All Topics

Top

All Topics

HI Set up the add on on a cloud instance. Not seeing any data come in via HEC. Any ideas on how to troubleshoot?   Thanks
How should I refine this query so that I can get every fields in one table without using join or append or any other sub search. (index=whcrm OR index=whcrm_int)sourcetype="bmw-sl-gcdm-int-api" ("S... See more...
How should I refine this query so that I can get every fields in one table without using join or append or any other sub search. (index=whcrm OR index=whcrm_int)sourcetype="bmw-sl-gcdm-int-api" ("Sending POST consents to *" OR "Create / Update Consents done" OR "Error in sync-consent-dataFlow:*") | stats count(eval(match(_raw, "Sending POST consents to *"))) as Total, count(eval(match(_raw, "Create / Update Consents done"))) as Success, count(eval(match(_raw, "Error in sync-consent-dataFlow:*"))) as Error | eval ErrorRate = round((Error / TotalReceived) * 100, 2) | table Total, Success, Error, ErrorRate | append [ search (index=whcrm OR index=whcrm_int) (sourcetype="bmw-sl-gcdm-int-api" ("Sending POST consents to *" OR "Create / Update Consents done" OR "Error in sync-consent-dataFlow:*")) | rex field=message ": (?<json>\{[\w\W]*\})$" | rename properties.correlationId as correlationId | rename properties.gcid as GCID | rename properties.gcid as errorcode | rename properties.entity as entity | rename properties.country as country | rename properties.targetSystem as target_system | table correlationId GCID errorcode entity country target_system ]
I am trying to forward data from UF to few indexers but the indexes have dynamic IPs which keep changing. Now, how does the UF know where to forward the data How can I tackle this problem? Also, ca... See more...
I am trying to forward data from UF to few indexers but the indexes have dynamic IPs which keep changing. Now, how does the UF know where to forward the data How can I tackle this problem? Also, can someone explain what is a smartstore & how does it work?
I'm working on splunk data feed outage alert: The following data feed has been detected down: Index=a  sourcetype=splunkd  host=b. Is there someone can point me to the right direction of troublesh... See more...
I'm working on splunk data feed outage alert: The following data feed has been detected down: Index=a  sourcetype=splunkd  host=b. Is there someone can point me to the right direction of troubleshooting this issue. Thanks a lot.
Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new built-in capabilities in Observability Cloud. Including the SLO homepage, SLOs in d... See more...
Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new built-in capabilities in Observability Cloud. Including the SLO homepage, SLOs in dashboards and SLO calendar windows, to bridge the gap between service and business performance. Learn how to: Create and visualize SLOs in dashboards to monitor your critical user journeys Tailor SLOs with calendar and rolling windows and alert on SLOs with Observability Cloud detectors Leverage auto-suggested thresholds and ML-generated smart suggestions to create smarter SLOs
Please give me examples of agentless and agent- based onboarding in splunk
While sending a rest api request to change the owner of a knowledge object i am getting the following error "You do not have permission to share objects at the system level" even though the user has ... See more...
While sending a rest api request to change the owner of a knowledge object i am getting the following error "You do not have permission to share objects at the system level" even though the user has "sc_admin" role. Is there any specific capability that is missing that is needed for this ?
Hi, We have stopped getting o365 logs when looked for the errors I see the below error. Does it mean client secret is expired? level=ERROR pid=22156 tid=MainThread logger=splunk_ta_o365.modinputs.ma... See more...
Hi, We have stopped getting o365 logs when looked for the errors I see the below error. Does it mean client secret is expired? level=ERROR pid=22156 tid=MainThread logger=splunk_ta_o365.modinputs.management_activity pos=utils.py:wrapper:72 | datainput=b'xoar_Management_Exchange' start_time=1715152233 | message="Data input was interrupted by an unhandled exception." Traceback (most recent call last): File "/opt/splunk/etc/apps/splunk_ta_o365/lib/splunksdc/utils.py", line 70, in wrapper return func(*args, **kwargs) File "/opt/splunk/etc/apps/splunk_ta_o365/bin/splunk_ta_o365/modinputs/management_activity.py", line 135, in run executor.run(adapter) File "/opt/splunk/etc/apps/splunk_ta_o365/lib/splunksdc/batch.py", line 54, in run for jobs in delegate.discover(): File "/opt/splunk/etc/apps/splunk_ta_o365/bin/splunk_ta_o365/modinputs/management_activity.py", line 225, in discover self._clear_expired_markers() File "/opt/splunk/etc/apps/splunk_ta_o365/bin/splunk_ta_o365/modinputs/management_activity.py", line 294, in _clear_expired_markers checkpoint.sweep() File "/opt/splunk/etc/apps/splunk_ta_o365/lib/splunksdc/checkpoint.py", line 86, in sweep return self._store.sweep() File "/opt/splunk/etc/apps/splunk_ta_o365/lib/splunksdc/checkpoint.py", line 258, in sweep indexes = self.build_indexes(fp) File "/opt/splunk/etc/apps/splunk_ta_o365/lib/splunksdc/checkpoint.py", line 189, in build_indexes indexes[key] = pos File "/opt/splunk/etc/apps/splunk_ta_o365/lib/sortedcontainers/sorteddict.py", line 300, in __setitem__ dict.__setitem__(self, key, value) MemoryError
Hello i am try to deploy wordpress + PHP agent in Docker using dockerfile. regarding this articel: https://docs.appdynamics.com/appd/24.x/latest/en/application-monitoring/install-app-server-agents... See more...
Hello i am try to deploy wordpress + PHP agent in Docker using dockerfile. regarding this articel: https://docs.appdynamics.com/appd/24.x/latest/en/application-monitoring/install-app-server-agents/php-agent/php-agent-configuration-settings/node-reuse-for-php-agent i already config the appdynamics agent.in following the conformation that refer on that link. this my dockerfile: FROM wordpress:php7.4 # Install required dependencies RUN apt-get update && apt-get install -y wget tar && \ apt-get clean && rm -rf /var/lib/apt/lists/* # Copy phpinfo COPY phpinfo.php /var/www/html # Download and extract AppDynamics PHP Agent – use this to download agent from AppDynamics Download Portal WORKDIR /var/www/html # Copy downloaded AppDynamics PHP Agent - use this if the agent is already downloaded in the docker working dir RUN mkdir -p /opt/appdynamics COPY appdynamics-php-agent-linux_x64 /opt/appdynamics/ RUN chmod -R a+w /opt/appdynamics/ # Install AppDynamics PHP Agent RUN cd /opt/appdynamics/appdynamics-php-agent-linux_x64/ && ./install.sh -s -a=abcde@abcde -e /usr/local/lib/php/extensions/no-debug-non-zts-20190902 -i /usr/local/etc/php/conf.d -p /usr/bin -v 7.4 abcde.saas.appdynamics.com 443 WordPress-Docker Bakcend-Tier Backend-Node # Expose port 80 EXPOSE 80 my goal is my agent can use container name,hostname,hostid,prefix or what ever in automaticaly using reuseNode feature insted of manualy fill the Node name in every instalation PHP agent, can we do that? because in Nodejs agent we can do that even my application running on Docker.
Hi, I'm new to Splunk, so I apologize if this question seems naive. While experimenting with calculated fields, I found some inconsistent results. Consequently, I removed these fields and tested dir... See more...
Hi, I'm new to Splunk, so I apologize if this question seems naive. While experimenting with calculated fields, I found some inconsistent results. Consequently, I removed these fields and tested directly in the search. I'm aware that the syntax I'm using here with eval is not the one specified in the documentation, but I'm using it to simulate the calculated field (and it yields the same results). I've seen this use of eval elsewhere but only for very simple things. When I run: stats sum(eval((bytes/(1024*1024)))) as MB , it works. However, when I run stats sum(eval(round(bytes/(1024*1024),2))) as MB I get results, but they are totally inconsistent. What could be happening? Where is my mistake? (Note that I'm not looking for the correct solution - I already have it - but I want to understand why this syntax doesn't work.) Thanks.
Hi ,   I am trying to achieve an automation whereon i will be running a query and then passing the IP's  which i need to send to akamai via POST API. I know, edgegridauth library can be used to ach... See more...
Hi ,   I am trying to achieve an automation whereon i will be running a query and then passing the IP's  which i need to send to akamai via POST API. I know, edgegridauth library can be used to achieve the same but got stuck on how the action would be configured . Can someone help.    
I am getting the Duplicate events in Splunk from Aws cloud watch and I am sending data from only one source to the Splunk . How do I resolve it.
Hello, I was playing with Network Explorer feature and it looks only bandwidht metric is available on a Network Map. On the video which I found on youtube, there is a panel available where metrics c... See more...
Hello, I was playing with Network Explorer feature and it looks only bandwidht metric is available on a Network Map. On the video which I found on youtube, there is a panel available where metrics can be changed (color by...). How to enable that? Is it still available in this feature? I'd like to see either latency or packet loss instead of bandwidth. https://www.splunk.com/en_us/resources/videos/network-explorer-overview.html?locale=en_us Thanks!
Hello I have lookup file which have content like this name                   count                          time abc                          3                               04-24 cdf         ... See more...
Hello I have lookup file which have content like this name                   count                          time abc                          3                               04-24 cdf                           2                                 04-24 but i want the content of  the lookup file to be like this name                 count                   time abc                            1                       04-24 abc                           1                        04-24 abc                           1                        04-24 cdf                            1                       04-24 cdf                            1                        04-24 how will i able to do this?
  Note : this query is not for the billing ingestion using splunk add-ons' and ingestion   Splunk Observability Cloud counts the number of metric time series (MTS) sent during each hour in the mon... See more...
  Note : this query is not for the billing ingestion using splunk add-ons' and ingestion   Splunk Observability Cloud counts the number of metric time series (MTS) sent during each hour in the month how can I acess any of the billing data through api both hourly and monthly  lhttps://docs.splunk.com/observability/en/admin/subscription-usage/imm-billing.html 
How to get splunk billing usage data hourly and monthly through API's  
I try to plot a line graph where the x-axis is an index  and y-axis is a random value. I also trying to add an annotation where the annotationX is an index. Below is the code for the visualization. ... See more...
I try to plot a line graph where the x-axis is an index  and y-axis is a random value. I also trying to add an annotation where the annotationX is an index. Below is the code for the visualization.     "visualizations": { "viz_kHEXe45c": { "type": "splunk.area", "dataSources": { "primary": "ds_Search_1", "annotation": "ds_annotation_markers" }, "options": { "x": "> primary | seriesByIndex(0)", "annotationX": "> annotation | seriesByIndex(0)", "annotationLabel": "> annotation | seriesByIndex(1)", "annotationColor": "> annotation | seriesByIndex(2)", "nullValueDisplay": "zero" }, "title": "Test Event Annotation", "showProgressBar": false, "showLastUpdated": false } }, "dataSources": { "ds_Search_1": { "type": "ds.search", "options": { "query": "| makeresults count=15\n| streamstats count\n| eval index=count\n| eval value=random()%100\n| fields index value" }, "name": "ds_Search_1" }, "ds_annotation_markers": { "type": "ds.search", "options": { "query": "| makeresults count=3\n| streamstats count\n| eval index=count\n| eval score = random()%3 +1\n| eval status = case(score=1,\"server error detected\", score=2, \"unknown user access\", score=3, \"status cleared\")\n| eval color = case(score=1,\"#f44271\", score=2, \"#f4a941\", score=3, \"#41f49a\")\n| table index status color" }, "name": "ds_annotation_markers" } },       Below is the line graph output shown based on the code above.   Could anyone please help how to add the annotation on the line graph when the x-axis is a non-time based number type?  
Hello, We're having trial of Splunk Observability Cloud Service.   We tried to deploy the integration guided example (the Hipster Shop app).     Data graph can be seen in APM and Infrastructure, but... See more...
Hello, We're having trial of Splunk Observability Cloud Service.   We tried to deploy the integration guided example (the Hipster Shop app).     Data graph can be seen in APM and Infrastructure, but got error in all RUM dashboards: request to http://rum-api-service.o11y-rum/api/rum/v3/node-metrics failed, reason: getaddrinfo ENOTFOUND rum-api-service.o11y-rum   I’m afraid if I defined those RUM related environment variables incorrectly during the deployment: RUM_REALM=jp0 RUM_AUTH=<RUM token> RUM_APP_NAME=Hipster_Shop                                               ß arbitrary RUM_ENVIRONMENT=Hipster_Shop_Jump_Start              ß arbitrary   As we haven't bought the service yet, can't submit support ticket to Splunk support... Would anyone please help? Thanks and Regards  
Hello, How do I set a flag in based on field value in multiple row? For example: In the following table,  network-1 is set to yes because server-1 that is on network-1 is also on fw-network-1 that... See more...
Hello, How do I set a flag in based on field value in multiple row? For example: In the following table,  network-1 is set to yes because server-1 that is on network-1 is also on fw-network-1 that is behind a firewall.    Please suggest. Thank you!! server network firewall server-1 network-1 yes server-1 fw-network-1 yes server-2 network-2 no server-3 network-1 yes server-3 fw-network-1 yes server-4 network-2 no server-5 network-3 yes server-5 fw-network-3 yes
We would like to ask for help regarding the DB Connect for DB2, we are currently trying to connect the DB2 of an IBM I Server but to no avail, are there any method needs to be done first for a DB2 on... See more...
We would like to ask for help regarding the DB Connect for DB2, we are currently trying to connect the DB2 of an IBM I Server but to no avail, are there any method needs to be done first for a DB2 on IBM-I be able to successfully connect on SPLUNK?