All Topics

Top

All Topics

Hi there everyone. I am struggling to get the Events Api to accept a query for some metrics I want to query. I followed the instructions on https://docs.appdynamics.com/appd/21.x/21.6/en/extend-a... See more...
Hi there everyone. I am struggling to get the Events Api to accept a query for some metrics I want to query. I followed the instructions on https://docs.appdynamics.com/appd/21.x/21.6/en/extend-appdynamics/appdynamics-apis/analytics-events-api and have setup the postman request with the required fields. I have made sure to give the api_key the correct permissions but I when querying the fra-ana controller I am hit with a 403.  I cannot see why I am being hit with his error or find any documentation to help me debug it. `My query looks like the following: curl -X POST "http://fra-ana-api.saas.appdynamics.com/events/query" -header "X-Events-API-AccountName: <global_account_name>"  -header "X-Events-API-Key: <api_key>"  -header "Content-Type: application/vnd.appd.events+text;v=2"  -header "Accept: application/vnd.appd.events+json;v=2"  -data "SELECT * FROM logs" I have tried this command in postman and in Powershell both returning the same 403.
I want to get my inputlookup csv filename with the query. | inputlookup abc.csv | stats count by inputlookup_filename  ```<= the result I needed is "abc"``` Or | table inputlookup_filename ```<... See more...
I want to get my inputlookup csv filename with the query. | inputlookup abc.csv | stats count by inputlookup_filename  ```<= the result I needed is "abc"``` Or | table inputlookup_filename ```<= the result I needed is "abc"```
is the output of the attached image right? i can see data model per run duration but by size has no values
good day, please help. DB agent has a problem with connecting more detailed metrics. I restarted and reinstalled the agent but the error persists #|2023-11-28T13:37:39.480+0100|SEVERE|glassfish 4.1... See more...
good day, please help. DB agent has a problem with connecting more detailed metrics. I restarted and reinstalled the agent but the error persists #|2023-11-28T13:37:39.480+0100|SEVERE|glassfish 4.1|com.sun.jersey.spi.container.ContainerResponse|_ThreadID=56;_ThreadName=http-listener-1(6);_TimeMillis=17011750594 80;_LevelValue=1000;|The RuntimeException could not be mapped to a response, re-throwing to the HTTP container RestException(statusCode=500, code=Unknown, errorMessage=Unknown server error., developerMessage=null, logCorrelationId=5041de7e-2229-4c14-a847-5e8cd4703df6) at com.appdynamics.analytics.client.common.exceptions.RestExceptionFactory.makeException(RestExceptionFactory.java:56) at com.appdynamics.analytics.client.common.RestClientUtils.validateResponse(RestClientUtils.java:278) at com.appdynamics.analytics.client.common.RestClientUtils.resolve(RestClientUtils.java:85) at com.appdynamics.analytics.client.common.GenericHttpRequestBuilder.executeAndReturnRawResponseString(GenericHttpRequestBuilder.java:287) at com.appdynamics.analytics.shared.rest.client.eventservice.DefaultEventServiceClient.searchEvents(DefaultEventServiceClient.java:479) at sun.reflect.GeneratedMethodAccessor20202.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.singularity.ee.controller.beans.analytics.client.AccountCreatingAnalyticsClient$ProxyingEventServiceClient.invoke(AccountCreatingAnalyticsClient.java:10 4) at com.sun.proxy.$Proxy620.searchEvents(Unknown Source) at com.appdynamics.analytics.shared.rest.client.DefaultAnalyticsClient.searchEvents(DefaultAnalyticsClient.java:68) at com.appdynamics.ui.dbmon.impl.query.QueryHelper.search(QueryHelper.java:165) at com.appdynamics.ui.dbmon.impl.esHelpers.DBReportsHelper2.getWaitStateInfoForDB(DBReportsHelper2.java:28) at com.appdynamics.ui.dbmon.impl.services.dashboard.DBServerDashboardUiServiceImpl.getWaitStateData(DBServerDashboardUiServiceImpl.java:215) at sun.reflect.GeneratedMethodAccessor22351.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java :185) at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409) at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:540) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:715) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:286) at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:276) at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:181) at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:120) at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:135) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.filter.RestSessionFilter.doFilter(RestSessionFilter.java:209) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.CsrfFilter.doFilter(CsrfFilter.java:139) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.AgentRejectionFilter.doFilter(AgentRejectionFilter.java:59) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.RequestOriginMarkingFilter.lambda$doFilter$0(RequestOriginMarkingFilter.java:26) at com.appdynamics.platform.RequestOrigin.runAs(RequestOrigin.java:64) at com.singularity.ee.controller.servlet.RequestOriginMarkingFilter.doFilter(RequestOriginMarkingFilter.java:24) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.CacheControlFilter.doFilter(CacheControlFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at com.singularity.ee.controller.servlet.UnsecuredUrlsRejectFilter.doFilter(UnsecuredUrlsRejectFilter.java:78) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:316) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734) at org.apache.catalina.core.StandardPipeline.doChainInvoke(StandardPipeline.java:678) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174) at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:416) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:283) at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167) at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:206) at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:180) at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235) at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284) at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201) at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133) at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112) at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77) at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:539) at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56) at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:593) at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:573) at java.lang.Thread.run(Thread.java:748)
While the Speakatoo API performs as expected in POSTMAN, it encounters challenges when integrated into my system.
please tell me. How do I hide filters in Splunk Dashboard Studio? Is it an XML-only option? XML → <form hideFilters="true"> JSON → ???
hello everyone i check in log maxmind tracker get this error "Could not download MaxMind GeoIP MD5, exiting." how can i solve this ?    thankyou
Dear team, I need to join the two-index search and print the common ID's count. The below mentioned two different index it work independently, both the index having same correlation_ID but different... See more...
Dear team, I need to join the two-index search and print the common ID's count. The below mentioned two different index it work independently, both the index having same correlation_ID but different messages. So common correlation ID count for the both index need to print. index = Test1  invoked_component="XXXX" "genesys" correlation_id="*" message="Successfully received" | stats count by correlation_id index = Test2  invoked_component="YYYY" correlation_id="*" | where message IN ("Successfully created" , "Successfully updated") | stats count by correlation_id
Is this even possible?! Any help will be appreciated. I need to search for specific text in a Windows host name that is located, by naming convention, after a 4, 5 or 6 character campus site code. T... See more...
Is this even possible?! Any help will be appreciated. I need to search for specific text in a Windows host name that is located, by naming convention, after a 4, 5 or 6 character campus site code. The specific text identifies the function of the host (e.g., print server, database server, domain controller, etc.). For example (these host names are simplified to illustrate the problem): 1.)    host=L004PS4bldDC7, the campus site code is “L004” and the function code is “PS” 2.)    host= L0005DB5bldPS, the campus site code is “L0005” and the function code is “DB” 3.)    host=L00006DC6rDB1, the campus site code is “L00006” and the function code is “DC” The data I’m searching through has 200+ campus site codes, each of which can be 4, 5 or 6 characters and each search will return 1000+ events. We are using a lookup to identify the campus site attribute from the host name. Using the same process doesn’t work for the function code. The characters following the function code are determined by the campus site admins and used to identify the physical location of each host on their campus (building name or room number). These physical location codes sometimes contain characters that match a function code required by the naming convention. For instance, if I search for events or metrics from print servers using *PS*, I also get them from non-print servers like host #2 above.
I created a manual correlation search with the below SPL --> the action is notable creation splunk_server=* index=* host=x.x.x.x "login" | stats count by src_ip | where count > 3 after that i can... See more...
I created a manual correlation search with the below SPL --> the action is notable creation splunk_server=* index=* host=x.x.x.x "login" | stats count by src_ip | where count > 3 after that i can see the notable created from the search tab index=notable but still the incident review has no values any hints guys?
How to create a detection rule on the LLMNR with sysmon or wineventlog, im kinda new to splunk
Hello Splunkers,    I wanted to extract  output1 and output6 fields from raw event Example Event1: Message : output,1: The guess/tmp/var/tms/bmp_abcd/apm_salesforce/address_standardplot/service... See more...
Hello Splunkers,    I wanted to extract  output1 and output6 fields from raw event Example Event1: Message : output,1: The guess/tmp/var/tms/bmp_abcd/apm_salesforce/address_standardplot/serviceinput/AddressStandardiplot_S3_VariousDmsJob_V9_apm_unmatch_AVI-pct-STANDARD_123456789_9912333333-f12f-5cb9-aa10-9d101188ad47.banana.2 file, which contains 456 rows, was written to the standardplot-s3-abc-dev-005 bucket. Example Event 2 Message : output,6: Input 0 consumed 123 records. desired result output1=456 rows output6=123 records Message field is also not auto extracted by Splunk. May need to use |rex field=_raw........ Please Advise  
I need to be able to perform a search in Splunk for a message ID and identify all the users that received it. We currently have a SOAR playbook that uses the Microsoft EWS API, but that has been depr... See more...
I need to be able to perform a search in Splunk for a message ID and identify all the users that received it. We currently have a SOAR playbook that uses the Microsoft EWS API, but that has been depreciated. As far as I know, Graph API (the replacement) does not have an end point for a full message trace. Does anyone have a better alternative?
Hi, we have multiple services that we want to have filtered out from the journald. Is there a way to do the opposite of this stanza parameter? to exclude _SYSTEMD_UNIT=my.service journalctl-filt... See more...
Hi, we have multiple services that we want to have filtered out from the journald. Is there a way to do the opposite of this stanza parameter? to exclude _SYSTEMD_UNIT=my.service journalctl-filter =_SYSTEMD_UNIT=my.service    If that's not possible, what's the best way to do that?
Learn how to tie application performance to business goals — powered by Cisco Cloud Observability Traditional monitoring tools that focus only on technical performance metrics leave IT teams with... See more...
Learn how to tie application performance to business goals — powered by Cisco Cloud Observability Traditional monitoring tools that focus only on technical performance metrics leave IT teams with a disconnected view of how applications impact business outcomes.  Join our live webinar to learn how Cisco Cloud Observability provides visibility into your most revenue-critical application flows — and how application and infrastructure performance directly affect business KPIs.   From metrics to revenue: A deep dive into Cisco Cloud Observability AMER: December 13 at 11 a.m. PST / 2 p.m. EST APAC: December 14 at 8:30 a.m. IST / 11 a.m. SGT / 2 p.m. AEDT EMEA: December 14 at 10 a.m. GMT / 11 a.m. CET You’ll learn how to:  Break down silos between business and IT teams with shared context  Connect app performance, infrastructure health, and business metrics  Prioritize actions based on business impact to maximize revenue  Register now to ensure your applications are moving the needle on the KPIs that matter most to your business.  Speakers  Cale Hilts is a Sr. Product and Solutions Marketing Manager at Cisco AppDynamics where he focuses on observability for cloud native applications, joint solutions with cloud service providers and their role in the Cisco Full-Stack Observability portfolio.  Emily Wang is a Product Manager for Digital Experience Monitoring at Cisco AppDynamics. She has been driving innovations in Enterprise SaaS for more than 13 years.  Emily is passionate about the intersection of observability and outcomes for users and businesses.    
Hey I've been working on a distributed Splunk environment, where in one of our indexes we have a very high cardinality "source" field (basically different for each event). I've noticed that using t... See more...
Hey I've been working on a distributed Splunk environment, where in one of our indexes we have a very high cardinality "source" field (basically different for each event). I've noticed that using tstats 'distinct_count' to count the number of sources, I am getting an incorrect result (far from one per event). The query looks something like: |tstats dc(source) where index=my_index   I've noticed that when I search on a smaller number of events (~100,000 instead of ~5,000,000), the result is correct. In addition, when using estdc I get a better result than dc (which is wildly wrong). Finally, when using stats instead of tstats, I get the correct value: index=my_index | stats dc(source)   Any ideas? My guess is that I'm hitting some memory barrier, but there is no indication of this.
Hello Everyone, I have a query where a user selects a time range in the timeticker Let say 10 november 08:30am to 10 novemeber 11:30am The user wants to only see the events for the last 5 minutes ... See more...
Hello Everyone, I have a query where a user selects a time range in the timeticker Let say 10 november 08:30am to 10 novemeber 11:30am The user wants to only see the events for the last 5 minutes  i.e from 10 novmeber 11:25am 10 novemeber 11:30am to look for errors in that 5 minutes He has two panels total errors in the the selected timeframe Total errors in the last 5mins of the selected timeframe I'm able to create panel 1 how to create panel 2 how Below search for panel 2 earliest=-5m  latest=$info_max_time$ index=newdata sourcetype=oracle source="/u0/DATA_COUNT.txt" loglevel="ERROR" |bin span=5m _time |stats dc(loglevel) by INSTANCE_NAME
Hello, can someone provide feedback on how I can change the color of my panel to transparent? Below is my code snippet. I'm not great with CSS or XML. I was using dashboard studio which was straight ... See more...
Hello, can someone provide feedback on how I can change the color of my panel to transparent? Below is my code snippet. I'm not great with CSS or XML. I was using dashboard studio which was straight forward on how to change but I'm back with classic for now.  <panel> <single> <title>Total First Time</title> <search base="base_search"> <query>|search Cur= $t_cur$ | bin _time span=$t_bin$ | stats sum(FirstTime) as sumFirstTime by Category</query> </search> <option name="drilldown">none</option> <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option> <option name="refresh.display">progressbar</option> </single> </panel>  
Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can benefit from: Updates to the data sets UI to improve the overall usability and acce... See more...
Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can benefit from: Updates to the data sets UI to improve the overall usability and accessibility  Dashboard Studio improvements:  New ability to conditionally show or hide panels in Grid layout New option to select Dashboard Studio when saving reports to dashboards Admins can benefit from: Zero downtime upgrades for SHC Victoria stacks, allowing search continuity for short and long-running searches during upgrades and rolling restarts New Workload Management rules with a predicate search_time_range to reduce the impact of searches over large amounts of data Decentralized search telemetry collection, increasing efficiency, integrity (completeness), and reliability of search telemetry while freeing up Search Head capacity Improved role based security for every search using Access Control List (ACL)  An update to Splunk Secure Gateway to allow turning on/off mobile notifications for Alerts and Reports and resizing of the SSG opt-in window enabling mobile users to opt-in from their mobile device during login Private Connectivity now available for Splunk Cloud Platform search capabilities and UI access over private endpoints through AWS PrivateLink for PCI, HIPAA, IRAP, and GovCloud offerings Check out the full release notes for more details. Python 2 is in the process of deprecation and soon will no longer be available in coming releases. jQuery v3.5 library is now set as the platform default; prior jQuery libraries are no longer supported.
Hello, I am looking to pass in a list of devices into an enrichment playbook but the issue I have is that the input playbook takes in one device at time and returns a JSON object of details related ... See more...
Hello, I am looking to pass in a list of devices into an enrichment playbook but the issue I have is that the input playbook takes in one device at time and returns a JSON object of details related to that device. I then want to add each result into a JSON object. How can I achieve this in the most efficient way?