All Topics

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Topics

Hi Splunkers!    I would like to extract detection_method value, "Access Protection" file_name="HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM\", detection_method="Access Protecti... See more...
Hi Splunkers!    I would like to extract detection_method value, "Access Protection" file_name="HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM\", detection_method="Access Protection", vendor_action="IDS_ACTION_WOULD_BLOCK", Thanks, Manoj Kumar S
Hi, I have total four fields lets say a,b,c and d. i want to show 'a' as a separate column and 'b','c' and 'd' as stacked and beside 'a' along with the sum of fields ('b'+'c'+'d') so that the count ... See more...
Hi, I have total four fields lets say a,b,c and d. i want to show 'a' as a separate column and 'b','c' and 'd' as stacked and beside 'a' along with the sum of fields ('b'+'c'+'d') so that the count of these fields would come on the top of their column so that we can easily compare field 'a' with the count of rest. Note:- I don't want separate column which would give sum of these three field.  Click visualization select column chart Click format and enable the stack mode. select show data values as on Click chart overlay and Click the text box and select Total field. makeView as Axis as off Click Apply. After the above steps that i had mentioned, I can see the total on the top along with the line,   I don't need line, Can you please help me in this. Thanks in Advance! Manoj Kumar S
Help me out to ingest .act and .authlog file format in splunk.
Hello, I have an index where data is ingested once a week. Objective of ingesting this data is to identify if there is any change to a field value from last week to current. I need help writing a SP... See more...
Hello, I have an index where data is ingested once a week. Objective of ingesting this data is to identify if there is any change to a field value from last week to current. I need help writing a SPL that can help me detect the change if there is one. For more context here's an example, The relevant fields are: Role Entitlement   I need to find out if there has been any change to the entitlements to that role between data ingested on this Saturday and the past. Any help would be appreciated. Thanks    
Hi Splunkers!    Good day!    I would like to add event and detection fields in stats command, after adding in stats command, I'm not getting the expected results. I need that fields as well but I ... See more...
Hi Splunkers!    Good day!    I would like to add event and detection fields in stats command, after adding in stats command, I'm not getting the expected results. I need that fields as well but I should get the expected results, Old command  | stats count as num by name country state scope  Modified command | stats count as num by name country state scope event description - giving me wrong results. Thanks in Advance! Manoj Kumar S
Buenos días comunidad queria saber si es posible instalar el splunk en solaris 11.4, si correcto me podria proporcionar los comandos necesarios para realizar la instalacion se lo agradezco (soy novato)
Hai Team/ @Ryan.Paredez  I have developed .NET sample MSMQ sender and receiver standalone application. I have tried Instrumenting that application. I could load the profiler and was able to see th... See more...
Hai Team/ @Ryan.Paredez  I have developed .NET sample MSMQ sender and receiver standalone application. I have tried Instrumenting that application. I could load the profiler and was able to see the MQ Details and transaction snapshots for sender application, but was unable to get MQ details for receiver application in AppDynamics controller. But we are expecting MSMQ Entry point for .NET consumer application. I have tried resolving the metrics issue by adding Message Queue entry points which AppDynamics has been mentioned in the below link, https://docs.appdynamics.com/appd/21.x/21.7/en/application-monitoring/configure-instrumentation/transaction-detection-rules/message-queue-entry-points Please look into this issue and help us to resolve this. Thanks in advance.
Is it possible to create backup the app with data and visualization for a specific date to keep for a future date ?
Hi Forum, I want to chart a list - say for example  {1..100}  and represent this in a mosaic type visual presentation., if a number has been used, or not. So I would probably look to introduce a s... See more...
Hi Forum, I want to chart a list - say for example  {1..100}  and represent this in a mosaic type visual presentation., if a number has been used, or not. So I would probably look to introduce a second dimension, 1 = used , 0 = unused. Punch card looks interesting - anyone done anything similar - maybe ip addressing or something else?  my use case is charting ldap attributes (I generate the data with a script so I can control the shape of it) Want to get everyone away from spreadsheets....
Does Splunk UF agent 9.0.1 supports AWS Linux 3?
Hi I would like to integrate a viz like below in my dashboard But i wonder what is used to integrate a chart in a table row What kind of vizualisation is really used? Is anybody have xml examples... See more...
Hi I would like to integrate a viz like below in my dashboard But i wonder what is used to integrate a chart in a table row What kind of vizualisation is really used? Is anybody have xml examples? Thanks  
Created test user and assign the viwer role, test user won't  be see the settings option and manage app settings  option , aHow to hide both settings? Please help me detailed process.   Vijreddy
I have created  test user and assigned to viwer role, my requirements  is  to hide the settings & manage setting options,,test user not able to see the above options.   Please help me detailed pr... See more...
I have created  test user and assigned to viwer role, my requirements  is  to hide the settings & manage setting options,,test user not able to see the above options.   Please help me detailed process. Regards, Vijay  
Have a log with related event One event has the number widgets made in the period and another event has the actual time taken to make the widgets in that period. i can do a search and get a time ... See more...
Have a log with related event One event has the number widgets made in the period and another event has the actual time taken to make the widgets in that period. i can do a search and get a time chart of number of widgets and time used . But, what I want is a timechart  of the  actualtime/number of widgets  made.. How do i construct  a search to do that.
Hi All.. how can I search a range of characters in splunk.. example I want to search name of people whose name starts with A-L but not M-Z user = [A*-Z*] , can I have something like this ?
Our java agent isnt reporting to the controller thougn in the logs we see a message saying the agent was successfully started. I dont see any mesage that it is connected to the controller but the nod... See more...
Our java agent isnt reporting to the controller thougn in the logs we see a message saying the agent was successfully started. I dont see any mesage that it is connected to the controller but the node is shown as [null] Picked up _JAVA_OPTIONS: -Djdk.tls.maxCertificateChainLength=20 Java 9+ detected, booting with Java9Util enabled. Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_APPLICATION_NAME] for application name [App_Name] Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_TIER_NAME] for tier name [Tier_Name] Full Agent Registration Info Resolver using selfService [false] Full Agent Registration Info Resolver using selfService [false] Full Agent Registration Info Resolver using ephemeral node setting [false] Full Agent Registration Info Resolver using application name [App_Name] Read property [reuse node name] from system property [appdynamics.agent.reuse.nodeName] Full Agent Registration Info Resolver using tier name [Tier_Name] Full Agent Registration Info Resolver using node name [null] Install Directory resolved to[/opt/appdyn/javaagent/23.8.0.35032] getBootstrapResource not available on ClassLoader Class with name [com.ibm.lang.management.internal.ExtendedOperatingSystemMXBeanImpl] is not available in classpath, so will ignore export access. [AD Agent init] Thu Oct 05 17:45:32 UTC 2023[DEBUG]: JavaAgent - Setting AgentClassLoader as Context ClassLoader [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Low Entropy Mode: Attempting to swap to non-blocking PRNG algorithm [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - UUIDPool size is 10 Agent conf directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Agent conf directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[DEBUG]: AgentInstallManager - Full Agent Registration Info Resolver is running [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_APPLICATION_NAME] for application name [App_Name] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver found env variable [APPDYNAMICS_AGENT_TIER_NAME] for tier name [Tier_Name] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using selfService [false] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using selfService [false] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using ephemeral node setting [false] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using application name [App_Name] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Read property [reuse node name] from system property [appdynamics.agent.reuse.nodeName] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using tier name [Tier_Name] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Full Agent Registration Info Resolver using node name [null] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[DEBUG]: AgentInstallManager - Full Agent Registration Info Resolver finished running [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Agent runtime directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Agent node directory set to [Tier_Name-35-vvcbk] Agent runtime conf directory set to /opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: AgentInstallManager - Agent runtime conf directory set to /opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/conf [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - JDK Compatibility: 1.8+ [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Using Java Agent Version [Server Agent #23.8.0.35032 v23.8.0 GA compatible with 4.4.1.0 rc2229efcc98cb79cc989b99ed8d8e30995dc1e70 release/23.8.0] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Running IBM Java Agent [No] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Java Agent Directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Java Agent AppAgent directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032] Agent logging directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/logs] [AD Agent init] Thu Oct 05 17:45:33 UTC 2023[INFO]: JavaAgent - Agent logging directory set to [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032/logs] [AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Logging set up for log4j2 [AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - #################################################################################### [AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Java Agent Directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032] [AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Java Agent AppAgent directory [/opt/appdyn/javaagent/23.8.0.35032/ver23.8.0.35032] [AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - Using Java Agent Version [Server Agent #23.8.0.35032 v23.8.0 GA compatible with 4.4.1.0 rc2229efcc98cb79cc989b99ed8d8e30995dc1e70 release/23.8.0] [AD Agent init] Thu Oct 05 17:45:34 UTC 2023[INFO]: JavaAgent - All agent classes have been pre-loaded getBootstrapResource not available on ClassLoader Agent will mark node historical at normal shutdown of JVM Started AppDynamics Java Agent Successfully.
I have a query that gives me four totals for a month.  I am trying to figure out how to show each four total for each day searched ? Here is what I have so far: index=anIndex sourcetype=aSourcetype... See more...
I have a query that gives me four totals for a month.  I am trying to figure out how to show each four total for each day searched ? Here is what I have so far: index=anIndex sourcetype=aSourcetype "SFTP upload finished" OR "File sent to MFS" OR "File download sent to user" OR "HTTP upload finished" earliest=-0month@month latest=now | bucket _time span=day | stats count(eval(searchmatch("SFTP upload finished"))) as SFTPCount count(eval(searchmatch("File sent to MFS"))) as MFSCount count(eval(searchmatch("File download sent to user"))) as DWNCount count(eval(searchmatch("HTTP upload finished"))) as HTTPCount | table SFTPCount MFSCount DWNCount HTTPCount SFTPCount MFSCount DWNCount HTTPCount 30843 535 1584 80   Now to show the results by each day ? I have a line to specify my bucket ?
How can one add to the result of a Splunk query running on Splunk UI the time span i.e. the values one can put in earliest_time and latest_time (the earliest and latest time are coming only from the ... See more...
How can one add to the result of a Splunk query running on Splunk UI the time span i.e. the values one can put in earliest_time and latest_time (the earliest and latest time are coming only from the drop down of the time span in Splunk UI)
http://centos7.linuxvmimages.local:8000
Trying to edit the email subject line of alerts I am receiving. I have tried adding host=$host$ to the base search and in the subject line and was unsuccessful.   I have tried using the $result. h... See more...
Trying to edit the email subject line of alerts I am receiving. I have tried adding host=$host$ to the base search and in the subject line and was unsuccessful.   I have tried using the $result. host$ macro and was unsuccessful as well.   search looks like : | stats latest(cpu_load_percent) AS "CPU Utilization" by host _time | where 'CPU Utilization' >= 95 |dedup host