj | spath input=log output=fname path=message.msg.fname| search dj=* NOT [search EXTERNAL_API OR EXTERNAL_STATUS | spath input=log ... See more...
index=xt DONT_MATCH | spath input=log path=message.extra.dj output=dj | spath input=log output=fname path=message.msg.fname| search dj=* NOT [search EXTERNAL_API OR EXTERNAL_STATUS | spath input=log output=url path=url | dedup url | rex field=url "^(\/\w+){6}\/(?<variable>\d+)" | table url variable | stats list(variable) as variable] | stats count by fname The task here is to show the dj which is there in this event DONT_MATCH and it should not show those dj if it occurs in these 2 events EXTERNAL_API OR EXTERNAL_STATUS. So basically I want to show all the DJ which is there in DONT_MATCH and NOT IN EXTERNAL_API OR EXTERNAL_STATUS  
Labels

Speedtest App

by Splunk Employee in All Apps and Add-ons
‎04-25-2022 02:47 AM
‎04-25-2022 02:47 AM
Hi, Anyone is using this app and is able to troubleshoot the app for me? https://splunkbase.splunk.com/app/3530/ I installed it but there was no result found, can't find any errors. @markhill... See more...
Hi, Anyone is using this app and is able to troubleshoot the app for me? https://splunkbase.splunk.com/app/3530/ I installed it but there was no result found, can't find any errors. @markhill1 wondering if you could help on this?  Thank you!
Labels

Why can't I see the icon picture for alert action option?

by in Alerting
‎04-25-2022 02:43 AM
‎04-25-2022 02:43 AM
Hi, I can't see the icon picture for alert action option, already the "alert_action.conf" configured as below:   [email] icon_path = mod_alert_icon_email.png.   Please your support
Labels

How to monitor contents of the same file but the file will be replaced daily?

by in Splunk Search
‎04-25-2022 02:16 AM
‎04-25-2022 02:16 AM
Hi, I have a use-case where I need to monitor the contents of a file that will be replaced on a daily basis (name will be the same) but data within the file keeps changing. I developed a script to... See more...
Hi, I have a use-case where I need to monitor the contents of a file that will be replaced on a daily basis (name will be the same) but data within the file keeps changing. I developed a script to automate that replaces the contents on the file over a specific interval and had set up the forwarder accordingly. The contents keep changing but the forwarder is not able to read the newly updated changes within the file, is there some way this could be achieved in Splunk where I could read the contents of the updating file whose name remains the same throughout its lifetime. Thanks, Pravin
Labels

Regarding eval operations on the fields having special characters

by in Splunk Search
‎04-25-2022 01:49 AM
‎04-25-2022 01:49 AM
I wanted to add this chaining command with my search and display total of the values under fields(columns) "a-b-1"  and "a-b-2" and give the total results as total_requests  eval total_requests=a-b-... See more...
I wanted to add this chaining command with my search and display total of the values under fields(columns) "a-b-1"  and "a-b-2" and give the total results as total_requests  eval total_requests=a-b-1+a-b-2 where "a-b-1" and "a-b-2" is the field1 and field2 which i want to add using '+' operator I have tried putting fields in double quotes and single quotes but unfortunately  it is not working. I can do it by renaming the fields but can someone suggest someway to do without renaming it.
Labels

How to add URL as hyperlink for the column values in dashboard?

by in Splunk Dev
‎04-25-2022 01:09 AM
‎04-25-2022 01:09 AM
Hi, My requirement is i need to show URL (ex: https://google.com) as hyperlink on "109" value of  'SFG Request ID' column and when clicked on 109 it should take me to the URL added. The below d... See more...
Hi, My requirement is i need to show URL (ex: https://google.com) as hyperlink on "109" value of  'SFG Request ID' column and when clicked on 109 it should take me to the URL added. The below details are from lookup file.Similarly i need to display Different URL for on values of 'SFG Request ID' column URL details are not present in the csv file,It is present in another lookup file. Can anyone please suggest me how to do this?

How to extract data at specific position from url?

by in Splunk Search
‎04-25-2022 12:07 AM
‎04-25-2022 12:07 AM
Hello Everyone,  I am new to splunk. I am searching the logs and I am getting my url like this /api/sns/exts/djs/310200019110274535/ds/310200019110274536/. What I want here is i want to extract the... See more...
Hello Everyone,  I am new to splunk. I am searching the logs and I am getting my url like this /api/sns/exts/djs/310200019110274535/ds/310200019110274536/. What I want here is i want to extract the djs data which is 310200019110274535 in this case. Any help would be appreciated.
Labels

Why is SignalFx not giving Alerts?

by in Alerting
‎04-24-2022 11:51 PM
‎04-24-2022 11:51 PM
I am working in Hxc capture program and currently I am facing an issue in Signalfx. So I am reaching out for help/guidance. I have created an Alert in signalFx using terraform. The condition for ... See more...
I am working in Hxc capture program and currently I am facing an issue in Signalfx. So I am reaching out for help/guidance. I have created an Alert in signalFx using terraform. The condition for the alert is that if the signal is less than 1 for a certain time( 2 for warning and 5 for critical),then alert will be triggered. The code in Signalflow is : signal = data('HealthCheckStatus', filter=filter('stat', 'upper') and filter('aws_account_id', '823990414917') and filter('aws_tag_Name', 'hxc-staging-health-check')).publish(label='A') detect(when(signal < 1, '2m')).publish('WARNING[staging]: Route53 health down for 2m') detect(when(signal < 1, '5m')).publish('CRITICAL[staging]: Route53 health down for 5m')   After that we created a condition when the signal came below 1 ( it came to 0).In the Alert graph we can see the same .But instead of actually triggering the alert,it is giving us a preview. (Attached screenshot)   The exact Alert message is "Estimated alert count: 1 in 1 hour. Alerts that would have triggered  shown in chart below." So the bottom line is that Signalfx is not triggering the alert. The code that I am using for this is : https://github.com/HylandSoftware/tf-cfg-hxc-signalfx-alerts/blob/main/terraform/alerts-route53-health.tf   Alert Link:https://hyland.signalfx.com/#/detector/v2/FQo6JaWA0AI/edit?detectorSignalFlowEditor=1    
Labels

Upgrade readiness app: How to disable notification?

by in All Apps and Add-ons
‎04-24-2022 11:24 PM
‎04-24-2022 11:24 PM
hi all, after i've disabled notifications in splunk upgrade readiness app, it's now sending a notification to splunk@mySplunkServer.  there is no user splunk in our splunk enterprise 8.2.5 defined... See more...
hi all, after i've disabled notifications in splunk upgrade readiness app, it's now sending a notification to splunk@mySplunkServer.  there is no user splunk in our splunk enterprise 8.2.5 defined. splunkd is running as user splunk on ubuntu 20.04. any ideas? thank you...
Labels

How to convert time string to timestamp in 24 hour format?

by in Splunk Search
‎04-24-2022 10:03 PM
‎04-24-2022 10:03 PM
Hi  Suppose the time zone is in string format like 100403, need to convert this in 24 hour format. Output should be like 22:04:03. 
Labels