All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

Hello, How I would write my Props Configuration (Tme Prefix, Time Format,  LINE/EVENT Breaker...etc) for following HTML data source. A segment of HTML data from source file  provided  below. Any hel... See more...
Hello, How I would write my Props Configuration (Tme Prefix, Time Format,  LINE/EVENT Breaker...etc) for following HTML data source. A segment of HTML data from source file  provided  below. Any help will be highly appreciated. Thank you so much. <HTML><META HTTP-EQUIV="expires" CONTENT="0"> <HEAD><TITLE></TITLE></HEAD> <STYLE type=text/css> td , th { white-space:nowrap;font-family: sans-serif; font-size: 10px } html,body { height:100% } .qtw100 td,.qthw100 td { padding:0px;} .qtw100 { width:100%; } .qthw100 { width:100%;height:100%; } .spnode,.nspnode { text-align:center;border-style:inset; } .spnode { border-left-width:10px;border-bottom-width:10px; } .hd   { background-color:#FFFFFF;text-align:right; } .hdw { background-color:#FFFFFF;width:1%; } .CD0D0D0 { background-color:#D0D0D0; color:#D0D0D0; } .C00CC00 { background-color:#00CC00; color:#00CC00; } .CCCCC00 { background-color:#CCCC00; color:#CCCC00; } .CFFFFFF { background-color:#FFFFFF; color:#FFFFFF; } .C66FFFF { background-color:#66FFFF; color:#66FFFF; } .CFF0000 { background-color:#FF0000; color:#FF0000; } .CFFFF00 { background-color:#FFFF00; color:#FFFF00; } .C00FF00 { background-color:#00FF00; color:#00FF00; } .CFF00FF { background-color:#FF00FF; color:#FF00FF; } .HFFFFFF { background-color:#FFFFFF; text-align:center; } .H66FFFF { background-color:#66FFFF; text-align:center; } .HFF0000 { background-color:#FF0000; text-align:center; } .HFFFF00 { background-color:#FFFF00; text-align:center; } .H00FF00 { background-color:#00FF00; text-align:center; } .HFF00FF { background-color:#FF00FF; text-align:center; } .condtiming { display: none; position: absolute; width: 100% } .cpu_us { background-color:#00FF00;color:#00FF00;font-size:1px; } .cpu_ss { background-color:#FF0000;color:#FF0000;font-size:1px; } .cell_1px { background-color:#FFFFFF;font-size:1px; } .a_html { background-color:#FFFFFF;color:#FFFFFF;border:1px solid #FFFFFF; } </STYLE> <SCRIPT type="text/javascript" language="JavaScript"><!-- function HideDIV(d) { document.getElementById(d).style.display = "none"; } function ShowDIV(d) { document.getElementById(d).style.display = "block"; } //--></SCRIPT> <BODY LINK=BLACK VLINK=BLACK> <B>SAP </B>&reg;<B> IQ </B>Query Plan<BR> <B>Query: </B><BR> <B>Version: </B>16.1.040.1549/14760/P/SP04.08/Sun_Sparc/OS 5.11/64bit/2020-11-24 01:09:36 <P ALIGN=LEFT><B>Query Tree</B> <TABLE class="qtw100" BORDER=0 CELLSPACING=0 ALIGN=CENTER> <TR><TD ALIGN=CENTER COLSPAN=3><TABLE class="qthw100" BORDER=0 CELLSPACING=0><TR><TD WIDTH=50%></TD><TD BGCOLOR=BLACK>|||||</TD><TD>&nbsp;</TD><TD WIDTH=50%>3,677,556,487,906 rows (est.)</TD></TR></TABLE></TD></TR> <TR VALIGN=TOP>   <TD COLSPAN=3 ALIGN=CENTER>    <TABLE BORDER CELLSPACING=0><TR><TD BGCOLOR=#CCAACC class="nspnode"><A NAME=TREE07><A HREF=#07>#07</A> Root of an UPDATE</TD></TR></TABLE>   </TD> </TR> <TR><TD ALIGN=CENTER COLSPAN=3><TABLE class="qthw100" BORDER=0 CELLSPACING=0><TR><TD WIDTH=50%></TD><TD BGCOLOR=BLACK>|||||</TD><TD>&nbsp;</TD><TD WIDTH=50%>3,677,556,487,906 rows (est.)</TD></TR></TABLE></TD></TR> <TR VALIGN=TOP>   <TD COLSPAN=3 ALIGN=CENTER>    <TABLE BORDER CELLSPACING=0><TR><TD BGCOLOR=#AAFFFF class="nspnode"><A NAME=TREE40><A HREF=#40>#40</A> Parallel Combiner (ordered)</TD></TR></TABLE>   </TD> </TR> <TR><TD ALIGN=CENTER COLSPAN=3><TABLE class="qthw100" BORDER=0 CELLSPACING=0><TR><TD WIDTH=50%></TD><TD BGCOLOR=BLACK>|||||</TD><TD>&nbsp;</TD><TD BGCOLOR=BLACK>|||||</TD><TD>&nbsp;</TD><TD WIDTH=50%>3,677,556,487,906 rows (est.)</TD></TR></TABLE></TD></TR> <TR VALIGN=TOP>   <TD COLSPAN=3 ALIGN=CENTER>    <TABLE BORDER CELLSPACING=0><TR><TD BGCOLOR=#CCFFFF class="nspnode"><A NAME=TREE135><A HREF=#135>#135</A> Order By</TD></TR></TABLE>   </TD> </TR> <TR><TD ALIGN=CENTER COLSPAN=3><TABLE class="qthw100" BORDER=0 CELLSPACING=0><TR><TD WIDTH=50%></TD><TD BGCOLOR=BLACK>|||||</TD><TD>&nbsp;</TD><TD BGCOLOR=BLACK>|||||</TD><TD>&nbsp;</TD><TD WIDTH=50%>3,677,556,487,906 rows (est.)</TD></TR></TABLE></TD></TR> <TR VALIGN=TOP>   <TD COLSPAN=3 ALIGN=CENTER>    <TABLE BORDER CELLSPACING=0 WIDTH=100%><TR><TD BGCOLOR=#CCCCAA class="nspnode"><A NAME=TREE03><A HREF=#03>#03</A> Join (Sort-Merge)</TD></TR></TABLE>   </TD> </TR> <TR VALIGN=TOP>   <TD ALIGN=CENTER>    <TABLE class="qtw100" BORDER=0 CELLSPACING=0 ALIGN=CENTER>     <TR><TD ALIGN=CENTER COLSPAN=1><TABLE class="qthw100" BORDER=0 CELLSPACING=0><TR><TD WIDTH=50%></TD><TD BGCOLOR=BLACK>||||</TD><TD>&nbsp;</TD><TD BGCOLOR=BLACK>||||</TD><TD>&nbsp;</TD><TD WIDTH=50%>247,522,712 rows (est.)</TD></TR></TABLE></TD></TR>     <TR VALIGN=TOP>      <TD COLSPAN=1 ALIGN=CENTER>       <TABLE BORDER CELLSPACING=0><TR><TD BGCOLOR=#CCFFFF class="nspnode"><A NAME=TREE168><A HREF=#168>#168</A> Order By</TD></TR></TABLE>      </TD>     </TR>     <TR><TD ALIGN=CENTER COLSPAN=1><TABLE class="qthw100" BORDER=0 CELLSPACING=0><TR><TD WIDTH=50%></TD><TD BGCOLOR=BLACK>||||</TD><TD>&nbsp;</TD><TD BGCOLOR=BLACK>||||</TD><TD>&nbsp;</TD><TD WIDTH=50%>247,522,712 rows (est.)</TD></TR></TABLE></TD></TR>     <TR VALIGN=TOP>      <TD COLSPAN=1 ALIGN=CENTER>       <TABLE BORDER CELLSPACING=0><TR><TD BGCOLOR=#FFCCFF class="nspnode"><A NAME=TREE01><A HREF=#01>#01</A> Leaf &lt;cdwsa.IRDBM_F1095B_17 AS a&gt;</TD></TR></TABLE>      </TD>     </TR>    </TABLE>   </TD>   <TD>&nbsp;&nbsp;</TD>   <TD ALIGN=CENTER>    <TABLE class="qtw100" BORDER=0 CELLSPACING=0 ALIGN=CENTER>     <TR><TD ALIGN=CENTER COLSPAN=1><TABLE class="qthw100" BORDER=0 CELLSPACING=0><TR><TD WIDTH=50%></TD><TD BGCOLOR=BLACK>||||</TD><TD>&nbsp;</TD><TD BGCOLOR=BLACK>||||</TD><TD>&nbsp;</TD><TD WIDTH=50%>193,759,886 rows (est.)</TD></TR></TABLE></TD></TR>     <TR VALIGN=TOP>      <TD COLSPAN=1 ALIGN=CENTER>       <TABLE BORDER CELLSPACING=0><TR><TD BGCOLOR=#CCFFFF class="nspnode"><A NAME=TREE201><A HREF=#201>#201</A> Order By</TD></TR></TABLE>      </TD>     </TR>     <TR><TD ALIGN=CENTER COLSPAN=1><TABLE class="qthw100" BORDER=0 CELLSPACING=0><TR><TD WIDTH=50%></TD><TD BGCOLOR=BLACK>||||</TD><TD>&nbsp;</TD><TD BGCOLOR=BLACK>||||</TD><TD>&nbsp;</TD><TD WIDTH=50%>193,759,886 rows (est.)</TD></TR></TABLE></TD></TR>     <TR VALIGN=TOP>      <TD COLSPAN=1 ALIGN=CENTER>       <TABLE BORDER CELLSPACING=0><TR><TD BGCOLOR=#FFCCFF class="nspnode"><A NAME=TREE02><A HREF=#02>#02</A> Leaf &lt;brlpb.temp_CVR_MONTH_B AS b&gt;</TD></TR></TABLE>      </TD>     </TR>    </TABLE>   </TD> </TR> </TABLE> <P ALIGN=LEFT><B>Query Text</B> <TABLE BORDER=1 ALIGN=CENTER CELLPADDING=2 CELLSPACING=0 WIDTH=100%><TR><TD><PRE> <FONT SIZE=-1>update &quot;cdwsa&quot;.&quot;IRDBM_F1095B_17&quot; as &quot;a&quot;   set &quot;a&quot;.&quot;DEP4_COV_IND_M1&quot; = &quot;b&quot;.&quot;COVERED_IND&quot; from   &quot;cdwsa&quot;.&quot;IRDBM_F1095B_17&quot; as &quot;a&quot;,&quot;temp_CVR_MONTH_B&quot; as &quot;b&quot;   where(&quot;a&quot;.&quot;INFO_RETURN_OTH_ENTITY_ID4&quot; = &quot;b&quot;.&quot;INFO_RETURN_OTH_ENTITY_ID&quot;)</FONT></PRE></TD></TR></TABLE><P> <P ALIGN=LEFT><B>Query Detail</B> <TABLE BORDER=0 ALIGN=CENTER CELLSPACING=2 CELLPADDING=2> <TR><TD> <TABLE BGCOLOR=#CCAACC BORDER=1 CELLSPACING=0> <TR><TH COLSPAN=2><A NAME=07><A HREF=#TREE07>#07 Root of an UPDATE</A></TH></TR> <TR><TD><B>Child Node 1</B></TD><TD><A HREF=#40>#40</A></TD></TR> <TR><TD><B>Estimated Result Rows</B></TD><TD>3,677,556,487,906</TD></TR> <TR><TD><B>User Name</B></TD><TD>brlpb   (SA connHandle: 12123  SA connID: 35)</TD></TR> <TR><TD><B>Est. Temp Space Used (Mb)</B></TD><TD>56140712.3</TD></TR> <TR><TD><B>Requested attributes</B></TD><TD>No Scroll Hold Chained </TD></TR> <TR><TD><B>Effective Number of Users</B></TD><TD>1</TD></TR> <TR><TD><B>Number of CPUs</B></TD><TD>32</TD></TR> <TR><TD><B>Executed on</B></TD><TD>SunOS/mtb1120plcdwstg/5.11/11.3/sun4v</TD></TR> <TR><TD><B>IQ Main Cache Size (Mb)</B></TD><TD>275000</TD></TR> <TR><TD><B>IQ Temp Cache Size (Mb)</B></TD><TD>250000</TD></TR> <TR><TD><B>IQ Large Memory Size (Mb)</B></TD><TD>275000</TD></TR> <TR><TD><B>Threads used for executing local invariant predicates</B></TD><TD>1</TD></TR> <TR><TD><B>Number of CPUs (actual)</B></TD><TD>256</TD></TR> <TR><TD><B>Option CREATE_HG_WITH_EXACT_DISTINCTS</B></TD><TD>OFF</TD></TR> <TR><TD><B>Option CORE_Options125</B></TD><TD>4096  (default: 0)</TD></TR> <TR><TD><B>Option Query_Plan_As_HTML</B></TD><TD>ON</TD></TR> <TR><TD><B>Option Max_Hash_Rows</B></TD><TD>2500000  (default: 30000000)</TD></TR> <TR><TD><B>Option Max_Temp_Space_Per_Connection</B></TD><TD>3000000  (default: 0)</TD></TR> <TR><TD><B>Option Infer_Subquery_Predicates</B></TD><TD>OFF</TD></TR> <TR><TD><B>Option Prefetch_Sort_Percent</B></TD><TD>50  (default: 20)</TD></TR> <TR><TD><B>Option Ase_Binary_Display</B></TD><TD>ON</TD></TR> <TR><TD><B>Option String_rtruncation</B></TD><TD>OFF</TD></TR> <TR><TD><B>Output Vector</B></TD><TD>2 entries (9 data bytes)</TD></TR> <TR><TD><B>Output 1</B></TD><TD>a._RowId</TD></TR> <TR><TD><B>Output 1     Data Type</B></TD><TD>unsigned bigint (20, 0)</TD></TR> <TR><TD><B>Output 1     Base Distincts</B></TD><TD>247,522,712</TD></TR> <TR><TD><B>Output 1     Note</B></TD><TD>Declared Primary Key</TD></TR> <TR><TD><B>Output 2</B></TD><TD>b.COVERED_IND</TD></TR> <TR><TD><B>Output 2     Data Type</B></TD><TD>varchar(1)</TD></TR> <TR><TD><B>Output 2     Base Distincts</B></TD><TD>3</TD></TR> </TABLE> </TD></TR> <TR><TD> <TABLE BGCOLOR=#AAFFFF BORDER=1 CELLSPACING=0> <TR><TH COLSPAN=2><A NAME=40><A HREF=#TREE40>#40 Parallel Combiner (ordered)</A></TH></TR> <TR><TD><B>Parent Node</B></TD><TD><A HREF=#07>#07</A></TD></TR> <TR><TD><B>Child Node 1</B></TD><TD><A HREF=#135>#135</A></TD></TR> <TR><TD><B>Estimated Result Rows</B></TD><TD>3,677,556,487,906</TD></TR> <TR><TD><B>Max. Possible Parallel Arms</B></TD><TD>32</TD></TR> <TR><TD><B>Optimization Note</B></TD><TD>Input Ordering Preserved</TD></TR> <TR><TD><B>Output Vector</B></TD><TD>2 entries (9 data bytes)</TD></TR> <TR><TD><B>Output 1</B></TD><TD>a._RowId</TD></TR> <TR><TD><B>Output 1     Data Type</B></TD><TD>unsigned bigint (20, 0)</TD></TR> <TR><TD><B>Output 1     Base Distincts</B></TD><TD>247,522,712</TD></TR> <TR><TD><B>Output 1     Note</B></TD><TD>Declared Primary Key</TD></TR> <TR><TD><B>Output 2</B></TD><TD>b.COVERED_IND</TD></TR> <TR><TD><B>Output 2     Data Type</B></TD><TD>varchar(1)</TD></TR> <TR><TD><B>Output 2     Base Distincts</B></TD><TD>3</TD></TR> </TABLE> </TD></TR> <TR><TD> <TABLE BGCOLOR=#CCFFFF BORDER=1 CELLSPACING=0> <TR><TH COLSPAN=2><A NAME=135><A HREF=#TREE135>#135 Order By</A></TH></TR> <TR><TD><B>Parent Node</B></TD><TD><A HREF=#40>#40</A></TD></TR> <TR><TD><B>Child Node 1</B></TD><TD><A HREF=#03>#03</A></TD></TR> <TR><TD><B>Estimated Result Rows</B></TD><TD>3,677,556,487,906</TD></TR> <TR><TD><B>Optimization Note</B></TD><TD>Parallel sort load</TD></TR> <TR><TD><B>Optimization Note</B></TD><TD>Parallel sort retrieval</TD></TR> <TR><TD><B>Max. Possible Parallel Arms</B></TD><TD>32</TD></TR> <TR><TD><B>Metadata Column Count</B></TD><TD>1</TD></TR> <TR><TD><B>Ordering Expression 1</B></TD><TD>a._RowId`(1)</TD></TR> <TR><TD><B>Output Vector</B></TD><TD>2 entries (9 data bytes)</TD></TR> <TR><TD><B>Output 1</B></TD><TD>a._RowId`(1)</TD></TR> <TR><TD><B>Output 2</B></TD><TD>b.COVERED_IND`(1)</TD></TR> </TABLE> </TD></TR>
Hello,  I have issues with integrating (claiming) SaaS AppDynamics instance in Cisco Intersight: the process fails with the following message: "Discovery failed: CRITICAL: com.vmturbo.mediation.app... See more...
Hello,  I have issues with integrating (claiming) SaaS AppDynamics instance in Cisco Intersight: the process fails with the following message: "Discovery failed: CRITICAL: com.vmturbo.mediation.appdynamics.exception.RefreshTokenCredentialException: Credentials are invalid or do not correspond to AppDynamics Controller API requirements." My instance in the Pro Trial mode now, could it be the reason of the error message? Thank you.
I'm trying send an e-mail from my Splunk Search Alert (I am using SPLUNK Enterprise), but I'm getting an error message "command="sendemail", 'rootCAPath' while sending mail to: MySuperCoolEmail101@gm... See more...
I'm trying send an e-mail from my Splunk Search Alert (I am using SPLUNK Enterprise), but I'm getting an error message "command="sendemail", 'rootCAPath' while sending mail to: MySuperCoolEmail101@gmail.com" and when I try a solution that involves going to Settings to Add a Role, I don't see that option listed at all.   My search query is something like (reference https://community.splunk.com/t5/Reporting/How-to-get-Splunk-sendemail-command-to-send-multiple-emails/m-p/126815)     index=rtm source="/mypath/app.log" SomeRandomTextHereForTesting | sendemail to="MySuperCoolEmail101@gmail.com" format=raw subject=myresults server=mail.splunk.com sendresults=true       I found this post which suggests adding some "list_settings" role by going to Settings > Access Controls > Roles, but I do not seem to have that option (reference https://community.splunk.com/t5/Reporting/splunk-dashboard-cant-sent-email/m-p/489388)   Am I doing something wrong? Is this because I'm on Splunk Enterprise? Am I using the correct mail server? How do I add ROLES?
Hello all, I am trying to setup the Microsoft 365 Defender Add-on for Splunk (https://splunkbase.splunk.com/app/4959/) to collect events from gcc.securitycenter.microsoft.us but I am not really seei... See more...
Hello all, I am trying to setup the Microsoft 365 Defender Add-on for Splunk (https://splunkbase.splunk.com/app/4959/) to collect events from gcc.securitycenter.microsoft.us but I am not really seeing an option to change the endpoint.  Can this be configured to hit https://api-gcc.securitycenter.microsoft.us?        
How do I search (any SPLs) for Dashboards that are not working (either built-in or created by users) or having errors while running in Splunk Core or ES? Thank u very much for any help.
I have a list of hundreds of string values that need to be extracted from a field the problem is the values that need to be extracted contain special characters i.e. (\, $, \\, ^, . . .) Is the... See more...
I have a list of hundreds of string values that need to be extracted from a field the problem is the values that need to be extracted contain special characters i.e. (\, $, \\, ^, . . .) Is there an easy way im missing to extract the literal characters? what I have tried  (example list) | makeresults | eval raw_field_example = "$money$ "?question?" "help$.." "random" "text" | makemv raw_field_example delim=" " | rex field=raw_field_example "(?<literal_items_I_want>"money"|$money$|"text"|"help$..")" results for literal_items_I_want are only: money  text tried putting the @ symbol before each double quotes but didnt work... thanks for the help
Hi Team, I have data with me as below.   2021-08-31 00:05:28|Test|Event|[c.f.d.aop.sql.database ] 2ms :testing8 2021-08-31 00:05:30|Test|Event|[c.f.d.aop.sql.database ] 1ms :testing1 2021-08-31 0... See more...
Hi Team, I have data with me as below.   2021-08-31 00:05:28|Test|Event|[c.f.d.aop.sql.database ] 2ms :testing8 2021-08-31 00:05:30|Test|Event|[c.f.d.aop.sql.database ] 1ms :testing1 2021-08-31 00:05:32|Test|Event|[c.f.d.aop.sql.database ] 12ms :testing3 2021-08-31 00:05:35|Test|Event|[c.f.d.aop.sql.database ] 20ms :testing5 2021-08-31 00:05:36|Test|Event|[c.f.d.aop.sql.database ] 102ms :testing9   I want to extract "ms" values from and based on these values want to create a timechart. Can anyone assist.
Hi my client has Splunk cloud and wants to know in which country he is storing the logs https://my_client_name.splunkcloud.com/ if I ping that URL that will resolve an IP and if I do a Whois I ca... See more...
Hi my client has Splunk cloud and wants to know in which country he is storing the logs https://my_client_name.splunkcloud.com/ if I ping that URL that will resolve an IP and if I do a Whois I can know from which country the IP is In that order of ideas, can I tell you that the logs are stored in that region or country?
How do I make sure the the ES KVstores are working & mapped properly to use them & avoid such errors? I appreciate some help please. 
Hi Splunkers! I have a use case where in my dropdown selection (selected value that shows up in the dropdown) should update on the $click.value$ of a previously displayed pie chart on the same d... See more...
Hi Splunkers! I have a use case where in my dropdown selection (selected value that shows up in the dropdown) should update on the $click.value$ of a previously displayed pie chart on the same dashboard. Any pointers would be appreciated
I am getting an error with MITRE ATT&CK app that the API key needs to be corrected. Please advise. Thanks a million.
I need to find a list of saved searches that don't use the index name in searching please. Any way to list the name of the users with this list, any cool SPLs ? Thank u in advance. Much appreciated.
Hello there. What I'm trying to do is the following:   search | bucket span=60s _time | stats count by _time | ...   I want to achive if possible the following:   Calculate the average per mi... See more...
Hello there. What I'm trying to do is the following:   search | bucket span=60s _time | stats count by _time | ...   I want to achive if possible the following:   Calculate the average per minute of count of search (if I concatenate the stats avg(count) I get the actual value) but I can't: Have the Single Value panel inside my dashboard to correctly display the trend based on average values. Is there any way to achive this result?   At the moment each try I do to compare those values is not going well      
I am learning Splunk and I have built the following test environment in Docker: Splunk server running in a container, using the official docker image:  image: splunk/splunk:8.2 I have another dock... See more...
I am learning Splunk and I have built the following test environment in Docker: Splunk server running in a container, using the official docker image:  image: splunk/splunk:8.2 I have another docker container, call it client where I installed the forwarder and then I added a file to monitor with the $SPLUNK_HOME/bin/splunk add monitor $MY_LOGFILE -index main -sourcetype mylog command. Everything works fine. If I append $MY_LOGFILE in the client docker container with    echo "hello" >> $MY_LOGFILE   command then I can see the new line in the Splunk web console. Now I am appending/feeding my log file with an endless bash counter-up loop and I can see everything in the Splunk web console. Great. My question: I would like to delete old records from Splunk to save disk space, so I followed the documentation and I did this:   sudo vi /opt/splunk/etc/system/local/indexes.conf   with this content   [main] maxTotalDataSizeMB=1 rozenTimePeriodInSecs=300 disabled=false   As I know this allows Splunk to automatically delete old data when my index hits the 1MB size.  After I have created this new config file, I restarted the Splunk Docker container (and Splunk as well manually). But actually, nothing happens. It seems that this setting is not considered, and I see the increasing number of records in the index and index size is also increasing without limitation in Splunk. I use the following commands to check index size: sourcetype=mylog | stats count as Records index=_internal source=* type=Usage idx=* | eval SIZE=b/1024 | stats sum(SIZE) by st, result: 30756.775390625 But when I stop Splunk then I am able to clean up the index with this command:   splunk stop splunk clean eventdata splunk start   But I have a scenario where I need to limit the size of the index and the disk usage that is used by Splunk index "realtime", without stop and start.  What I am missing here? Thx
Hi there, we have an issue with one of our applications using appdynamics. We are using the java app agent to monitor multiple Websphere Liberty installations. The application has a production env... See more...
Hi there, we have an issue with one of our applications using appdynamics. We are using the java app agent to monitor multiple Websphere Liberty installations. The application has a production environment and multiple staging / test environments. One of the test environments works without any issue (this seems to be the first stage that we installed the app agent on). For the other stages the agent still shows on the controller, but there are no metrics being reported in the UI. Controller Version: 20.11.5-1987 Agent Version: 21.4.0.32403 v21.4.0 I have a debug zip for the agents on production which are not reporting. Could you point us where to look for errors or what might be the configuration error? Regards, Falco
How are you tuning ES to your environment?  Are you overwriting the correlation searches that ship with ES or are you making copies of them and modifying the copies? When there is an update for ES,... See more...
How are you tuning ES to your environment?  Are you overwriting the correlation searches that ship with ES or are you making copies of them and modifying the copies? When there is an update for ES, are you having to go correlation search by correlation search, line by line to comparing them to see what changed? What about ES Content Updates?
Hi, Current table Expected fstatus count success 604 Userdefined 39   Need to sum the "password mismach","policy policy constraint violation","reset token expired","unexpected... See more...
Hi, Current table Expected fstatus count success 604 Userdefined 39   Need to sum the "password mismach","policy policy constraint violation","reset token expired","unexpected error setting password" and save it to as new value named "user defined"  and need to rename the empty value in fstatus field to success. Anyone please help on this. Regards, Madhusri R
The contents of my lookup file, test12345.csv is shown below. ProductNumber,SerialNumber,StatusDateTime,Status "A12345 ","MA00000001 ","2021-08-31 01:30:47 ","SHIPPED "   There is some space foun... See more...
The contents of my lookup file, test12345.csv is shown below. ProductNumber,SerialNumber,StatusDateTime,Status "A12345 ","MA00000001 ","2021-08-31 01:30:47 ","SHIPPED "   There is some space found "   " at the end of each record. The inputlookup would capture all the records with a spacing at the end which disrupts my joins to work properly. Is there anyway I can remove the spacing at the end of each record after using inputlookup? ProductNumber =A12345 SerialNumber =MA00000001 StatusDateTime =2021-08-31 01:30:47 Status=SHIPPED
  Hello, Whenever I forward something, these logs always get forwarded despite I blacklisted it in the inputs .conf. Is there any way for it to be not forwarded at all Inputs.conf [WinEventLo... See more...
  Hello, Whenever I forward something, these logs always get forwarded despite I blacklisted it in the inputs .conf. Is there any way for it to be not forwarded at all Inputs.conf [WinEventLog://Security] index = windows_test whitelist = EventCode=%^(4634)$% sourcetype = ad:security disabled = 0 [monitor://$SPLUNK_HOME\var\log\splunk] disabled = 1 blacklist = %SplunkUniversalForwarder%    
Hello all, I need help with this :(( How to use derivatives of 1st function results into the 2nd function in splunk? Please see the example below: 1st function: for instance, from the first eval, i... See more...
Hello all, I need help with this :(( How to use derivatives of 1st function results into the 2nd function in splunk? Please see the example below: 1st function: for instance, from the first eval, i got the names of the top 100 sold fruits and their respective companies. 2nd function: From this top 100 fruits, I would like to then, search for the fruits import-export countries (ie the export country (origin) and imported (destination) country). Each of the fruits may have more than 1 set of export-import. How do I go about doing it? What's the syntax to get the top 100 fruits into the second function? Any guidance appreciated