All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

Hi Team, I have 2 splunks as below (index=xxxx) orgName=xxx sourcetype=CASE(SourceA) earliest=-15d uniqueIdentifier="Class.ClassName.MethodName*" | dedup SourceASqlId | tableSourceASqlId (index=x... See more...
Hi Team, I have 2 splunks as below (index=xxxx) orgName=xxx sourcetype=CASE(SourceA) earliest=-15d uniqueIdentifier="Class.ClassName.MethodName*" | dedup SourceASqlId | tableSourceASqlId (index=xxxx) orgName=xxx sourcetype=CASE(SourceB) earliest=-15d SourceBSqlId=xxxx | table SourceBSqlText I want to form a single splunk to get ALL the distinct "SourceASqlId" [splunk # 1], get them as input to "SourceBSqlId" [splunk #2] and generate FINAL output as "SourceBSqlText How can we achieve it.Iam even ok if the date range can be reduce to say 2d to make the splunk optimised as I feel my requirement is very heavy compute intensive Thanks.
I want to forward logs to a third-party system over HTTP, but I found in the Splunk documentation that forwarding logs to third-party systems is typically done over TCP. I tried using TCP, but I did ... See more...
I want to forward logs to a third-party system over HTTP, but I found in the Splunk documentation that forwarding logs to third-party systems is typically done over TCP. I tried using TCP, but I did not receive Splunk metadata like host, sourcetype, source, and index on the third-party system. Is it possible to forward logs with metadata to a third-party system over HTTP? If not, how can I get Splunk metadata over TCP? Can anyone suggest a solution? @splunk @splunkent2 @Splunk9 @msplunk @splunk0 
Hello everyone. I'm trying to set host and sourcetype values with event data. The result is that, the sourcetype is overridden as expected, while the host value is NOT. By applying the following tra... See more...
Hello everyone. I'm trying to set host and sourcetype values with event data. The result is that, the sourcetype is overridden as expected, while the host value is NOT. By applying the following tranforms.conf and props.conf, I expect that The sourcetype is overridden from default:log to mysp(which works as expected). Then, for events with sourcetype mysp, override the host value with my event data using regex extraction(which didn't work).   It's making me confused. Wondering why it didn't work out for host field. Hopefully someone would kindly help me out here. Thanks. transforms.conf [sourcetype_transform] SOURCE_KEY = _raw REGEX = <my_regex> DEST_KEY = MetaData:Sourcetype FORMAT = sourcetype::mysp [host_transform] REGEX = <my_regex> FORMAT = host::$1 DEST_KEY = MetaData:Host  props.conf [default:log] TRANSFORMS-force_sourcetype = sourcetype_transform [mysp] TRANSFORMS-force_host = host_transform  
Why i am getting error for one of the indexer from indexer cluster while running a report from particular app. Error is below one. The following error(s) and caution(s) occurred while the search ran... See more...
Why i am getting error for one of the indexer from indexer cluster while running a report from particular app. Error is below one. The following error(s) and caution(s) occurred while the search ran, Therefore, search results might be incomplete. Hide errors. ◦ remote search process failed on peer ◦ Search resuits might be incomplete: the search process on the peerfelog-ldx4.gov.sg] ended prematurely. Check the peer log. such as $SPLUNK_HOME/ar/log/splunk/splunkd.log and as well as the search.log for the particular search. .• [elog-idx04.opsnet.gov.sg] Search process did not exit c exit cleanly, exit_code=111, description="exited with error: Application does not exist: eg_abcapp'. Please look in search.log for this peer in the Job Inspector for more info.    
Trying to log into splunk, this is my first time putting it on my personal cpu. I have a business account through my job. when i try logging in my password will not work and it says the license is ex... See more...
Trying to log into splunk, this is my first time putting it on my personal cpu. I have a business account through my job. when i try logging in my password will not work and it says the license is expired. 
Hi Everyone, Can you please suggest the recommended RF and SF number for Splunk clustered environment with total 9 indexers and 7 search heads in Indexer Clustering set-up.   And also, please let m... See more...
Hi Everyone, Can you please suggest the recommended RF and SF number for Splunk clustered environment with total 9 indexers and 7 search heads in Indexer Clustering set-up.   And also, please let me know the concept regarding how many copies will replicated in each indexers out of 9?
Dear Splunk Community, I am currently working on a project focused on identifying the essential data that should be collected from endpoints into Splunk, with the goal of avoiding data duplication a... See more...
Dear Splunk Community, I am currently working on a project focused on identifying the essential data that should be collected from endpoints into Splunk, with the goal of avoiding data duplication and ensuring efficiency in both performance and storage. Here’s what has been implemented so far: The Splunk_TA_windows add-on has been deployed. The inputs.conf file has been configured to include all available data. Sysmon has been installed on the endpoints. The Sysmon inputs.conf path has been added to be collected using the default configuration from the Splunk_TA_windows add-on. In addition, we are currently collecting data from firewalls and network switches. I’ve attached screenshots showing the volume of data collected from one endpoint over a 24-hour period. The data volume is quite large, especially in the following categories: WinRegistry Service Upon reviewing the data, I noticed that some information gathered from endpoints may be redundant or unnecessary, especially since we are already collecting valuable data from firewalls and switches. This has led me to consider whether we can reduce the amount of endpoint data being collected without compromising visibility. I would appreciate your input on the following: What are Splunk's best practices for collecting data from endpoints? What types of data are considered essential for security monitoring and analysis? Is relying solely on Sysmon generally sufficient in most security environments? Is there a recommended framework or guideline for collecting the minimum necessary data while maintaining effective monitoring? I appreciate any suggestions, experiences, or insights you can share. Looking forward to learning from your expertise.
I am not sure where to start on this. I have 2 fields. Field1 only has a few values while Field2 has many. How can I return values Field2 that appear in Field1? Field 1 Field 2 17 27 24 ... See more...
I am not sure where to start on this. I have 2 fields. Field1 only has a few values while Field2 has many. How can I return values Field2 that appear in Field1? Field 1 Field 2 17 27 24 33 36 17   22   24   31   29   08   36
On-prem Splunk Enterprise Security environment, I just recently upgraded to Enterprise Security 9.4.1 and the ES app to 8.0.3. I was watching a video on using Mission Control, and an investigation w... See more...
On-prem Splunk Enterprise Security environment, I just recently upgraded to Enterprise Security 9.4.1 and the ES app to 8.0.3. I was watching a video on using Mission Control, and an investigation was created from a notable event.  Within the investigation, a search was done, to add it to the Investigation.  I want to do this, but when I select the evetn action drop down, within the Search results, I don't have much there, just the default Splunk Event Actions
I'm trying to do a transaction using an array.  I need to define the transaction by a value in an array.  However, this value could be any value in the array and the value could be in a different arr... See more...
I'm trying to do a transaction using an array.  I need to define the transaction by a value in an array.  However, this value could be any value in the array and the value could be in a different array index number in another event.  Is there an easy command for this in Splunk?
Hello, Here is what I have. Lookup file containing 52K rows Fields: DATE, USER, COUNT Require forecasting user access, on Sundays, to sensitive data based on 6 months of events to train (Jan-Ju... See more...
Hello, Here is what I have. Lookup file containing 52K rows Fields: DATE, USER, COUNT Require forecasting user access, on Sundays, to sensitive data based on 6 months of events to train (Jan-Jun) 6 months forecasting (Jul-Dec) Data from 2020, so we know the results, but we want to see how close the forecasting was to the actual data DATE format YYYY-MM-DD beginning with 2020-01-05 and ending on 2020-12-27 (Sundays) 52 values USER 1000 values Lookup file; there are 1000 USER values for every DATE; the COUNT is 0 if they did not attempt access, otherwise it is the number of attempts The original lookup is over 1.5 million events (each containing the USER and TIME of attempt) Original TIME value was YYYY-MM-DD HH"MM:SS. But we are concerned with how many attempts that day. Went to ChatGPT to help code the SPL; however, it "claimed" MLTK needed to be in a count of each user for every Sunday, and could work with the original events. Thanks in advance for your help. God bless, Genesius
I've never worked with splunk regex before so I'm probably just missing something.  I've been up and down  the  https://docs.splunk.com/Documentation/Splunk/latest/Data/Advancedsourcetypeoverrides a... See more...
I've never worked with splunk regex before so I'm probably just missing something.  I've been up and down  the  https://docs.splunk.com/Documentation/Splunk/latest/Data/Advancedsourcetypeoverrides and https://docs.splunk.com/Documentation/SCS/latest/SearchReference/RexCommandOverview pages.  All i'm trying to do is set up some regex for a props/transforms that finds any instance of "ssh" and changes it's sourcetype to "authentication" My search: index=accounting sourcetype=linux_admin | rex field=_raw "(?<ssh>\bssh\b)"  Scoped down to the last 60 minutes, I'm getting 2,700 results and none of them have anything to do with ssh. When I run  "index=accounting sourcetype=linux_admin ssh" - which gives the results I'm actually looking for... I only get 28 results and they're all pertaining to ssh.    What am I missing?    Thanks for the input!!
Hello. I cannot find an answer to this simple question, although I have found other information utilizing props.conf and transforms in more complicated situations. I currently have a single Splunk ... See more...
Hello. I cannot find an answer to this simple question, although I have found other information utilizing props.conf and transforms in more complicated situations. I currently have a single Splunk instance as an all-in-one solution, and I am looking for a simple method to truncate ISE logs to 2000 characters to lower Splunk database size. ISE itself is not capable of this. I am very familiar with Splunk via GUI, but not at all with modifying the configuration files, so step by step instructions would be very helpful. Thanks in advance.
Hi I have a difficult one - I am unsure if it is possible. I have large JSON data - Distributed traces.  I can extract the data I need by doing 2 separate SPL - but I need to join them now, I am u... See more...
Hi I have a difficult one - I am unsure if it is possible. I have large JSON data - Distributed traces.  I can extract the data I need by doing 2 separate SPL - but I need to join them now, I am unsure if it is possible! SPL 1  host="Tick_Blotter" index="murex_logs" sourcetype="Market_Risk_DT" | search "resourceSpans{}.resource.attributes{}.value.stringValue"="*" | spath resourceSpans{}.scopeSpans{}.spans{} output=scopeSpans | stats count by scopeSpans | spath input=scopeSpans | rename startTimeUnixNano as start | rename endTimeUnixNano as end | eval _time=start/pow(10,9) | eval duration = end -start | eval duration= duration/1000000 | eval duration = round(duration,0) | eval parentSpanId =if(parentSpanId="" ,"0", $parentSpanId$) | rename name as SPAN_TYPE | search traceId = 61df555eabf3b66cd8933809f00e409f | table _time SPAN_TYPE spanId duration | sort _time This produces below, however, I don't want SpanID anymore - I need something in the second SPL, service.namespace.  I need _time SPANTYPE service.namespace duration   Below is the second SPL - This allows me to see 1 service.namespace per event. host=Tick_blotter index="murex_logs" sourcetype="Market_Risk_DT" 61df555eabf3b66cd8933809f00e409f | spath resourceSpans{}.resource{}.attributes{} output=scopeSpans | stats count by scopeSpans _time | spath input=scopeSpans | eval X_{key}=coalesce('value.doubleValue', 'value.stringValue') | stats values(X_*) as * by _time   The issue is 61df555eabf3b66cd8933809f00e409f is a trace ID, and it over the 2 events. Each event = will only have one service.namespace (So I want to use it). But in the first SPL I don't know how to JOIN/AMMEND it. I am unsure how to access sercive.namespace for each line in the first SPL so I can display it. To add each event only have 1 service.name and can have many SPAN_TYPE   Event: {"resourceSpans":[{"resource":{"attributes":[{"key":"host.name","value":{"stringValue":"dell724srv"}},{"key":"process.executable.name","value":{"stringValue":"java"}},{"key":"process.pid","value":{"intValue":"650298"}},{"key":"service.instance.id","value":{"stringValue":"00kxc0e4"}},{"key":"service.name","value":{"stringValue":"trade-blotter"}},{"key":"service.namespace","value":{"stringValue":"trade-blotter-public"}},{"key":"telemetry.sdk.language","value":{"stringValue":"java"}},{"key":"telemetry.sdk.name","value":{"stringValue":"opentelemetry"}},{"key":"telemetry.sdk.version","value":{"stringValue":"1.34.0"}},{"key":"mx.env","value":{"stringValue":"dell724srv:10011"}}]},"scopeSpans":[{"scope":{"name":"mx-traces-api","version":"1.0.0"},"spans":[{"traceId":"3e7ea1e176f16c59608fa131cc21793d","spanId":"9df98d87b73f8961","parentSpanId":"f8dd62008ede9028","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420019122069","endTimeUnixNano":"1746628420019123490","status":{}},{"traceId":"3e7ea1e176f16c59608fa131cc21793d","spanId":"d4325d7284f04ecb","parentSpanId":"f8dd62008ede9028","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628420019135588","endTimeUnixNano":"1746628420019148851","status":{}},{"traceId":"3e7ea1e176f16c59608fa131cc21793d","spanId":"1ea153e8b5d27174","parentSpanId":"f8dd62008ede9028","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420019320912","endTimeUnixNano":"1746628420019322008","status":{}},{"traceId":"3e7ea1e176f16c59608fa131cc21793d","spanId":"eebc3e9c9482b17b","parentSpanId":"b3dd036ff6348169","name":"execute","kind":1,"startTimeUnixNano":"1746628420019612383","endTimeUnixNano":"1746628420029780420","status":{}},{"traceId":"3e7ea1e176f16c59608fa131cc21793d","spanId":"b3dd036ff6348169","parentSpanId":"f8dd62008ede9028","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628420019610081","endTimeUnixNano":"1746628420029782214","status":{}},{"traceId":"3e7ea1e176f16c59608fa131cc21793d","spanId":"b230dae20e6e0491","parentSpanId":"f8dd62008ede9028","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628420029785049","endTimeUnixNano":"1746628420029971805","status":{}},{"traceId":"3e7ea1e176f16c59608fa131cc21793d","spanId":"f8dd62008ede9028","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628420019040641","endTimeUnixNano":"1746628420030145345","attributes":[{"key":"size","value":{"intValue":"115"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"54b60b7c6da9a22ba768e8fadf3a3845","spanId":"ef6b58ec87518ee4","parentSpanId":"5d3827ba83adf900","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420771085428","endTimeUnixNano":"1746628420771087409","status":{}},{"traceId":"54b60b7c6da9a22ba768e8fadf3a3845","spanId":"e13e6973c4f2d8fe","parentSpanId":"5d3827ba83adf900","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628420771099749","endTimeUnixNano":"1746628420771117672","status":{}},{"traceId":"54b60b7c6da9a22ba768e8fadf3a3845","spanId":"e65ca66fb14b14cc","parentSpanId":"5d3827ba83adf900","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420771311907","endTimeUnixNano":"1746628420771313050","status":{}},{"traceId":"a9b758832f5e732b8098d4c48c57d73f","spanId":"88ccccf728e34dfe","parentSpanId":"e0a1fd2fb002331a","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420774731478","endTimeUnixNano":"1746628420774732699","status":{}},{"traceId":"a9b758832f5e732b8098d4c48c57d73f","spanId":"1fc10a1382cf8aa7","parentSpanId":"e0a1fd2fb002331a","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628420774738895","endTimeUnixNano":"1746628420774745792","status":{}},{"traceId":"a9b758832f5e732b8098d4c48c57d73f","spanId":"e29fe64846f193ab","parentSpanId":"e0a1fd2fb002331a","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420774902339","endTimeUnixNano":"1746628420774903483","status":{}},{"traceId":"54b60b7c6da9a22ba768e8fadf3a3845","spanId":"c2ad638af3de778e","parentSpanId":"b122015c9b1f2c26","name":"execute","kind":1,"startTimeUnixNano":"1746628420771668007","endTimeUnixNano":"1746628420782168768","status":{}},{"traceId":"54b60b7c6da9a22ba768e8fadf3a3845","spanId":"b122015c9b1f2c26","parentSpanId":"5d3827ba83adf900","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628420771664771","endTimeUnixNano":"1746628420782171459","status":{}},{"traceId":"54b60b7c6da9a22ba768e8fadf3a3845","spanId":"2a18500faa2fd03e","parentSpanId":"5d3827ba83adf900","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628420782176882","endTimeUnixNano":"1746628420782241838","status":{}},{"traceId":"54b60b7c6da9a22ba768e8fadf3a3845","spanId":"5d3827ba83adf900","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628420770967094","endTimeUnixNano":"1746628420782396144","attributes":[{"key":"size","value":{"intValue":"9"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"e583fcc065674216086422d3c9f47f6e","spanId":"7cdbcc4ec423e007","parentSpanId":"1ab3c7611ba27228","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420855581578","endTimeUnixNano":"1746628420855583532","status":{}},{"traceId":"e583fcc065674216086422d3c9f47f6e","spanId":"8759ab3d4686567b","parentSpanId":"1ab3c7611ba27228","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628420855596031","endTimeUnixNano":"1746628420855614183","status":{}},{"traceId":"e583fcc065674216086422d3c9f47f6e","spanId":"aa961be21c398366","parentSpanId":"1ab3c7611ba27228","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420855799807","endTimeUnixNano":"1746628420855800958","status":{}},{"traceId":"b8a795b6461c4029683689782ef1c161","spanId":"af0509c2ab7e0872","parentSpanId":"54fa20e32c66829f","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420887053417","endTimeUnixNano":"1746628420887055789","status":{}},{"traceId":"b8a795b6461c4029683689782ef1c161","spanId":"5e347c16a206a6fe","parentSpanId":"54fa20e32c66829f","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628420887072502","endTimeUnixNano":"1746628420887094093","status":{}},{"traceId":"b8a795b6461c4029683689782ef1c161","spanId":"2aa9e6d64099bf33","parentSpanId":"54fa20e32c66829f","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420887294568","endTimeUnixNano":"1746628420887295652","status":{}},{"traceId":"b8a795b6461c4029683689782ef1c161","spanId":"372280f0914a6f4f","parentSpanId":"abd092ad18a96505","name":"execute","kind":1,"startTimeUnixNano":"1746628420887711898","endTimeUnixNano":"1746628420900513682","status":{}},{"traceId":"b8a795b6461c4029683689782ef1c161","spanId":"abd092ad18a96505","parentSpanId":"54fa20e32c66829f","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628420887708951","endTimeUnixNano":"1746628420900515614","status":{}},{"traceId":"b8a795b6461c4029683689782ef1c161","spanId":"9c3e7f3b74ea0b36","parentSpanId":"54fa20e32c66829f","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628420900518729","endTimeUnixNano":"1746628420900613330","status":{}},{"traceId":"b8a795b6461c4029683689782ef1c161","spanId":"54fa20e32c66829f","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628420886910164","endTimeUnixNano":"1746628420900970691","attributes":[{"key":"size","value":{"intValue":"47"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"2"}}],"status":{}},{"traceId":"afc119195a84c34ab8afb06f413fba2e","spanId":"9df663c433491dca","parentSpanId":"22f6298ebf955d58","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420918305833","endTimeUnixNano":"1746628420918307877","status":{}},{"traceId":"afc119195a84c34ab8afb06f413fba2e","spanId":"877ce5cc636c8e70","parentSpanId":"22f6298ebf955d58","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628420918330302","endTimeUnixNano":"1746628420918342724","status":{}},{"traceId":"afc119195a84c34ab8afb06f413fba2e","spanId":"71f8dc4585495b18","parentSpanId":"22f6298ebf955d58","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420918528844","endTimeUnixNano":"1746628420918529998","status":{}},{"traceId":"afc119195a84c34ab8afb06f413fba2e","spanId":"fad11e232f96ffe7","parentSpanId":"595aba32bd674f0b","name":"execute","kind":1,"startTimeUnixNano":"1746628420919006108","endTimeUnixNano":"1746628420929778597","status":{}},{"traceId":"afc119195a84c34ab8afb06f413fba2e","spanId":"595aba32bd674f0b","parentSpanId":"22f6298ebf955d58","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628420919004708","endTimeUnixNano":"1746628420929779624","status":{}},{"traceId":"afc119195a84c34ab8afb06f413fba2e","spanId":"d6b6a51995590a17","parentSpanId":"22f6298ebf955d58","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628420929782385","endTimeUnixNano":"1746628420929805090","status":{}},{"traceId":"afc119195a84c34ab8afb06f413fba2e","spanId":"22f6298ebf955d58","parentSpanId":"","name":"/client-trade-view-search","kind":1,"startTimeUnixNano":"1746628420918191974","endTimeUnixNano":"1746628420929973209","attributes":[{"key":"size","value":{"intValue":"0"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"2"}}],"status":{}},{"traceId":"a9b758832f5e732b8098d4c48c57d73f","spanId":"807bee499a57f337","parentSpanId":"1fe23be50652318e","name":"execute","kind":1,"startTimeUnixNano":"1746628420775100753","endTimeUnixNano":"1746628420939682704","status":{}},{"traceId":"a9b758832f5e732b8098d4c48c57d73f","spanId":"1fe23be50652318e","parentSpanId":"e0a1fd2fb002331a","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628420775099726","endTimeUnixNano":"1746628420939686471","status":{}},{"traceId":"b0790574b30420a0fc79cba5df3a6c34","spanId":"35ecd7ec69867bfa","parentSpanId":"d906ab7c257a78a2","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420942458392","endTimeUnixNano":"1746628420942460606","status":{}},{"traceId":"b0790574b30420a0fc79cba5df3a6c34","spanId":"a6da7ed613a38012","parentSpanId":"d906ab7c257a78a2","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628420942483110","endTimeUnixNano":"1746628420942494737","status":{}},{"traceId":"b0790574b30420a0fc79cba5df3a6c34","spanId":"5d2a0696f128a499","parentSpanId":"d906ab7c257a78a2","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628420942677536","endTimeUnixNano":"1746628420942678668","status":{}},{"traceId":"a9b758832f5e732b8098d4c48c57d73f","spanId":"14059c9afec8b0c9","parentSpanId":"e0a1fd2fb002331a","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628420939693485","endTimeUnixNano":"1746628420960635330","status":{}},{"traceId":"a9b758832f5e732b8098d4c48c57d73f","spanId":"e0a1fd2fb002331a","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628420774658018","endTimeUnixNano":"1746628420960807823","attributes":[{"key":"size","value":{"intValue":"7641"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"1"}}],"status":{}},{"traceId":"b0790574b30420a0fc79cba5df3a6c34","spanId":"a0f5d5862fbc2ffd","parentSpanId":"fb0ecb1b02e26fce","name":"execute","kind":1,"startTimeUnixNano":"1746628420943133033","endTimeUnixNano":"1746628420980410392","status":{}},{"traceId":"b0790574b30420a0fc79cba5df3a6c34","spanId":"fb0ecb1b02e26fce","parentSpanId":"d906ab7c257a78a2","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628420943131533","endTimeUnixNano":"1746628420980412536","status":{}},{"traceId":"b0790574b30420a0fc79cba5df3a6c34","spanId":"431fb5924989a550","parentSpanId":"d906ab7c257a78a2","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628420980417667","endTimeUnixNano":"1746628420980476867","status":{}},{"traceId":"b0790574b30420a0fc79cba5df3a6c34","spanId":"d906ab7c257a78a2","parentSpanId":"","name":"/client-trade-view-search","kind":1,"startTimeUnixNano":"1746628420942356795","endTimeUnixNano":"1746628420980745022","attributes":[{"key":"size","value":{"intValue":"17"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"2"}}],"status":{}},{"traceId":"e583fcc065674216086422d3c9f47f6e","spanId":"76c9dacacd4d7ba1","parentSpanId":"0da073ea2a903fe5","name":"execute","kind":1,"startTimeUnixNano":"1746628420856218433","endTimeUnixNano":"1746628421031932898","status":{}},{"traceId":"e583fcc065674216086422d3c9f47f6e","spanId":"0da073ea2a903fe5","parentSpanId":"1ab3c7611ba27228","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628420856215516","endTimeUnixNano":"1746628421031937826","status":{}},{"traceId":"e583fcc065674216086422d3c9f47f6e","spanId":"72f145d1fadfbba3","parentSpanId":"1ab3c7611ba27228","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628421031946055","endTimeUnixNano":"1746628421053671762","status":{}},{"traceId":"e583fcc065674216086422d3c9f47f6e","spanId":"1ab3c7611ba27228","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628420855464995","endTimeUnixNano":"1746628421053962602","attributes":[{"key":"size","value":{"intValue":"7786"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"1"}}],"status":{}},{"traceId":"15487f97e0097749221e2cd23e6e8642","spanId":"6c231eb1b866231a","parentSpanId":"af8082ec76244e91","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421087627912","endTimeUnixNano":"1746628421087630228","status":{}},{"traceId":"15487f97e0097749221e2cd23e6e8642","spanId":"fd608cea27e9d16e","parentSpanId":"af8082ec76244e91","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628421087642323","endTimeUnixNano":"1746628421087659797","status":{}},{"traceId":"15487f97e0097749221e2cd23e6e8642","spanId":"db23e6a3c374479c","parentSpanId":"af8082ec76244e91","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421087847046","endTimeUnixNano":"1746628421087848162","status":{}},{"traceId":"15487f97e0097749221e2cd23e6e8642","spanId":"53c6d6ae5658b130","parentSpanId":"0566fff5f5c55655","name":"execute","kind":1,"startTimeUnixNano":"1746628421088184339","endTimeUnixNano":"1746628421098723889","status":{}},{"traceId":"15487f97e0097749221e2cd23e6e8642","spanId":"0566fff5f5c55655","parentSpanId":"af8082ec76244e91","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628421088180963","endTimeUnixNano":"1746628421098725791","status":{}},{"traceId":"15487f97e0097749221e2cd23e6e8642","spanId":"e7306bf55276c4b8","parentSpanId":"af8082ec76244e91","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628421098730341","endTimeUnixNano":"1746628421098832203","status":{}},{"traceId":"15487f97e0097749221e2cd23e6e8642","spanId":"af8082ec76244e91","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628421087507863","endTimeUnixNano":"1746628421099038916","attributes":[{"key":"size","value":{"intValue":"24"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"d4dfc4a67bb13d70e2865f1ad5f87cde","spanId":"2a82dc677a1800cf","parentSpanId":"741dd8a368e9c89e","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421773174823","endTimeUnixNano":"1746628421773176912","status":{}},{"traceId":"45918bdd3d12c299aa6df7a0078fcb40","spanId":"e556119ae99693bd","parentSpanId":"20f8e8d71547a8a8","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421773201365","endTimeUnixNano":"1746628421773203392","status":{}},{"traceId":"d4dfc4a67bb13d70e2865f1ad5f87cde","spanId":"ea204ddedef24824","parentSpanId":"741dd8a368e9c89e","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628421773188833","endTimeUnixNano":"1746628421773206224","status":{}},{"traceId":"45918bdd3d12c299aa6df7a0078fcb40","spanId":"5d53122e27be3258","parentSpanId":"20f8e8d71547a8a8","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628421773217080","endTimeUnixNano":"1746628421773233800","status":{}},{"traceId":"d4dfc4a67bb13d70e2865f1ad5f87cde","spanId":"87bcf04d492a8a3c","parentSpanId":"741dd8a368e9c89e","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421773390346","endTimeUnixNano":"1746628421773391441","status":{}},{"traceId":"45918bdd3d12c299aa6df7a0078fcb40","spanId":"9ef111aeabea3909","parentSpanId":"20f8e8d71547a8a8","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421773417377","endTimeUnixNano":"1746628421773418511","status":{}},{"traceId":"d4dfc4a67bb13d70e2865f1ad5f87cde","spanId":"d19703908ee4c1ce","parentSpanId":"b803b30f77eaaa24","name":"execute","kind":1,"startTimeUnixNano":"1746628421773742534","endTimeUnixNano":"1746628421786953301","status":{}},{"traceId":"d4dfc4a67bb13d70e2865f1ad5f87cde","spanId":"b803b30f77eaaa24","parentSpanId":"741dd8a368e9c89e","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628421773740551","endTimeUnixNano":"1746628421786956642","status":{}},{"traceId":"d4dfc4a67bb13d70e2865f1ad5f87cde","spanId":"3f7fb9125d1a0f8f","parentSpanId":"741dd8a368e9c89e","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628421786963090","endTimeUnixNano":"1746628421787086420","status":{}},{"traceId":"d4dfc4a67bb13d70e2865f1ad5f87cde","spanId":"741dd8a368e9c89e","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628421773058108","endTimeUnixNano":"1746628421787240264","attributes":[{"key":"size","value":{"intValue":"28"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"d160045a83e32ba4ec28c6a9a1475733","spanId":"5a4eb404cf9e6312","parentSpanId":"9ae01e1e55dac87a","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421846640986","endTimeUnixNano":"1746628421846642885","status":{}},{"traceId":"d160045a83e32ba4ec28c6a9a1475733","spanId":"9e2268c9c99c2e1d","parentSpanId":"9ae01e1e55dac87a","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628421846656528","endTimeUnixNano":"1746628421846673458","status":{}},{"traceId":"d160045a83e32ba4ec28c6a9a1475733","spanId":"01300e2fbc0865da","parentSpanId":"9ae01e1e55dac87a","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421846860104","endTimeUnixNano":"1746628421846861168","status":{}},{"traceId":"3c39db31eeb373ea57ccb010266678e3","spanId":"b6ef11027d39c8be","parentSpanId":"0a8974c6d8ad8656","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421889997096","endTimeUnixNano":"1746628421889998567","status":{}},{"traceId":"3c39db31eeb373ea57ccb010266678e3","spanId":"69dc35f8318fcabe","parentSpanId":"0a8974c6d8ad8656","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628421890007845","endTimeUnixNano":"1746628421890019261","status":{}},{"traceId":"3c39db31eeb373ea57ccb010266678e3","spanId":"0816ab8916bf92d6","parentSpanId":"0a8974c6d8ad8656","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421890188250","endTimeUnixNano":"1746628421890189359","status":{}},{"traceId":"3c39db31eeb373ea57ccb010266678e3","spanId":"0e7e06baa1fa48f8","parentSpanId":"a19bbcce4f8d61b5","name":"execute","kind":1,"startTimeUnixNano":"1746628421890453694","endTimeUnixNano":"1746628421901416909","status":{}},{"traceId":"3c39db31eeb373ea57ccb010266678e3","spanId":"a19bbcce4f8d61b5","parentSpanId":"0a8974c6d8ad8656","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628421890452298","endTimeUnixNano":"1746628421901418130","status":{}},{"traceId":"3c39db31eeb373ea57ccb010266678e3","spanId":"7927074c605d9d23","parentSpanId":"0a8974c6d8ad8656","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628421901421759","endTimeUnixNano":"1746628421901447732","status":{}},{"traceId":"3c39db31eeb373ea57ccb010266678e3","spanId":"0a8974c6d8ad8656","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628421889908987","endTimeUnixNano":"1746628421901588134","attributes":[{"key":"size","value":{"intValue":"1"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"2"}}],"status":{}},{"traceId":"f5f1d83c34fbdfe537fc9324222a2328","spanId":"80f5169c404f9317","parentSpanId":"c02e7efa043b8e2e","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421928490027","endTimeUnixNano":"1746628421928492089","status":{}},{"traceId":"528d37422c03d9a874ad21c87eafa298","spanId":"019612e8f6da9eff","parentSpanId":"a2b454e48fd31fb0","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421928490006","endTimeUnixNano":"1746628421928492258","status":{}},{"traceId":"f5f1d83c34fbdfe537fc9324222a2328","spanId":"f78bd4eac11b5c8a","parentSpanId":"c02e7efa043b8e2e","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628421928517206","endTimeUnixNano":"1746628421928530281","status":{}},{"traceId":"528d37422c03d9a874ad21c87eafa298","spanId":"c04f6b32efe6be21","parentSpanId":"a2b454e48fd31fb0","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628421928517871","endTimeUnixNano":"1746628421928530571","status":{}},{"traceId":"f5f1d83c34fbdfe537fc9324222a2328","spanId":"cfbbf8e94d9f2b58","parentSpanId":"c02e7efa043b8e2e","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421928727448","endTimeUnixNano":"1746628421928728568","status":{}},{"traceId":"528d37422c03d9a874ad21c87eafa298","spanId":"d0f1aa4e30e7f7b6","parentSpanId":"a2b454e48fd31fb0","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628421928734042","endTimeUnixNano":"1746628421928735139","status":{}},{"traceId":"f5f1d83c34fbdfe537fc9324222a2328","spanId":"4f91e0a90106c99b","parentSpanId":"1efccc10d9eb78c9","name":"execute","kind":1,"startTimeUnixNano":"1746628421929237499","endTimeUnixNano":"1746628421940952438","status":{}},{"traceId":"f5f1d83c34fbdfe537fc9324222a2328","spanId":"1efccc10d9eb78c9","parentSpanId":"c02e7efa043b8e2e","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628421929236005","endTimeUnixNano":"1746628421940953882","status":{}},{"traceId":"528d37422c03d9a874ad21c87eafa298","spanId":"c6307572d1a273a8","parentSpanId":"0f3b291967cebf26","name":"execute","kind":1,"startTimeUnixNano":"1746628421929317521","endTimeUnixNano":"1746628421940956913","status":{}},{"traceId":"528d37422c03d9a874ad21c87eafa298","spanId":"0f3b291967cebf26","parentSpanId":"a2b454e48fd31fb0","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628421929316338","endTimeUnixNano":"1746628421940957845","status":{}},{"traceId":"528d37422c03d9a874ad21c87eafa298","spanId":"f6223d310eed662c","parentSpanId":"a2b454e48fd31fb0","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628421940959491","endTimeUnixNano":"1746628421940978186","status":{}},{"traceId":"f5f1d83c34fbdfe537fc9324222a2328","spanId":"31841fafb41ec8b9","parentSpanId":"c02e7efa043b8e2e","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628421940957296","endTimeUnixNano":"1746628421940978195","status":{}},{"traceId":"f5f1d83c34fbdfe537fc9324222a2328","spanId":"c02e7efa043b8e2e","parentSpanId":"","name":"/client-trade-view-search","kind":1,"startTimeUnixNano":"1746628421928367328","endTimeUnixNano":"1746628421941148728","attributes":[{"key":"size","value":{"intValue":"0"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"2"}}],"status":{}},{"traceId":"528d37422c03d9a874ad21c87eafa298","spanId":"a2b454e48fd31fb0","parentSpanId":"","name":"/client-trade-view-search","kind":1,"startTimeUnixNano":"1746628421928367365","endTimeUnixNano":"1746628421941260284","attributes":[{"key":"size","value":{"intValue":"0"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"3"}}],"status":{}},{"traceId":"45918bdd3d12c299aa6df7a0078fcb40","spanId":"2d545aff93511dda","parentSpanId":"ea4d48c41d4defae","name":"execute","kind":1,"startTimeUnixNano":"1746628421773845816","endTimeUnixNano":"1746628421943936475","status":{}},{"traceId":"45918bdd3d12c299aa6df7a0078fcb40","spanId":"ea4d48c41d4defae","parentSpanId":"20f8e8d71547a8a8","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628421773844432","endTimeUnixNano":"1746628421943937686","status":{}},{"traceId":"45918bdd3d12c299aa6df7a0078fcb40","spanId":"b2df4de21f2da3cc","parentSpanId":"20f8e8d71547a8a8","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628421943939817","endTimeUnixNano":"1746628421962065662","status":{}},{"traceId":"45918bdd3d12c299aa6df7a0078fcb40","spanId":"20f8e8d71547a8a8","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628421773088382","endTimeUnixNano":"1746628421962467280","attributes":[{"key":"size","value":{"intValue":"7641"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"1"}}],"status":{}},{"traceId":"d160045a83e32ba4ec28c6a9a1475733","spanId":"0b1463d592f6df01","parentSpanId":"e3961796131d5263","name":"execute","kind":1,"startTimeUnixNano":"1746628421847194867","endTimeUnixNano":"1746628422025218716","status":{}},{"traceId":"d160045a83e32ba4ec28c6a9a1475733","spanId":"e3961796131d5263","parentSpanId":"9ae01e1e55dac87a","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628421847193227","endTimeUnixNano":"1746628422025221414","status":{}},{"traceId":"d160045a83e32ba4ec28c6a9a1475733","spanId":"c654e19e22d3b9d2","parentSpanId":"9ae01e1e55dac87a","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628422025227043","endTimeUnixNano":"1746628422044959052","status":{}},{"traceId":"d160045a83e32ba4ec28c6a9a1475733","spanId":"9ae01e1e55dac87a","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628421846518169","endTimeUnixNano":"1746628422045314517","attributes":[{"key":"size","value":{"intValue":"7786"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"1"}}],"status":{}},{"traceId":"5688714e5eb4f84a64ce19b004131712","spanId":"cf5e0e83c9995470","parentSpanId":"948dc1cadbd16bda","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422080438319","endTimeUnixNano":"1746628422080440747","status":{}},{"traceId":"5688714e5eb4f84a64ce19b004131712","spanId":"12ddaf2a09e2b950","parentSpanId":"948dc1cadbd16bda","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628422080453848","endTimeUnixNano":"1746628422080471808","status":{}},{"traceId":"5688714e5eb4f84a64ce19b004131712","spanId":"6b28d8da4e6d15f5","parentSpanId":"948dc1cadbd16bda","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422080676049","endTimeUnixNano":"1746628422080677239","status":{}},{"traceId":"5688714e5eb4f84a64ce19b004131712","spanId":"67a70ac4f3764d7b","parentSpanId":"a791143313555278","name":"execute","kind":1,"startTimeUnixNano":"1746628422081020739","endTimeUnixNano":"1746628422096145045","status":{}},{"traceId":"5688714e5eb4f84a64ce19b004131712","spanId":"a791143313555278","parentSpanId":"948dc1cadbd16bda","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628422081019320","endTimeUnixNano":"1746628422096146608","status":{}},{"traceId":"5688714e5eb4f84a64ce19b004131712","spanId":"7b4b8ee624898bca","parentSpanId":"948dc1cadbd16bda","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628422096151097","endTimeUnixNano":"1746628422096536184","status":{}},{"traceId":"5688714e5eb4f84a64ce19b004131712","spanId":"948dc1cadbd16bda","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628422080299350","endTimeUnixNano":"1746628422096745997","attributes":[{"key":"size","value":{"intValue":"262"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"cdb7a1f5511b5ad3f08d037380ce08ca","spanId":"d1bfef23b9d245ba","parentSpanId":"f23126b1121b40d2","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422777768736","endTimeUnixNano":"1746628422777770776","status":{}},{"traceId":"cdb7a1f5511b5ad3f08d037380ce08ca","spanId":"01172953c4dbb38b","parentSpanId":"f23126b1121b40d2","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628422777782891","endTimeUnixNano":"1746628422777801080","status":{}},{"traceId":"cdb7a1f5511b5ad3f08d037380ce08ca","spanId":"6c0b2bdf200e1f98","parentSpanId":"f23126b1121b40d2","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422777988741","endTimeUnixNano":"1746628422777989868","status":{}},{"traceId":"bb5a0f0cd1f5629acc5e074dda4dbfbb","spanId":"388912f4c67081fb","parentSpanId":"00a25ed9d8b897ac","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422784881762","endTimeUnixNano":"1746628422784882896","status":{}},{"traceId":"bb5a0f0cd1f5629acc5e074dda4dbfbb","spanId":"ba780d0ad2b8063b","parentSpanId":"00a25ed9d8b897ac","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628422784889582","endTimeUnixNano":"1746628422784897004","status":{}},{"traceId":"bb5a0f0cd1f5629acc5e074dda4dbfbb","spanId":"03af25f41222e969","parentSpanId":"00a25ed9d8b897ac","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422785050494","endTimeUnixNano":"1746628422785051595","status":{}},{"traceId":"bb5a0f0cd1f5629acc5e074dda4dbfbb","spanId":"67179dd2fdf07b6d","parentSpanId":"0b7115e309faf3b2","name":"execute","kind":1,"startTimeUnixNano":"1746628422785273972","endTimeUnixNano":"1746628422798409190","status":{}},{"traceId":"bb5a0f0cd1f5629acc5e074dda4dbfbb","spanId":"0b7115e309faf3b2","parentSpanId":"00a25ed9d8b897ac","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628422785272605","endTimeUnixNano":"1746628422798410283","status":{}},{"traceId":"bb5a0f0cd1f5629acc5e074dda4dbfbb","spanId":"05e7dc693f00c349","parentSpanId":"00a25ed9d8b897ac","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628422798413184","endTimeUnixNano":"1746628422798871753","status":{}},{"traceId":"bb5a0f0cd1f5629acc5e074dda4dbfbb","spanId":"00a25ed9d8b897ac","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628422784809176","endTimeUnixNano":"1746628422799036330","attributes":[{"key":"size","value":{"intValue":"306"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"1"}}],"status":{}},{"traceId":"2a0b25713663a747d724d339186cc667","spanId":"49e47e972793da6e","parentSpanId":"ce60b3cd7f7feb33","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422853759330","endTimeUnixNano":"1746628422853760881","status":{}},{"traceId":"2a0b25713663a747d724d339186cc667","spanId":"c5110c81d9ccec00","parentSpanId":"ce60b3cd7f7feb33","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628422853770392","endTimeUnixNano":"1746628422853784244","status":{}},{"traceId":"2a0b25713663a747d724d339186cc667","spanId":"6df795163c8cada2","parentSpanId":"ce60b3cd7f7feb33","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422853955056","endTimeUnixNano":"1746628422853956165","status":{}},{"traceId":"e77b3d512e8f3459a69857993a55c2f9","spanId":"1cd4222d512da1ac","parentSpanId":"ccc85594303db028","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422887743431","endTimeUnixNano":"1746628422887744602","status":{}},{"traceId":"e77b3d512e8f3459a69857993a55c2f9","spanId":"cacd63f3847150d7","parentSpanId":"ccc85594303db028","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628422887751506","endTimeUnixNano":"1746628422887759638","status":{}},{"traceId":"e77b3d512e8f3459a69857993a55c2f9","spanId":"d6dadc6dc789d9f4","parentSpanId":"ccc85594303db028","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422887914488","endTimeUnixNano":"1746628422887915589","status":{}},{"traceId":"e77b3d512e8f3459a69857993a55c2f9","spanId":"44a6a0d296398042","parentSpanId":"26b0419521865002","name":"execute","kind":1,"startTimeUnixNano":"1746628422888120441","endTimeUnixNano":"1746628422899282798","status":{}},{"traceId":"e77b3d512e8f3459a69857993a55c2f9","spanId":"26b0419521865002","parentSpanId":"ccc85594303db028","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628422888119148","endTimeUnixNano":"1746628422899283798","status":{}},{"traceId":"e77b3d512e8f3459a69857993a55c2f9","spanId":"471dd8ca54b2072d","parentSpanId":"ccc85594303db028","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628422899286373","endTimeUnixNano":"1746628422899343159","status":{}},{"traceId":"e77b3d512e8f3459a69857993a55c2f9","spanId":"ccc85594303db028","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628422887668782","endTimeUnixNano":"1746628422899500369","attributes":[{"key":"size","value":{"intValue":"24"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"2"}}],"status":{}},{"traceId":"1cb6b61ade55c83f0b78e28be5deaeac","spanId":"ee6997b0ce39a638","parentSpanId":"3e3bbdeb23415dd6","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422946559425","endTimeUnixNano":"1746628422946561535","status":{}},{"traceId":"1dbf88b95efcd3fd02c98db023241aed","spanId":"62c9ecd342e4a403","parentSpanId":"1a732737f58d3114","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422946559366","endTimeUnixNano":"1746628422946561465","status":{}},{"traceId":"1cb6b61ade55c83f0b78e28be5deaeac","spanId":"9aceddb7191487d6","parentSpanId":"3e3bbdeb23415dd6","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628422946582823","endTimeUnixNano":"1746628422946595222","status":{}},{"traceId":"1dbf88b95efcd3fd02c98db023241aed","spanId":"a89917c22cff78a9","parentSpanId":"1a732737f58d3114","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628422946582757","endTimeUnixNano":"1746628422946595198","status":{}},{"traceId":"1cb6b61ade55c83f0b78e28be5deaeac","spanId":"4c6384d4cc8bd6de","parentSpanId":"3e3bbdeb23415dd6","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422946783467","endTimeUnixNano":"1746628422946784620","status":{}},{"traceId":"1dbf88b95efcd3fd02c98db023241aed","spanId":"1a31da34b1e925b8","parentSpanId":"1a732737f58d3114","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628422946783848","endTimeUnixNano":"1746628422946785015","status":{}},{"traceId":"cdb7a1f5511b5ad3f08d037380ce08ca","spanId":"3aa7151676cd507c","parentSpanId":"10ab8a31bb316b07","name":"execute","kind":1,"startTimeUnixNano":"1746628422778331926","endTimeUnixNano":"1746628422946795652","status":{}},{"traceId":"cdb7a1f5511b5ad3f08d037380ce08ca","spanId":"10ab8a31bb316b07","parentSpanId":"f23126b1121b40d2","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628422778328844","endTimeUnixNano":"1746628422946799703","status":{}},{"traceId":"1cb6b61ade55c83f0b78e28be5deaeac","spanId":"a0c87f591b5dec86","parentSpanId":"b6c250eafc383f79","name":"execute","kind":1,"startTimeUnixNano":"1746628422947226849","endTimeUnixNano":"1746628422959118422","status":{}},{"traceId":"1cb6b61ade55c83f0b78e28be5deaeac","spanId":"b6c250eafc383f79","parentSpanId":"3e3bbdeb23415dd6","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628422947225211","endTimeUnixNano":"1746628422959119712","status":{}},{"traceId":"1dbf88b95efcd3fd02c98db023241aed","spanId":"8061a28a0c2b1ff4","parentSpanId":"7237eef9358f4a18","name":"execute","kind":1,"startTimeUnixNano":"1746628422947248129","endTimeUnixNano":"1746628422959125100","status":{}},{"traceId":"1dbf88b95efcd3fd02c98db023241aed","spanId":"7237eef9358f4a18","parentSpanId":"1a732737f58d3114","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628422947246974","endTimeUnixNano":"1746628422959126064","status":{}},{"traceId":"1cb6b61ade55c83f0b78e28be5deaeac","spanId":"bea1fa43658e2829","parentSpanId":"3e3bbdeb23415dd6","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628422959122593","endTimeUnixNano":"1746628422959143470","status":{}},{"traceId":"1dbf88b95efcd3fd02c98db023241aed","spanId":"8e6e899ec18b3f5a","parentSpanId":"1a732737f58d3114","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628422959127925","endTimeUnixNano":"1746628422959143616","status":{}},{"traceId":"1cb6b61ade55c83f0b78e28be5deaeac","spanId":"3e3bbdeb23415dd6","parentSpanId":"","name":"/client-trade-view-search","kind":1,"startTimeUnixNano":"1746628422946432102","endTimeUnixNano":"1746628422959325670","attributes":[{"key":"size","value":{"intValue":"0"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"2"}}],"status":{}},{"traceId":"1dbf88b95efcd3fd02c98db023241aed","spanId":"1a732737f58d3114","parentSpanId":"","name":"/client-trade-view-search","kind":1,"startTimeUnixNano":"1746628422946432080","endTimeUnixNano":"1746628422959957157","attributes":[{"key":"size","value":{"intValue":"0"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"3"}}],"status":{}},{"traceId":"cdb7a1f5511b5ad3f08d037380ce08ca","spanId":"ef1b9ea8a5697afc","parentSpanId":"f23126b1121b40d2","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628422946807350","endTimeUnixNano":"1746628422968317972","status":{}},{"traceId":"cdb7a1f5511b5ad3f08d037380ce08ca","spanId":"f23126b1121b40d2","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628422777652146","endTimeUnixNano":"1746628422968491756","attributes":[{"key":"size","value":{"intValue":"7641"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"2a0b25713663a747d724d339186cc667","spanId":"a45a0ea7e07f1629","parentSpanId":"879f1d81604db4ba","name":"execute","kind":1,"startTimeUnixNano":"1746628422854206617","endTimeUnixNano":"1746628423035035731","status":{}},{"traceId":"2a0b25713663a747d724d339186cc667","spanId":"879f1d81604db4ba","parentSpanId":"ce60b3cd7f7feb33","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628422854205395","endTimeUnixNano":"1746628423035038846","status":{}},{"traceId":"2a0b25713663a747d724d339186cc667","spanId":"fdf816c31833f012","parentSpanId":"ce60b3cd7f7feb33","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628423035044352","endTimeUnixNano":"1746628423051482026","status":{}},{"traceId":"2a0b25713663a747d724d339186cc667","spanId":"ce60b3cd7f7feb33","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628422853673668","endTimeUnixNano":"1746628423051773340","attributes":[{"key":"size","value":{"intValue":"8122"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"1"}}],"status":{}},{"traceId":"e908fc49e239c64c2835062813a735a7","spanId":"ac2adb8a39e7353a","parentSpanId":"543710cabe780918","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423089175114","endTimeUnixNano":"1746628423089177660","status":{}},{"traceId":"e908fc49e239c64c2835062813a735a7","spanId":"4fb8718de92a7a46","parentSpanId":"543710cabe780918","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628423089194348","endTimeUnixNano":"1746628423089217702","status":{}},{"traceId":"e908fc49e239c64c2835062813a735a7","spanId":"17bc1e3f1dfa6942","parentSpanId":"543710cabe780918","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423089417364","endTimeUnixNano":"1746628423089418493","status":{}},{"traceId":"e908fc49e239c64c2835062813a735a7","spanId":"a6797a488ea456cc","parentSpanId":"5c3bd771a1bf4a02","name":"execute","kind":1,"startTimeUnixNano":"1746628423089809049","endTimeUnixNano":"1746628423103185955","status":{}},{"traceId":"e908fc49e239c64c2835062813a735a7","spanId":"5c3bd771a1bf4a02","parentSpanId":"543710cabe780918","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628423089807445","endTimeUnixNano":"1746628423103188030","status":{}},{"traceId":"e908fc49e239c64c2835062813a735a7","spanId":"81d1bbcdfa6e83d3","parentSpanId":"543710cabe780918","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628423103193647","endTimeUnixNano":"1746628423103691190","status":{}},{"traceId":"e908fc49e239c64c2835062813a735a7","spanId":"543710cabe780918","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628423089031346","endTimeUnixNano":"1746628423103913939","attributes":[{"key":"size","value":{"intValue":"212"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"0b7d28ef7bc0e861abd44245b14db07d","spanId":"1e0a64d98ea4f090","parentSpanId":"3852d1cec9c4e7e9","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423766091486","endTimeUnixNano":"1746628423766094035","status":{}},{"traceId":"0b7d28ef7bc0e861abd44245b14db07d","spanId":"be8cd5426e50e09f","parentSpanId":"3852d1cec9c4e7e9","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628423766110045","endTimeUnixNano":"1746628423766132328","status":{}},{"traceId":"0b7d28ef7bc0e861abd44245b14db07d","spanId":"224212079f109abf","parentSpanId":"3852d1cec9c4e7e9","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423766325062","endTimeUnixNano":"1746628423766326195","status":{}},{"traceId":"0b7d28ef7bc0e861abd44245b14db07d","spanId":"6bb8adc4687316dc","parentSpanId":"442eb7b8db94a755","name":"execute","kind":1,"startTimeUnixNano":"1746628423766681074","endTimeUnixNano":"1746628423777012366","status":{}},{"traceId":"0b7d28ef7bc0e861abd44245b14db07d","spanId":"442eb7b8db94a755","parentSpanId":"3852d1cec9c4e7e9","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628423766679540","endTimeUnixNano":"1746628423777014368","status":{}},{"traceId":"0b7d28ef7bc0e861abd44245b14db07d","spanId":"bb3ef75592c5a684","parentSpanId":"3852d1cec9c4e7e9","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628423777019079","endTimeUnixNano":"1746628423777117795","status":{}},{"traceId":"0b7d28ef7bc0e861abd44245b14db07d","spanId":"3852d1cec9c4e7e9","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628423765989364","endTimeUnixNano":"1746628423777303502","attributes":[{"key":"size","value":{"intValue":"26"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"bdeb1367435cc93eef9e1b5447e5fa9c","spanId":"100ead39e9ba9c31","parentSpanId":"26f3ddf26b04f0d0","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423801531246","endTimeUnixNano":"1746628423801533080","status":{}},{"traceId":"bdeb1367435cc93eef9e1b5447e5fa9c","spanId":"e581de348cced7ad","parentSpanId":"26f3ddf26b04f0d0","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628423801543246","endTimeUnixNano":"1746628423801556976","status":{}},{"traceId":"bdeb1367435cc93eef9e1b5447e5fa9c","spanId":"f76932e3be8009ce","parentSpanId":"26f3ddf26b04f0d0","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423801730818","endTimeUnixNano":"1746628423801731947","status":{}},{"traceId":"cf1db2f02742e31751645755c77a11f0","spanId":"cf5d6861daa263a6","parentSpanId":"a72e9dee48c56c56","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423881384636","endTimeUnixNano":"1746628423881386635","status":{}},{"traceId":"cf1db2f02742e31751645755c77a11f0","spanId":"7eafee4408ef7f34","parentSpanId":"a72e9dee48c56c56","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628423881398988","endTimeUnixNano":"1746628423881414413","status":{}},{"traceId":"cf1db2f02742e31751645755c77a11f0","spanId":"47bdb700d152aeec","parentSpanId":"a72e9dee48c56c56","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423881599265","endTimeUnixNano":"1746628423881600383","status":{}},{"traceId":"ce575e9c3ea65114d46c50a7978e2da0","spanId":"fa036620b35f0171","parentSpanId":"badb1e3874323ea6","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423900969771","endTimeUnixNano":"1746628423900971145","status":{}},{"traceId":"ce575e9c3ea65114d46c50a7978e2da0","spanId":"acf3048962f94651","parentSpanId":"badb1e3874323ea6","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628423900978937","endTimeUnixNano":"1746628423900988567","status":{}},{"traceId":"ce575e9c3ea65114d46c50a7978e2da0","spanId":"1cc3f8bf679d0789","parentSpanId":"badb1e3874323ea6","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423901150951","endTimeUnixNano":"1746628423901152079","status":{}},{"traceId":"4a6834c3abedebb76036c083d8b498e0","spanId":"b19b503e355f87ed","parentSpanId":"b06df1c1a076b7a0","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423909057056","endTimeUnixNano":"1746628423909058424","status":{}},{"traceId":"4a6834c3abedebb76036c083d8b498e0","spanId":"fe1fa0120be89062","parentSpanId":"b06df1c1a076b7a0","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628423909076633","endTimeUnixNano":"1746628423909085549","status":{}},{"traceId":"4a6834c3abedebb76036c083d8b498e0","spanId":"c8e2b06e7cb4b502","parentSpanId":"b06df1c1a076b7a0","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423909257094","endTimeUnixNano":"1746628423909258358","status":{}},{"traceId":"ce575e9c3ea65114d46c50a7978e2da0","spanId":"58fe2a0d5b96e691","parentSpanId":"01ded8ff4bb87446","name":"execute","kind":1,"startTimeUnixNano":"1746628423901403510","endTimeUnixNano":"1746628423919095432","status":{}},{"traceId":"ce575e9c3ea65114d46c50a7978e2da0","spanId":"01ded8ff4bb87446","parentSpanId":"badb1e3874323ea6","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628423901402088","endTimeUnixNano":"1746628423919096740","status":{}},{"traceId":"ce575e9c3ea65114d46c50a7978e2da0","spanId":"41f72d3a751f17f5","parentSpanId":"badb1e3874323ea6","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628423919099550","endTimeUnixNano":"1746628423919157381","status":{}},{"traceId":"ce575e9c3ea65114d46c50a7978e2da0","spanId":"badb1e3874323ea6","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628423900886402","endTimeUnixNano":"1746628423919306772","attributes":[{"key":"size","value":{"intValue":"20"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"2"}}],"status":{}},{"traceId":"4a6834c3abedebb76036c083d8b498e0","spanId":"3584e3f96cac5264","parentSpanId":"541032054ffa8a82","name":"execute","kind":1,"startTimeUnixNano":"1746628423909614810","endTimeUnixNano":"1746628423919877707","status":{}},{"traceId":"4a6834c3abedebb76036c083d8b498e0","spanId":"541032054ffa8a82","parentSpanId":"b06df1c1a076b7a0","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628423909613630","endTimeUnixNano":"1746628423919878668","status":{}},{"traceId":"4a6834c3abedebb76036c083d8b498e0","spanId":"b1e8ca4eaa132011","parentSpanId":"b06df1c1a076b7a0","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628423919880659","endTimeUnixNano":"1746628423919895473","status":{}},{"traceId":"4a6834c3abedebb76036c083d8b498e0","spanId":"b06df1c1a076b7a0","parentSpanId":"","name":"/client-trade-view-search","kind":1,"startTimeUnixNano":"1746628423908974529","endTimeUnixNano":"1746628423920059444","attributes":[{"key":"size","value":{"intValue":"0"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"3"}}],"status":{}},{"traceId":"ebbca258f4f7cce53e3e9f85099fc40b","spanId":"9b902b9ea13a28f7","parentSpanId":"09bd6923219bb5bf","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423931528557","endTimeUnixNano":"1746628423931530077","status":{}},{"traceId":"ebbca258f4f7cce53e3e9f85099fc40b","spanId":"2beaa7637ee4baa9","parentSpanId":"09bd6923219bb5bf","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628423931547251","endTimeUnixNano":"1746628423931557142","status":{}},{"traceId":"ebbca258f4f7cce53e3e9f85099fc40b","spanId":"9bca0665d8a5159e","parentSpanId":"09bd6923219bb5bf","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628423931731393","endTimeUnixNano":"1746628423931732555","status":{}},{"traceId":"ebbca258f4f7cce53e3e9f85099fc40b","spanId":"98b20a21818effb7","parentSpanId":"80a79a40e14f959b","name":"execute","kind":1,"startTimeUnixNano":"1746628423932135160","endTimeUnixNano":"1746628423946559189","status":{}},{"traceId":"ebbca258f4f7cce53e3e9f85099fc40b","spanId":"80a79a40e14f959b","parentSpanId":"09bd6923219bb5bf","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628423932133676","endTimeUnixNano":"1746628423946560642","status":{}},{"traceId":"ebbca258f4f7cce53e3e9f85099fc40b","spanId":"0c62016f484ea257","parentSpanId":"09bd6923219bb5bf","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628423946564397","endTimeUnixNano":"1746628423946587244","status":{}},{"traceId":"ebbca258f4f7cce53e3e9f85099fc40b","spanId":"09bd6923219bb5bf","parentSpanId":"","name":"/client-trade-view-search","kind":1,"startTimeUnixNano":"1746628423931443555","endTimeUnixNano":"1746628423946786591","attributes":[{"key":"size","value":{"intValue":"0"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"2"}}],"status":{}},{"traceId":"bdeb1367435cc93eef9e1b5447e5fa9c","spanId":"799f5c9303a8926e","parentSpanId":"82b7a836fb3942cd","name":"execute","kind":1,"startTimeUnixNano":"1746628423802058483","endTimeUnixNano":"1746628423968230048","status":{}},{"traceId":"bdeb1367435cc93eef9e1b5447e5fa9c","spanId":"82b7a836fb3942cd","parentSpanId":"26f3ddf26b04f0d0","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628423802055976","endTimeUnixNano":"1746628423968231509","status":{}},{"traceId":"bdeb1367435cc93eef9e1b5447e5fa9c","spanId":"e4e311490da24846","parentSpanId":"26f3ddf26b04f0d0","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628423968234921","endTimeUnixNano":"1746628423983757732","status":{}},{"traceId":"bdeb1367435cc93eef9e1b5447e5fa9c","spanId":"26f3ddf26b04f0d0","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628423801455549","endTimeUnixNano":"1746628423984129682","attributes":[{"key":"size","value":{"intValue":"7641"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"cf1db2f02742e31751645755c77a11f0","spanId":"612be467acadd681","parentSpanId":"15971de86c319797","name":"execute","kind":1,"startTimeUnixNano":"1746628423881912116","endTimeUnixNano":"1746628424064145761","status":{}},{"traceId":"cf1db2f02742e31751645755c77a11f0","spanId":"15971de86c319797","parentSpanId":"a72e9dee48c56c56","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628423881910844","endTimeUnixNano":"1746628424064148608","status":{}},{"traceId":"cf1db2f02742e31751645755c77a11f0","spanId":"f083d9d5ec001b16","parentSpanId":"a72e9dee48c56c56","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628424064154176","endTimeUnixNano":"1746628424082112793","status":{}},{"traceId":"cf1db2f02742e31751645755c77a11f0","spanId":"a72e9dee48c56c56","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628423881269249","endTimeUnixNano":"1746628424082393720","attributes":[{"key":"size","value":{"intValue":"8122"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"1"}}],"status":{}},{"traceId":"8a9376c07480bc15dba35754b290216f","spanId":"b1b52f62eec12931","parentSpanId":"c61982898835b7c3","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424107209646","endTimeUnixNano":"1746628424107212016","status":{}},{"traceId":"8a9376c07480bc15dba35754b290216f","spanId":"dd1dc944dce3e60c","parentSpanId":"c61982898835b7c3","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628424107224811","endTimeUnixNano":"1746628424107242394","status":{}},{"traceId":"8a9376c07480bc15dba35754b290216f","spanId":"e32722e249b428a5","parentSpanId":"c61982898835b7c3","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424107428795","endTimeUnixNano":"1746628424107429939","status":{}},{"traceId":"8a9376c07480bc15dba35754b290216f","spanId":"3b0f2325bd21c907","parentSpanId":"0f520e6d5032927b","name":"execute","kind":1,"startTimeUnixNano":"1746628424107806953","endTimeUnixNano":"1746628424127730811","status":{}},{"traceId":"8a9376c07480bc15dba35754b290216f","spanId":"0f520e6d5032927b","parentSpanId":"c61982898835b7c3","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628424107804259","endTimeUnixNano":"1746628424127734817","status":{}},{"traceId":"8a9376c07480bc15dba35754b290216f","spanId":"a09a97509a91303a","parentSpanId":"c61982898835b7c3","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628424127741448","endTimeUnixNano":"1746628424129056362","status":{}},{"traceId":"8a9376c07480bc15dba35754b290216f","spanId":"c61982898835b7c3","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628424107091898","endTimeUnixNano":"1746628424129319036","attributes":[{"key":"size","value":{"intValue":"568"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"177dd224bede8ccaa59abe4f84ed4024","spanId":"67a3ec3e8a2bd261","parentSpanId":"fa5869b9f95119d0","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424771632810","endTimeUnixNano":"1746628424771635054","status":{}},{"traceId":"177dd224bede8ccaa59abe4f84ed4024","spanId":"78a6b11107c9e1b1","parentSpanId":"fa5869b9f95119d0","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628424771647631","endTimeUnixNano":"1746628424771665503","status":{}},{"traceId":"177dd224bede8ccaa59abe4f84ed4024","spanId":"6a47eef748c2bed4","parentSpanId":"fa5869b9f95119d0","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424771856193","endTimeUnixNano":"1746628424771857341","status":{}},{"traceId":"ded8dda856590851e3ba7b2169146948","spanId":"fc73a9bfbeca7458","parentSpanId":"2124280d6b5a49bb","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424774326523","endTimeUnixNano":"1746628424774327717","status":{}},{"traceId":"ded8dda856590851e3ba7b2169146948","spanId":"c6ea34f38c871fb2","parentSpanId":"2124280d6b5a49bb","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628424774333510","endTimeUnixNano":"1746628424774340448","status":{}},{"traceId":"ded8dda856590851e3ba7b2169146948","spanId":"4b74c4d04ec0db60","parentSpanId":"2124280d6b5a49bb","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424774496059","endTimeUnixNano":"1746628424774497232","status":{}},{"traceId":"177dd224bede8ccaa59abe4f84ed4024","spanId":"f33f9ef5d71ab967","parentSpanId":"875e9a440081d540","name":"execute","kind":1,"startTimeUnixNano":"1746628424772198936","endTimeUnixNano":"1746628424782795617","status":{}},{"traceId":"177dd224bede8ccaa59abe4f84ed4024","spanId":"875e9a440081d540","parentSpanId":"fa5869b9f95119d0","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628424772196876","endTimeUnixNano":"1746628424782798529","status":{}},{"traceId":"177dd224bede8ccaa59abe4f84ed4024","spanId":"50653a77d1896c98","parentSpanId":"fa5869b9f95119d0","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628424782804126","endTimeUnixNano":"1746628424782851419","status":{}},{"traceId":"177dd224bede8ccaa59abe4f84ed4024","spanId":"fa5869b9f95119d0","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628424771513679","endTimeUnixNano":"1746628424783017282","attributes":[{"key":"size","value":{"intValue":"2"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"0"}}],"status":{}},{"traceId":"fffbf5db98828a6ceef73d36e8cb26e9","spanId":"875180bfe0545792","parentSpanId":"22ae8a8fdd791f81","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424854790232","endTimeUnixNano":"1746628424854792245","status":{}},{"traceId":"fffbf5db98828a6ceef73d36e8cb26e9","spanId":"591b397e119d5a59","parentSpanId":"22ae8a8fdd791f81","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628424854805498","endTimeUnixNano":"1746628424854822313","status":{}},{"traceId":"fffbf5db98828a6ceef73d36e8cb26e9","spanId":"924af7fec276f319","parentSpanId":"22ae8a8fdd791f81","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424855006385","endTimeUnixNano":"1746628424855007455","status":{}},{"traceId":"9098b54c93add1c381dcd3adea116129","spanId":"2232ba7f50e11ea3","parentSpanId":"1e5f530f8e3e8f3e","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424910563578","endTimeUnixNano":"1746628424910565460","status":{}},{"traceId":"9098b54c93add1c381dcd3adea116129","spanId":"d554841aebbeb76a","parentSpanId":"1e5f530f8e3e8f3e","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628424910586922","endTimeUnixNano":"1746628424910598375","status":{}},{"traceId":"9098b54c93add1c381dcd3adea116129","spanId":"c5c7ad5cf1948a3c","parentSpanId":"1e5f530f8e3e8f3e","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424910784035","endTimeUnixNano":"1746628424910785154","status":{}},{"traceId":"9098b54c93add1c381dcd3adea116129","spanId":"f6bf65e977ffe239","parentSpanId":"77e957ef2e57b8ff","name":"execute","kind":1,"startTimeUnixNano":"1746628424911245472","endTimeUnixNano":"1746628424928102543","status":{}},{"traceId":"9098b54c93add1c381dcd3adea116129","spanId":"77e957ef2e57b8ff","parentSpanId":"1e5f530f8e3e8f3e","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628424911244059","endTimeUnixNano":"1746628424928104836","status":{}},{"traceId":"9098b54c93add1c381dcd3adea116129","spanId":"29f9b0ef6e6936da","parentSpanId":"1e5f530f8e3e8f3e","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628424928109779","endTimeUnixNano":"1746628424928135100","status":{}},{"traceId":"61df555eabf3b66cd8933809f00e409f","spanId":"936a5dc9ed7dc028","parentSpanId":"9d89432319715569","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424928265438","endTimeUnixNano":"1746628424928267680","status":{}},{"traceId":"61df555eabf3b66cd8933809f00e409f","spanId":"db5670ac3a5ea8ed","parentSpanId":"9d89432319715569","name":"readLiveQuery","kind":1,"startTimeUnixNano":"1746628424928290524","endTimeUnixNano":"1746628424928301728","status":{}},{"traceId":"9098b54c93add1c381dcd3adea116129","spanId":"1e5f530f8e3e8f3e","parentSpanId":"","name":"/client-trade-view-search","kind":1,"startTimeUnixNano":"1746628424910452565","endTimeUnixNano":"1746628424928330978","attributes":[{"key":"size","value":{"intValue":"0"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"2"}}],"status":{}},{"traceId":"61df555eabf3b66cd8933809f00e409f","spanId":"74ff6a80a7e6cbd5","parentSpanId":"9d89432319715569","name":"referenceDataBuildClient","kind":1,"startTimeUnixNano":"1746628424928483515","endTimeUnixNano":"1746628424928484689","status":{}},{"traceId":"61df555eabf3b66cd8933809f00e409f","spanId":"6f263b9b420d92ff","parentSpanId":"987a90147b0c55b2","name":"execute","kind":1,"startTimeUnixNano":"1746628424928974821","endTimeUnixNano":"1746628424942932610","status":{}},{"traceId":"61df555eabf3b66cd8933809f00e409f","spanId":"987a90147b0c55b2","parentSpanId":"9d89432319715569","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628424928971882","endTimeUnixNano":"1746628424942935857","status":{}},{"traceId":"61df555eabf3b66cd8933809f00e409f","spanId":"67142c29131b39a5","parentSpanId":"9d89432319715569","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628424942942098","endTimeUnixNano":"1746628424942976185","status":{}},{"traceId":"ded8dda856590851e3ba7b2169146948","spanId":"3fac0b4cf92994a7","parentSpanId":"ead9f22035b491af","name":"execute","kind":1,"startTimeUnixNano":"1746628424774705063","endTimeUnixNano":"1746628424943113135","status":{}},{"traceId":"ded8dda856590851e3ba7b2169146948","spanId":"ead9f22035b491af","parentSpanId":"2124280d6b5a49bb","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628424774703616","endTimeUnixNano":"1746628424943114623","status":{}},{"traceId":"61df555eabf3b66cd8933809f00e409f","spanId":"9d89432319715569","parentSpanId":"","name":"/client-trade-view-search","kind":1,"startTimeUnixNano":"1746628424928177231","endTimeUnixNano":"1746628424943140053","attributes":[{"key":"size","value":{"intValue":"0"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"3"}}],"status":{}},{"traceId":"ded8dda856590851e3ba7b2169146948","spanId":"30bed27b7edec670","parentSpanId":"2124280d6b5a49bb","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628424943117528","endTimeUnixNano":"1746628424958752478","status":{}},{"traceId":"ded8dda856590851e3ba7b2169146948","spanId":"2124280d6b5a49bb","parentSpanId":"","name":"/client-trade-view","kind":1,"startTimeUnixNano":"1746628424774253005","endTimeUnixNano":"1746628424959012145","attributes":[{"key":"size","value":{"intValue":"7786"}},{"key":"view","value":{"stringValue":"D3131F0E-A7CE-E823-F65E-37642545BE49"}},{"key":"user","value":{"stringValue":"ADMIN"}},{"key":"group","value":{"stringValue":"IT_SUP_ALL"}},{"key":"concurrentRequests","value":{"intValue":"1"}}],"status":{}},{"traceId":"fffbf5db98828a6ceef73d36e8cb26e9","spanId":"bd9cb2d524a5dc67","parentSpanId":"074683b978d11bcf","name":"execute","kind":1,"startTimeUnixNano":"1746628424855337222","endTimeUnixNano":"1746628425036854881","status":{}},{"traceId":"fffbf5db98828a6ceef73d36e8cb26e9","spanId":"074683b978d11bcf","parentSpanId":"22ae8a8fdd791f81","name":"buildExecution","kind":1,"startTimeUnixNano":"1746628424855335354","endTimeUnixNano":"1746628425036857521","status":{}},{"traceId":"fffbf5db98828a6ceef73d36e8cb26e9","spanId":"7971be94bb5de2bd","parentSpanId":"22ae8a8fdd791f81","name":"adaptResponse","kind":1,"startTimeUnixNano":"1746628425036863041","endTimeUnixNano":"1746628425052869115","status":{}}]}]}]}  
Is the size of log after being stored in buckets compared to its raw size a metric I should monitor? This question came in my mind and the problem is I don't really know how to measure it, since fro... See more...
Is the size of log after being stored in buckets compared to its raw size a metric I should monitor? This question came in my mind and the problem is I don't really know how to measure it, since from the deployment/admin view, I can only view the size of a bucket. But a bucket can store logs from multiple hosts, and I don't know the size of the raw logs being sent from each host for a single bucket. So is there any formulas to calculate? AFAIK, the TRANSFORMS- function in props.conf is one of the main factors to increase size of log after being parsed, since it create index-time field extractions. Also, if there is none exact formula, has anyone calculate the log after being parse when using well-known app like parsing WinEventLog or Linux?
Hi All,   Trying to find content pack for AppDynamics on Splunk Base. Kindly help.   Thanks
We have automation to insert  /saved/searches endpoint and all is good.  Also current have quite lot of custom Splunk Enterprise Security (ESS) event-based detections handcrafted via the GUI in splun... See more...
We have automation to insert  /saved/searches endpoint and all is good.  Also current have quite lot of custom Splunk Enterprise Security (ESS) event-based detections handcrafted via the GUI in splunk cloud. (So can't directly put into savedsearches.conf) We have to automate these as they are not pure 'savedsearches'. We are following the ESCU  standards and use contentctl validate. All good till this stage But how to insert the ESCU detections into Splunk ESS? Which app to insert into? (SplunkEnterpriseSecuritySuite or DA-ESS-* type apps or can it be inserted into our own custom app itself?) Any API based automation into Splunk ESS is deeply appreciated thanks in advance
Hello, I am looking to add a particular value to an existing search of Okta data. The problem is I don't know how to extract the value which is on the same level as other values. The value I am look... See more...
Hello, I am looking to add a particular value to an existing search of Okta data. The problem is I don't know how to extract the value which is on the same level as other values. The value I am looking for is "Workflows Administrator". The existing search is: index=okta "debugContext.debugData.privilegeGranted"="*" | rename actor.displayName as "Actor", targetUserDisplayName as "Target Name", targetUserAlternateId as "Target ID", description as "Action", debugContext.debugData.privilegeGranted as "Role(s)" | eval Time = strftime(_time, "%Y-%d-%m %H:%M:%S") | fields - _time | table Time, Actor, Action, "Target Name", "Target ID", Action, "Role(s)" and sample data is { [-] actor: { [+] } authenticationContext: { [+] } client: { [+] } debugContext: { [-] debugData: { [-] privilegeGranted: Application administrator (all), User administrator (all), Help Desk administrator (all) } } device: null displayMessage: Grant user privilege eventType: user.account.privilege.grant legacyEventType: core.user.admin_privilege.granted outcome: { [-] reason: null result: SUCCESS } published: 2025-05-08T19:30:54.612Z request: { [-] ipChain: [ [+] ] } securityContext: { [-] asNumber: null asOrg: null domain: null isProxy: null isp: null } severity: INFO target: [ [-] { [-] alternateId: jdoe@company.com detailEntry: null displayName: John Doe id: 00umfyv9jwzVvafI71t7 type: User } { [-] alternateId: unknown detailEntry: null displayName: Custom role binding added id: CUSTOM_ROLE_BINDING_ADDED type: CUSTOM_ROLE_BINDING_ADDED } { [-] alternateId: /api/v1/iam/roles/WORKFLOWS_ADMIN detailEntry: null displayName: Workflows Administrator id: WORKFLOWS_ADMIN type: CUSTOM_ROLE } { [-] alternateId: /api/v1/iam/resource-sets/WORKFLOWS_IAM_POLICY detailEntry: null displayName: Workflows Resource Set id: WORKFLOWS_IAM_POLICY type: RESOURCE_SET } ] transaction: { [+] } uuid: 2c42-11f0-a9fe version: 0 }  Any help is appreciated. Thank you!
I have a query that is executing a stats count by source type, as we want to see how many sensitive files leave our firm and the quantity. I am doing an appendcols and then transposing In the da... See more...
I have a query that is executing a stats count by source type, as we want to see how many sensitive files leave our firm and the quantity. I am doing an appendcols and then transposing In the dashboard, the pie chart look like:     index=fortinet dlpextra IN (WatermarkBlock1,Log_WatermarkBlock2,Log_WatermarkBlock3,Log_WatermarkBlock4) | lookup DataF.csv dlpextra OUTPUT C_Label as C_Label | stats count as Proxy | appendcols [search index=iron AutomaticClassification | lookup IPort_Class.csv DLP_Class OUTPUT C_Label as C_Label | stats count as Email] | appendcols [search index=035 "Common.DeviceName"="p151.d.com" OR Common.DeviceName="p1p71.c.com" "SensitiveInfoTypeData{}.SensitiveInfoTypeName"=* | table SensitiveInfoTypeData{}.SensitiveInfoTypeName | stats count as SFTP ] | appendcols [search index=testing sourcetype="net:alert" dlp_rule="AZ C*" | eval dlp_rule=replace(dlp_rule, "AB", "") | stats count as Netskope] | transpose | rename "row 1" as Count My question is, how would you edit the Splunk query to rename the column name to the value I provided instead of Other.  DO i even need a transpose? That has been the best way I have found for creating a pie chart out of different data sources.  Preferably, id like to understand how to do that with the JSON formatting I get with Dashboard studio, as well as figure out how to do it inline, within the query.    Thanks  
I'm attempting to set up an Independent Stream Forwarder on a RHEL machine to collect netflow data, and have it forwarded to HEC on another machine. I have most of the configuration worked out, but w... See more...
I'm attempting to set up an Independent Stream Forwarder on a RHEL machine to collect netflow data, and have it forwarded to HEC on another machine. I have most of the configuration worked out, but when I start the streamfwd service I am receiving the following log messages: INFO [140109244728192] (SnifferReactor/SnifferReactor.cpp:161) stream.SnifferReactor - Starting network capture: sniffer ERROR [140109244728192] (SnifferReactor/PcapNetworkCapture.cpp:238) stream.NetworkCapture - SnifferReactor pcap filter 'not (host REDACTED and port 443) and not (host $decideOnStartup and port 8088)' compilation error: aid supported only on ARCnet FATAL [140109244728192] (CaptureServer.cpp:2338) stream.CaptureServer - SnifferReactor was unable to start packet capturesniffer   I don't know where it's getting that filter. I attempted to set the below line in streamfwd.conf with a valid BPF, but it doesn't seem to honor it and continues with the same error. streamfwdcapture.<N>.filter = <BPF>   I'm not necessarily concerned at this point with getting a working filter, but I assume the filter in the log message is the issue, since it's the only error in the log. Appreciate any help, thanks in advance.