All Topics

Top

All Topics

Hi All, What are the licenses and subscription required for Lambda Monitoring in AppDynamics. Our requirement is to monitor Microservices in Lambda. The technology used is Node Js. As per below com... See more...
Hi All, What are the licenses and subscription required for Lambda Monitoring in AppDynamics. Our requirement is to monitor Microservices in Lambda. The technology used is Node Js. As per below community answer this doesn't require APM license and only requires AppDynamics Serverless APM for AWS Lambda https://community.appdynamics.com/t5/Licensing-including-Trial/How-does-licensing-work-when-instrumenting-AppD-and-lambda/m-p/38605#M545 But, I also could find the below comment in documentation (https://docs.appdynamics.com/appd/23.x/latest/en/application-monitoring/install-app-server-agents/serverless-apm-for-aws-lambda/subscribe-to-serverless-apm-for-aws-lambda) An AppDynamics Premium or Enterprise license, using either the Agent-based Licensing model or the Infrastructure-based Licensing model. Please provide clarity on this, If APM license is required or not. Thanks Fadil
Process transaction locally [idempotencyId=27cb55d0-3844-4e8f-8c4b-867ed64610a220240821034250387S39258201QE, deliveringApplication=MTNA0002, orderId=8e1d1fc0-5fe2-4643-bc1f-12debe6a7a06]     i wou... See more...
Process transaction locally [idempotencyId=27cb55d0-3844-4e8f-8c4b-867ed64610a220240821034250387S39258201QE, deliveringApplication=MTNA0002, orderId=8e1d1fc0-5fe2-4643-bc1f-12debe6a7a06]     i would like to extract Order Id from above sample data  which is = 8e1d1fc0-5fe2-4643-bc1f-12debe6a7a06   Pls suggest
Hello everyone ,  I want to filter data for a specific keyword "Snapshot created successfully " from a log file but i am getting other events also along with the searched keywords. My entries in pr... See more...
Hello everyone ,  I want to filter data for a specific keyword "Snapshot created successfully " from a log file but i am getting other events also along with the searched keywords. My entries in props.conf and transform.conf is as below :   props.conf [sourcetype] TRANSFORMS-filter = stanza transforms.conf [stanza] REGEX = "Snapshot created successfully" DEST_KEY = queue FORMAT = indexqueue Is there any issue here ?
Hello, How do I "Left join" by appending CSV to an index in multiple fields? I was able to solve the problem, but 1) Is it possible to solve this problem without string manipulation and mvexpand... See more...
Hello, How do I "Left join" by appending CSV to an index in multiple fields? I was able to solve the problem, but 1) Is it possible to solve this problem without string manipulation and mvexpand? (see the code) Mvexpand caused slowness 2) Can "stats value" NOT remove the duplicate?     In this case, stats values (*) as * by ip, it merged field "risk and "score" and removed the duplicates. My workaround is to combine the string to retain the duplicates. 3) a) Why does "stats value" ignore empty string?         b)  Why adding Null into non-null string will result empty?   I have to use fillnull in order to retain the data. Please review the sample data, drawing and the code Thank you for your help.!! host.csv ip_address host 10.1.1.1 host1 10.1.1.2 host2 10.1.1.3 host3 10.1.1.4 host4 10.1.1.5 host5 10.1.1.6 host6 10.1.1.7 host7 index=risk ip risk score contact 10.1.1.1 riskA 6   10.1.1.1 riskB 7   10.1.1.1     person1 10.1.1.1 riskC 6   10.1.1.2     person2 10.1.1.3 riskA 6 person3 10.1.1.3 riskE 7 person3 10.1.1.4 riskF 8 person4 10.1.1.8 riskA 6 person8 10.1.1.9 riskB 7 person9 "Left join" expected output - yellow and green rectangle (see drawing below) ip host risk score contact 10.1.1.1 host1 riskA 6   10.1.1.1 host1 riskB 7   10.1.1.1 host1     person1 10.1.1.1 host1 riskC 6   10.1.1.2 host2     person2 10.1.1.3 host3 riskA 6 person3 10.1.1.3 host3 riskE 7 person3 10.1.1.4 host4 riskF 8 person4 10.1.1.5 host5       10.1.1.6 host6       10.1.1.7 host7             | makeresults format=csv data="ip_address, host 10.1.1.1, host1 10.1.1.2, host2 10.1.1.3, host3 10.1.1.4, host4 10.1.1.5, host5 10.1.1.6, host6 10.1.1.7, host7" | eval source="csv" | rename ip_address as ip | append [makeresults format=csv data="ip, risk, score, contact 10.1.1.1, riskA, 6, , 10.1.1.1, riskB, 7 , 10.1.1.1, ,, person1, 10.1.1.1, riskC, 6,, 10.1.1.2, ,, person2, 10.1.1.3, riskA, 6, person3, 10.1.1.3, riskE, 7, person3, 10.1.1.4, riskF, 8, person4, 10.1.1.8, riskA, 6, person8, 10.1.1.9, riskB, 7, person9" | fillnull score value=0 | fillnull risk, score, contact value="N/A" | eval source="index"] | eval strmerged = risk + "," + score + "," + contact | stats values(*) as * by ip | mvexpand strmerged | eval temp = split(strmerged,",") | eval risk = mvindex(temp, 0) | eval score = mvindex(temp, 1) | eval contact = mvindex(temp, 2) | search (source="csv" AND source="index") OR (source="csv") | table ip, host, risk, score, contact        
Hello Guys, I wonder if there's any query that can list the mapping information between the existing  data models and indexes? I would like to use these info to set index constrains for data models ... See more...
Hello Guys, I wonder if there's any query that can list the mapping information between the existing  data models and indexes? I would like to use these info to set index constrains for data models to speed up searching. Thanks & Regards, Iris
So my manager needs to verify who was on call for certain days in order to pay them appropriately. Generally I would think there was some basic way to do this with Splunk on call.. However, it app... See more...
So my manager needs to verify who was on call for certain days in order to pay them appropriately. Generally I would think there was some basic way to do this with Splunk on call.. However, it appears that there is no way to do this (to my knowledge) Our company pays approx 60K USD for this service and I have to come here in order to ask a question and get support because when I attempt to log a ticket , the form cannot populate the instance section preventing me from submitting it. (separate issue - likely a dark pattern to avoid dealing with customer concerns as much as possible) Things I've tried - viewing the schedule.. nope only show the current week Getting a report, SHIRLYY this will work - turns out no, its just a summary of hours , lovely no dates attached I know! importing the .ics file into my calendar that hasss to work...Yet again nothing, zero , donuts... no historical data How on earth can I get a simple historical report saying who was actually on call for my schedule for what dates..
I have uploaded a Universal Forwarder to my Windows VM and configured both the inputs.conf and outputs.conf. I can confirm that the outputs.conf is working because the following logs are showing up i... See more...
I have uploaded a Universal Forwarder to my Windows VM and configured both the inputs.conf and outputs.conf. I can confirm that the outputs.conf is working because the following logs are showing up in splunk: [WinEventLog://Application] disabled = 0 [WinEventLog://Security] disabled = 0 [WinEventLog://System] disabled = 0 However, logs under Applications and Services Logs are not showing up: [WinEventLog://Directory Service] disabled = 0 [WinEventLog://DNS Server] disabled = 0 I have checked the Event Viewer to confirm that there are logs. The only difference that I see is that in the Event Viewer, the logs that are showing are in the path: Event Viewer (Local) -> Windows Logs ->  and the ones that are not showing are in the path: Event Viewer (Local) -> Applications and Services Logs -> my inputs.conf file: host = <full computer name> [WinEventLog://Application] disabled = 0 [WinEventLog://Security] disabled = 0 [WinEventLog://System] disabled = 0 [WinEventLog://Directory Service] disabled = 0 [WinEventLog://DNS Server] disabled = 0
We want to limit the ingestion of data that is coming from some sources (in this case the value would be in Properties.HostName) because they basically are not working correctly (customer machines) a... See more...
We want to limit the ingestion of data that is coming from some sources (in this case the value would be in Properties.HostName) because they basically are not working correctly (customer machines) and continue to spam the system. (Turning them off is not an option. ). I know that we can add hardcoded filters such as below: Name: Serilog:Filter:nn:Args:expression Value: @p['AssemlyName'] = 'SomeAssembly.xxx.yyy' and @p['HostName'] in ['Spammer1', 'Spammer2', ...] But the spammers change from time to time and we can generate their list.  The question is, if I have a list of these spammers (in any form needed) can I somehow use some sort of a value above of some other method to read from that list (in place of the "in [... ]" expression above)? 
Is there any way to authenticate DB Connect using key pair instead of user/password?  If not, any suggested workarounds anyone has found?
In Indexes.conf from the CM, I tried to set thawedHomePath to a volume, which I have since learned does not work. I set the path from volume:cold back to $SPLUNK_DB, but no matter what I do the inde... See more...
In Indexes.conf from the CM, I tried to set thawedHomePath to a volume, which I have since learned does not work. I set the path from volume:cold back to $SPLUNK_DB, but no matter what I do the indexer will not acknowledge that I changed it back. It still thinks it's set to the volume. I modified it, commented it  out, deleted the whole indexes.conf file and loaded a manual one in the `/etc/system/local/indxes.conf  and nothing will un-stick it. Every time I start the indexer, the logs show it won't start because thawedHomePath is mapped to a volume still. When I run ~\splunk btool indexes list --debug  it shows the thawedHomePath in question is configured correctly. Has anyone ever experienced this before? Any suggestions on how to get it to accept the change?  Running Splunk 9.2 on RHEL 8 with 1 CM and 2 IDXs clustered together. Fairly new deployment, still working the bugs out.
I've got this search index=my_index data_type=my_sourcetype earliest=-15m latest=now | eval domain_id=if(isnull(domain_id), "NULL_domain_id", domain_id) | eval domain_name=if(isnull(domain_name), "... See more...
I've got this search index=my_index data_type=my_sourcetype earliest=-15m latest=now | eval domain_id=if(isnull(domain_id), "NULL_domain_id", domain_id) | eval domain_name=if(isnull(domain_name), "NULL_domain_name", domain_name) | eval group=if(isnull(group), "NULL_Group", group) | eval non_tier_zero_principal=if(isnull(non_tier_zero_principal), "NULL_non_tier_zero_principal", non_tier_zero_principal) | eval path_id=if(isnull(path_id), "NULL_path_id", path_id) | eval path_title=if(isnull(path_title), "NULL_path_title", path_title) | eval principal=if(isnull(principal), "NULL_principal", principal) | eval tier_zero_principal=if(isnull(tier_zero_principal), "NULL_tier_zero_principal", tier_zero_principal) | eval user=if(isnull(user), "NULL_user", user) | eval key=sha512(domain_id.domain_name.group.non_tier_zero_principal.path_id.path_title.principal.tier_zero_principal.tier_zero_principal.user) | table domain_id, domain_name, group, non_tier_zero_principal, path_id, path_title, principla, tier_zero_principal, user, key Due to the fact that we get repeating events where the only difference is the timestamp, I'm trying to put together a lookup that contains the sha512 key and that will allow an event to be skipped.  What I found is I can't have a blank value in the sha512 command.  Does anyone have a better way of doing this, then what I have? TIA, Joe
Using Splunk Add-on for Microsoft Windows, Splunk Add-on for Unix and Linux on Splunk Enterprise v9.3.0 What are the Linux (RHEL 8 ) equivalents for these Splunk Windows queries? e.g. Network Tra... See more...
Using Splunk Add-on for Microsoft Windows, Splunk Add-on for Unix and Linux on Splunk Enterprise v9.3.0 What are the Linux (RHEL 8 ) equivalents for these Splunk Windows queries? e.g. Network Traffic: Windows: index=wmi host=MyWindowsHost sourcetype="Perfmon:Network Interface" counter=Bytes* | timechart span=15m max(Value) as "Bytes/sec" by counter Linux: ? e.g. CPU:  Windows: index=wmi host=MyWindowsHost sourcetype="Perfmon:CPU Load" | timechart span=15m max(Value) as "CPU Load" by counter Linux: index=os host=MyLinuxHost source=cpu CPU="all" | timechart span=15m max(pctSystem),max(pctUser) by CPU
Leverage these resources to set up your free 30-day trial and master AppDynamics  Watch the video Unlock the Benefits and Product Value of AppDynamics  Read up on getting started with this... See more...
Leverage these resources to set up your free 30-day trial and master AppDynamics  Watch the video Unlock the Benefits and Product Value of AppDynamics  Read up on getting started with this Deployment Planning Guide  Set up your free Cisco U. eLearning account here and discover the AppDynamics Learning Path   Join the AppDynamics Community: join discussions, ask questions, deep dive into technical knowledge base articles, and learn from other customers  Access help and support for additional assistance     Watch these video series:   Watch the Success Tips video series here   View the videos on Introduction to AppDynamics Introduction to Monitoring: Learn the essentials of application monitoring with Cisco AppDynamics. Managing Business Transactions: Apply best practices for Business Transactions configuration. Troubleshooting Tools: Explore troubleshooting techniques to identify and resolve issues quickly.   See how customers are using AppDynamics:  Retail Use Case: See how Carhartt, a leading retailer, transforms their business with enhanced connectivity for staff and superior experiences for customers. See Carhartt story   Government Success Story: Learn how Indiana's Office of Technology improved time to resolution, lowered costs, and enhanced resilience with end-to-end visibility. See Indiana story  Hospitality Sector Case Study: Explore how Royal Caribbean created exceptional experiences that guests can count on from booking to boarding by improving performance of business-critical applications. And they reduced mean time to resolution (MTTR) by 50%. See Royal Caribbean story 
I need a help for writing a query to fetch logs in the system
Hi there! I'm looking for a comprehensive list of report ideas for all of security, including management/metrics, operations, and compliance. Has anyone created such a list? Would you mind sharing?... See more...
Hi there! I'm looking for a comprehensive list of report ideas for all of security, including management/metrics, operations, and compliance. Has anyone created such a list? Would you mind sharing? I'd like to see a long list or reports so I can help identify gaps in security posture. Thanks!!!
What is the best approach for data visualization using tstats? I am new to using tstats, I moved away from using the regular search index because it speeds up the query process. for example making... See more...
What is the best approach for data visualization using tstats? I am new to using tstats, I moved away from using the regular search index because it speeds up the query process. for example making this query to show the vulnerabilities found on each ip   | tstats summariesonly=t dc(Vulnerability.signature) as vulnerabilities from datamodel=Vulnerability by Vulnerability.dest | sort -vulnerabilities | rename Vulnerability.dest as ip_address | table ip_address vulnerabilities   for example, first line from that query show ip 192.168.1.5 has 4521 vulnerabilities found then I also created another detail table to verify and show some other columns related to that ip (click ip and send token) but it shows a different amount of data (4638 events).   | tstats summariesonly=t count FROM datamodel=Vulnerability WHERE Vulnerability.destination="192.168.1.5" AND Vulnerability.signature="*" BY Vulnerability.destination, Vulnerability.signature, Vulnerability.severity, Vulnerability.last_scan, Vulnerability.risk_score, Vulnerability.cve, Vulnerability.cvss_v3_score, Vulnerability.solution | `drop_dm_object_name(Vulnerability)` | rename destination as ip_address | fillnull value="Unknown" ip_address signature severity last_scan risk_score cve cvss_v3_score solution | table ip_address signature severity last_scan risk_score cve cvss_v3_score solution   and I know this is related to the inaccuracy of the query, because if Ichange the "BY" parameter it will change the amount of data displayed too. how to make the data count of this query match the same output as the first query, but still display other fields even though they are empty.
I've noticed a ton of "Unable to read in product version information" and "[HTTP 401] Client is not authenticated" errors lately in the splunk _internal logs. Has anyone else seen the same probl... See more...
I've noticed a ton of "Unable to read in product version information" and "[HTTP 401] Client is not authenticated" errors lately in the splunk _internal logs. Has anyone else seen the same problem? Is this something that should be ignored? Thanks
We are getting hundreds of these errors a day in the internal logs for orig_component="SearchOperator:rest" and for app="website_monitoring" Failed to fetch REST endpoint uri=https://127.0.0.1:80... See more...
We are getting hundreds of these errors a day in the internal logs for orig_component="SearchOperator:rest" and for app="website_monitoring" Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/data/inputs/web_ping?count=0 from server https://127.0.0.1:8089. Check that the URI path provided exists in the REST API. I could not find anything pointing to that IP in our website_monitoring app. Could it be something configured to point to some local endpoint, is anyone else coming across this issue?   Thanks
Recently, I observed a message in Splunk Cloud (version 9.2.2403.105) stating, "Found an empty value in 'allowedDomainList' in alert_actions.conf." However, when I check the "Allowed Domain" setting ... See more...
Recently, I observed a message in Splunk Cloud (version 9.2.2403.105) stating, "Found an empty value in 'allowedDomainList' in alert_actions.conf." However, when I check the "Allowed Domain" setting in the UI by navigating to "Settings > Server settings > Email," it indicates "Leave empty for no restrictions." Despite this, I am still seeing the warning message.   #splunkcloud  #splunk
Hello Everyone ! I just in stalled Splunk ES trial on Ec2 and also tried on Digital Ocean instance. All goes well. But then I try to Sign -In after tpying creds it shows server error . Read multiple... See more...
Hello Everyone ! I just in stalled Splunk ES trial on Ec2 and also tried on Digital Ocean instance. All goes well. But then I try to Sign -In after tpying creds it shows server error . Read multiple discussions and threads tried applying som fix to web.conf but nothing works so far.  Grabbed some error logs from splunkf.log file and sharing here as well.  08-20-2024 15:26:55.179 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:55.379 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:55.579 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:55.779 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:55.979 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:56.183 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:56.383 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:56.583 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:56.783 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:56.983 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:57.183 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:57.383 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:57.583 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:57.783 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:57.987 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:58.187 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:58.387 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:58.587 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:58.787 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:58.987 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:59.187 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:59.387 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:59.587 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:59.791 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:26:59.991 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:27:00.191 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:27:00.395 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:27:00.595 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:27:00.795 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:27:00.999 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:27:01.199 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:27:01.399 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused 08-20-2024 15:27:01.599 +0000 WARN HttpClientRequest [55474 WebuiStartup] - Returning error HTTP/1.1 502 Error connecting: Connection refused