All Topics

Top

All Topics

From splunk user we are receiving logs but when it comes to Splunk search head its splitting into different events  Expected log : Oct 26 09:37:51 +02:00 10.191.248.38 -: Operation%%31051 # Minor #... See more...
From splunk user we are receiving logs but when it comes to Splunk search head its splitting into different events  Expected log : Oct 26 09:37:51 +02:00 10.191.248.38 -: Operation%%31051 # Minor # qaz# XYZ # 10.135.114.70 # Succeeded # Function:[Configuration Management][MML Command] PQR ME:; # 2023-10-26 09:37:51# splunk dividing into two separate events Oct 26 09:37:51 +02:00 10.191.248.38 -: Operation%%31051 # Minor # qaz# XYZ # 10.135.114.70  # Succeeded # Function:[Configuration Management][MML Command] & LST ME:; # 2023-10-26 09:37:51# How can i resolve this cannot combine this two because getting seperate event not one after another 
Hello,    I have a table with a column recording the ID, I want to make each ID in the table a Hyperlink and click on it to take me to a different page. I want each provided ID in the table to be... See more...
Hello,    I have a table with a column recording the ID, I want to make each ID in the table a Hyperlink and click on it to take me to a different page. I want each provided ID in the table to be concatenated with the begining of the hyperlink that I want to provide as static.  I tried to use drilldown option in my table and the below code is what I used but it is not working.    "eventHandlers": [ { "type": "drilldown.setToken", "options": { "tokens": [ { "token": "selection_tok", "key": "click.value" } ] } }, { "type": "drilldown.customUrl", "options": { "url": "https://(the main part of my url)/$selection_tok$", "newTab": true } }     I already tried to replace $selection_tok$ with direclty calling $click.value$ and also tried $click.value2$ I tried multiple approaches but it is not pickining out the ID from the table.       
I'm creating a dashboard that have 3 pie charts where the values for each pie chart are color-coded: green for Comply, red for Not Comply and yellow for Not Supported.  I also created 2 text inputs ... See more...
I'm creating a dashboard that have 3 pie charts where the values for each pie chart are color-coded: green for Comply, red for Not Comply and yellow for Not Supported.  I also created 2 text inputs and 3 dropdown inputs. The text input will allow user to input hostname or IP address and the pie chart will return the results of the compliance tied to the hostname or IP address with the right color code. And the dropdown inputs will allow user to select "Comply", "Not Comply" or "Not Supported". When the user selects "Not comply", the pie chart should be red, but instead it is still green because the colors apply to the series from left to right so I get the first color. Is there a way to make the colors apply accordingly after text/dropdown input change? The XML looks like this:    <form version="1.1"> <label>Overview</label> <search id="base"> <query> | savedsearch Overview | search Hostname="$field1$" "IP Address"="$field2$" OS="$field3$" "ABC Compliance"="$field5$" "DEF Compliance"="$field6$" "GHI Compliance"="$field8$" </query> <earliest>-3d@d</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> </search> <fieldset submitButton="true"> <input type="text" token="field1" searchWhenChanged="true"> <label>Hostname</label> <default>*</default> <initialValue>*</initialValue> </input> <input type="text" token="field2" searchWhenChanged="true"> <label>IP Address</label> <default>*</default> <initialValue>*</initialValue> </input> <input type="dropdown" token="field3"> <label>OS</label> <choice value="*">All</choice> <default>*</default> <initialValue>*</initialValue> <fieldForLabel>OS</fieldForLabel> <fieldForValue>OS</fieldForValue> <search> <query>| savedsearch Overview | stats count by OS</query> <earliest>-7d@h</earliest> <latest>now</latest> </search> </input> <input type="dropdown" token="field5"> <label>ABC Compliance</label> <choice value="*">All</choice> <fieldForLabel>ABC Compliance</fieldForLabel> <fieldForValue>ABC Compliance</fieldForValue> <search> <query>| savedsearch Overview | stats count by "ABC Compliance"</query> <earliest>-7d@h</earliest> <latest>now</latest> </search> <default>*</default> <initialValue>*</initialValue> </input> <input type="dropdown" token="field6"> <label>DEF Compliance</label> <choice value="*">All</choice> <default>*</default> <initialValue>*</initialValue> <fieldForLabel>DEF Compliance</fieldForLabel> <fieldForValue>DEF Compliance</fieldForValue> <search> <query>| savedsearch Overview | stats count by "DEF Compliance"</query> <earliest>-7d@h</earliest> <latest>now</latest> </search> </input> <input type="dropdown" token="field8"> <label>GHI Compliance</label> <choice value="*">All</choice> <default>*</default> <initialValue>*</initialValue> <fieldForLabel>GHI Compliance</fieldForLabel> <fieldForValue>GHI Compliance</fieldForValue> <search> <query>| savedsearch Overview | stats count by "GHI Compliance"</query> <earliest>-7d@h</earliest> <latest>now</latest> </search> </input> </fieldset> <row> <panel> <chart> <title>ABC Compliance</title> <search> <query>| savedsearch Overview | search Hostname="$field1$" "IP Address"="$field2$" OS="$field3$" "ABC Compliance"="$field5$" "DEF Compliance"="$field6$" "GHI Compliance"="$field8$" | rename "ABC Compliance" as Compliance | stats count by Compliance | eval Compliance=Compliance." (".count.")"</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="charting.chart">pie</option> <option name="charting.drilldown">none</option> <option name="charting.legend.labels">["Comply","Not Comply","Not Supported"]</option> <option name="charting.seriesColors">[0x70db70,0xff4d4d,0xffff66]</option> <option name="refresh.display">progressbar</option> </chart> </panel> <panel> <chart> <title>DEF Compliance</title> <search> <query>| savedsearch Overview | search Hostname="$field1$" "IP Address"="$field2$" OS="$field3$" "ABC Compliance"="$field5$" "DEF Compliance"="$field6$" "GHI Compliance"="$field8$" | rename "DEF Compliance" as Compliance | stats count by Compliance | eval Compliance=Compliance." (".count.")"</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="charting.chart">pie</option> <option name="charting.drilldown">none</option> <option name="refresh.display">progressbar</option> <option name="charting.legend.labels">["Comply","Not Comply","Not Supported"]</option> <option name="charting.seriesColors">[0x70db70,0xff4d4d,0xffff66]</option> </chart> </panel> <panel> <chart> <title>GHI Compliance</title> <search> <query>| savedsearch Overview | search Hostname="$field1$" "IP Address"="$field2$" OS="$field3$" "ABC Compliance"="$field5$" "DEF Compliance"="$field6$" "GHI Compliance"="$field8$" | rename "GHI Compliance" as Compliance | stats count by Compliance | eval Compliance=Compliance." (".count.")"</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="charting.chart">pie</option> <option name="charting.drilldown">none</option> <option name="refresh.display">progressbar</option> <option name="charting.legend.labels">["Comply","Not Comply","Not Supported"]</option> <option name="charting.seriesColors">[0x70db70,0xff4d4d,0xffff66]</option> </chart> </panel> </row> <row> <panel> <title>Host Summary</title> <table> <search base="base"> <query>| table Hostname, "IP Address", OS, "ABC Compliance", "DEF Compliance", "GHI Compliance"</query> </search> <option name="count">20</option> <option name="dataOverlayMode">none</option> <option name="drilldown">none</option> <option name="percentagesRow">false</option> <option name="refresh.display">progressbar</option> <option name="rowNumbers">false</option> <option name="totalsRow">false</option> <option name="wrap">true</option> <format type="color" field="ABC Compliance"> <colorPalette type="map">{"Comply":#70db70,"Not Comply":#ff4d4d, "Not Supported":#ffff66}</colorPalette> </format> <format type="color" field="DEF Compliance"> <colorPalette type="map">{"Comply":#70db70,"Not Comply":#ff4d4d, "Not Supported":#ffff66}</colorPalette> </format> <format type="color" field="GHI Compliance"> <colorPalette type="map">{"Comply":#70db70,"Not Comply":#ff4d4d, "Not Supported":#ffff66}</colorPalette> </format> </table> </panel> </row> </form>        
Summary Gradle build configuration cache cannot be enabled in the project because of AppDynamics plugin   Context   Gradle has a build configuration cache capability, which is still not enabled ... See more...
Summary Gradle build configuration cache cannot be enabled in the project because of AppDynamics plugin   Context   Gradle has a build configuration cache capability, which is still not enabled by default. Information can be found at https://docs.gradle.org/current/userguide/configuration_cache.html The build configuration cache can improve build times drastically for large projects.    However, it has some requirements for Gradle tasks for it to be able to be used (https://docs.gradle.org/current/userguide/configuration_cache.html#config_cache:requirements).   Current `debugAppDynamicsAddBuildInfo` AppDynamics Gradle task is not compatible with Gradle build configuration cache. This makes it not possible to enable it in any project using AppDynamics Gradle plugin.   How to replicate the issue   In the current project, run the following Gradle command:   ./gradlew clean assembleDebug   Key details   - AppDynamics version in use: 23.7.1   - Key configuration to enable build configuration cache: In `gradle.properties`:   org.gradle.configuration-cache=true   Error message   * What went wrong: Configuration cache problems found in this build. 1 problem was found storing the configuration cache. - Task `:app:debugAppDynamicsAddBuildInfo` of type `com.appdynamics.android.gradle.AddToClassesTask`: invocation of 'Task.project' at execution time is unsupported.   See https://docs.gradle.org/8.4/userguide/configuration_cache.html#config_cache:requirements:use_project_during_execution See the complete report at file:///<REDACTED> > Invocation of 'Task.project' by task ':app:debugAppDynamicsAddBuildInfo' at execution time is unsupported.     Stack trace   org.gradle.api.InvalidUserCodeException: Invocation of 'Task.project' by task ':app:debugAppDynamicsAddBuildInfo' at execution time is unsupported. at org.gradle.configurationcache.problems.DefaultProblemFactory$problem$1$build$diagnostics$1.get(DefaultProblemFactory.kt:86) at org.gradle.configurationcache.problems.DefaultProblemFactory$problem$1$build$diagnostics$1.get(DefaultProblemFactory.kt:86) at org.gradle.internal.problems.DefaultProblemDiagnosticsFactory$DefaultProblemStream.getImplicitThrowable(DefaultProblemDiagnosticsFactory.java:111) at org.gradle.internal.problems.DefaultProblemDiagnosticsFactory$DefaultProblemStream.forCurrentCaller(DefaultProblemDiagnosticsFactory.java:100) at org.gradle.configurationcache.problems.DefaultProblemFactory$problem$1.build(DefaultProblemFactory.kt:86) at org.gradle.configurationcache.initialization.DefaultConfigurationCacheProblemsListener.onTaskExecutionAccessProblem(ConfigurationCacheProblemsListener.kt:134) at org.gradle.configurationcache.initialization.DefaultConfigurationCacheProblemsListener.onProjectAccess(ConfigurationCacheProblemsListener.kt:74) at jdk.internal.reflect.GeneratedMethodAccessor1182.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:36) at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24) at org.gradle.internal.event.DefaultListenerManager$ListenerDetails.dispatch(DefaultListenerManager.java:472) at org.gradle.internal.event.DefaultListenerManager$ListenerDetails.dispatch(DefaultListenerManager.java:454) at org.gradle.internal.event.AbstractBroadcastDispatch.dispatch(AbstractBroadcastDispatch.java:83) at org.gradle.internal.event.AbstractBroadcastDispatch.dispatch(AbstractBroadcastDispatch.java:69) at org.gradle.internal.event.DefaultListenerManager$EventBroadcast$ListenerDispatch.dispatch(DefaultListenerManager.java:443) at org.gradle.internal.event.DefaultListenerManager$EventBroadcast$ListenerDispatch.dispatch(DefaultListenerManager.java:431) at org.gradle.internal.event.AbstractBroadcastDispatch.dispatch(AbstractBroadcastDispatch.java:43) at org.gradle.internal.event.AbstractBroadcastDispatch.dispatch(AbstractBroadcastDispatch.java:66) at org.gradle.internal.event.DefaultListenerManager$EventBroadcast$ListenerDispatch.dispatch(DefaultListenerManager.java:443) at org.gradle.internal.event.DefaultListenerManager$EventBroadcast.dispatch(DefaultListenerManager.java:232) at org.gradle.internal.event.DefaultListenerManager$EventBroadcast.dispatch(DefaultListenerManager.java:203) at org.gradle.internal.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:94) at jdk.proxy1/jdk.proxy1.$Proxy77.onProjectAccess(Unknown Source) at org.gradle.configurationcache.AbstractTaskProjectAccessChecker.notifyProjectAccess(TaskExecutionAccessCheckers.kt:33) at org.gradle.api.internal.AbstractTask.getProject(AbstractTask.java:238) at org.gradle.api.DefaultTask.getProject(DefaultTask.java:59) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:107) at groovy.lang.MetaBeanProperty.getProperty(MetaBeanProperty.java:59) at org.gradle.internal.metaobject.BeanDynamicObject$MetaClassAdapter.getProperty(BeanDynamicObject.java:256) at org.gradle.internal.metaobject.BeanDynamicObject.tryGetProperty(BeanDynamicObject.java:198) at org.gradle.internal.metaobject.CompositeDynamicObject.tryGetProperty(CompositeDynamicObject.java:55) at org.gradle.internal.metaobject.AbstractDynamicObject.getProperty(AbstractDynamicObject.java:60) at com.appdynamics.android.gradle.AddToClassesTask_Decorated.getProperty(Unknown Source) at org.codehaus.groovy.runtime.callsite.PogoGetPropertySite.getProperty(PogoGetPropertySite.java:49) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGroovyObjectGetProperty(AbstractCallSite.java:341) at com.appdynamics.android.gradle.AddToClassesTask.instrumentationConfig(AddToClassesTask.groovy:41) at com.appdynamics.android.gradle.AddToClassesTask.taskAction(AddToClassesTask.groovy:32) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:125) at org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:58) at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:51) at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:29) at org.gradle.api.internal.tasks.execution.TaskExecution$3.run(TaskExecution.java:248) at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29) at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:47) at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:73) at org.gradle.api.internal.tasks.execution.TaskExecution.executeAction(TaskExecution.java:233) at org.gradle.api.internal.tasks.execution.TaskExecution.executeActions(TaskExecution.java:216) at org.gradle.api.internal.tasks.execution.TaskExecution.executeWithPreviousOutputFiles(TaskExecution.java:199) at org.gradle.api.internal.tasks.execution.TaskExecution.execute(TaskExecution.java:166) at org.gradle.internal.execution.steps.ExecuteStep.executeInternal(ExecuteStep.java:105) at org.gradle.internal.execution.steps.ExecuteStep.access$000(ExecuteStep.java:44) at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:59) at org.gradle.internal.execution.steps.ExecuteStep$1.call(ExecuteStep.java:56) at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:78) at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:56) at org.gradle.internal.execution.steps.ExecuteStep.execute(ExecuteStep.java:44) at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:67) at org.gradle.internal.execution.steps.RemovePreviousOutputsStep.execute(RemovePreviousOutputsStep.java:37) at org.gradle.internal.execution.steps.CancelExecutionStep.execute(CancelExecutionStep.java:41) at org.gradle.internal.execution.steps.TimeoutStep.executeWithoutTimeout(TimeoutStep.java:74) at org.gradle.internal.execution.steps.TimeoutStep.execute(TimeoutStep.java:55) at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:50) at org.gradle.internal.execution.steps.CreateOutputsStep.execute(CreateOutputsStep.java:28) at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.executeDelegateBroadcastingChanges(CaptureStateAfterExecutionStep.java:100) at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:72) at org.gradle.internal.execution.steps.CaptureStateAfterExecutionStep.execute(CaptureStateAfterExecutionStep.java:50) at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:40) at org.gradle.internal.execution.steps.ResolveInputChangesStep.execute(ResolveInputChangesStep.java:29) at org.gradle.internal.execution.steps.BuildCacheStep.executeWithoutCache(BuildCacheStep.java:179) at org.gradle.internal.execution.steps.BuildCacheStep.lambda$execute$1(BuildCacheStep.java:70) at org.gradle.internal.Either$Right.fold(Either.java:175) at org.gradle.internal.execution.caching.CachingState.fold(CachingState.java:59) at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:68) at org.gradle.internal.execution.steps.BuildCacheStep.execute(BuildCacheStep.java:46) at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:36) at org.gradle.internal.execution.steps.StoreExecutionStateStep.execute(StoreExecutionStateStep.java:25) at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:36) at org.gradle.internal.execution.steps.RecordOutputsStep.execute(RecordOutputsStep.java:22) at org.gradle.internal.execution.steps.SkipUpToDateStep.executeBecause(SkipUpToDateStep.java:91) at org.gradle.internal.execution.steps.SkipUpToDateStep.lambda$execute$2(SkipUpToDateStep.java:55) at java.base/java.util.Optional.orElseGet(Unknown Source) at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:55) at org.gradle.internal.execution.steps.SkipUpToDateStep.execute(SkipUpToDateStep.java:37) at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:65) at org.gradle.internal.execution.steps.ResolveChangesStep.execute(ResolveChangesStep.java:36) at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:37) at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsFinishedStep.execute(MarkSnapshottingInputsFinishedStep.java:27) at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:77) at org.gradle.internal.execution.steps.ResolveCachingStateStep.execute(ResolveCachingStateStep.java:38) at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:108) at org.gradle.internal.execution.steps.ValidateStep.execute(ValidateStep.java:55) at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:71) at org.gradle.internal.execution.steps.CaptureStateBeforeExecutionStep.execute(CaptureStateBeforeExecutionStep.java:45) at org.gradle.internal.execution.steps.SkipEmptyWorkStep.executeWithNonEmptySources(SkipEmptyWorkStep.java:177) at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:81) at org.gradle.internal.execution.steps.SkipEmptyWorkStep.execute(SkipEmptyWorkStep.java:53) at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:32) at org.gradle.internal.execution.steps.RemoveUntrackedExecutionStateStep.execute(RemoveUntrackedExecutionStateStep.java:21) at org.gradle.internal.execution.steps.legacy.MarkSnapshottingInputsStartedStep.execute(MarkSnapshottingInputsStartedStep.java:38) at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:36) at org.gradle.internal.execution.steps.LoadPreviousExecutionStateStep.execute(LoadPreviousExecutionStateStep.java:23) at org.gradle.internal.execution.steps.CleanupStaleOutputsStep.execute(CleanupStaleOutputsStep.java:75) at org.gradle.internal.execution.steps.CleanupStaleOutputsStep.execute(CleanupStaleOutputsStep.java:41) at org.gradle.internal.execution.steps.ExecuteWorkBuildOperationFiringStep.lambda$execute$2(ExecuteWorkBuildOperationFiringStep.java:66) at java.base/java.util.Optional.orElseGet(Unknown Source) at org.gradle.internal.execution.steps.ExecuteWorkBuildOperationFiringStep.execute(ExecuteWorkBuildOperationFiringStep.java:66) at org.gradle.internal.execution.steps.ExecuteWorkBuildOperationFiringStep.execute(ExecuteWorkBuildOperationFiringStep.java:38) at org.gradle.internal.execution.steps.AssignWorkspaceStep.lambda$execute$0(AssignWorkspaceStep.java:32) at org.gradle.api.internal.tasks.execution.TaskExecution$4.withWorkspace(TaskExecution.java:293) at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:30) at org.gradle.internal.execution.steps.AssignWorkspaceStep.execute(AssignWorkspaceStep.java:21) at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:37) at org.gradle.internal.execution.steps.IdentityCacheStep.execute(IdentityCacheStep.java:27) at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:47) at org.gradle.internal.execution.steps.IdentifyStep.execute(IdentifyStep.java:34) at org.gradle.internal.execution.impl.DefaultExecutionEngine$1.execute(DefaultExecutionEngine.java:64) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeIfValid(ExecuteActionsTaskExecuter.java:145) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:134) at org.gradle.api.internal.tasks.execution.FinalizePropertiesTaskExecuter.execute(FinalizePropertiesTaskExecuter.java:46) at org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter.execute(ResolveTaskExecutionModeExecuter.java:51) at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:57) at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:74) at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:36) at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.executeTask(EventFiringTaskExecuter.java:77) at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:55) at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter$1.call(EventFiringTaskExecuter.java:52) at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:204) at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:199) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:66) at org.gradle.internal.operations.DefaultBuildOperationRunner$2.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:157) at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:59) at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:53) at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:78) at org.gradle.api.internal.tasks.execution.EventFiringTaskExecuter.execute(EventFiringTaskExecuter.java:52) at org.gradle.execution.plan.LocalTaskNodeExecutor.execute(LocalTaskNodeExecutor.java:42) at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:331) at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$InvokeNodeExecutorsAction.execute(DefaultTaskExecutionGraph.java:318) at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.lambda$execute$0(DefaultTaskExecutionGraph.java:314) at org.gradle.internal.operations.CurrentBuildOperationRef.with(CurrentBuildOperationRef.java:80) at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:314) at org.gradle.execution.taskgraph.DefaultTaskExecutionGraph$BuildOperationAwareExecutionAction.execute(DefaultTaskExecutionGraph.java:303) at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.execute(DefaultPlanExecutor.java:463) at org.gradle.execution.plan.DefaultPlanExecutor$ExecutorWorker.run(DefaultPlanExecutor.java:380) at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64) at org.gradle.internal.concurrent.AbstractManagedExecutor$1.run(AbstractManagedExecutor.java:47) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source)
How to hide a field of a table but keep it for separate search?   Thank you for your help For example:  field "id" exists on the index. I don't want to display field "id" on the first table (Base ... See more...
How to hide a field of a table but keep it for separate search?   Thank you for your help For example:  field "id" exists on the index. I don't want to display field "id" on the first table (Base search),  but display it on the second table (uses  the first search as Base search) <search id="base">     <query> index=testindex           | table company, ip, AvgScore      </query> </search> company ip AvgScore CompanyA ip1 1 CompanyA ip2 3 CompanyA ip3 4 <search base="base">       <query> | lookup  example.csv id as id OUTPUTNEW  id, location                         | table company, id, ip, AvgScore, location      </query> </search> company id ip AvgScore location CompanyA idA ip1 1 loc1 CompanyA idA ip2 3 loc1 CompanyA idA ip3 4 loc1
below is the sample json log content the main filelds are default extracts but the nested aren't. Please help to extract the nested space separated data as fields The one I want to extract as a se... See more...
below is the sample json log content the main filelds are default extracts but the nested aren't. Please help to extract the nested space separated data as fields The one I want to extract as a separate field is the line tag: service=z2-qa1-local-z2-api-endpoint APPID=1234 cluster=z2-qa1-local application=z2 full-imagename=0123456789.dkr.10cal/10.20/xyz container-id=asdfgh503 full-container-id=1234567890   Whole log event { [-] line: { [-] @timestamp: 2023-10-31T20:36:57.092Z class: x.x.x.x.x.Logging exception: line: 54 marker: message: GET https://00.00.000.000:123456/management/health forwarded from [] by [] for unknown returned 200 in 1ms pid: 7 severity: INFO span: b60d05680b3cbfa7 thread: boundedElastic-9 trace: b60d05680b3cbfa7 } source: stdout tag: service=z2-qa1-local-z2-api-endpoint APPID=1234 cluster=z2-qa1-local application=z2 full-imagename=0123456789.dkr.10cal/10.20/xyz container-id=asdfgh503 full-container-id=1234567890 }
Hello Team,   I need your help, i was in process of creating splunk email alert but got an issue as shown in the picture below , Please help me, Thank you in advance
Looking to build 1 correlation search to do the following: Bring an extracted field name from 1 ST and search that field name across another ST. If hits in both ST, do not alert. If only hits in ... See more...
Looking to build 1 correlation search to do the following: Bring an extracted field name from 1 ST and search that field name across another ST. If hits in both ST, do not alert. If only hits in the first ST, do alert. Ideally, this would function similar to how $host$ can be used in a drill down to pull the host name, though I'm not sure this is possible for a correlation search. Is there a command to do a comparison like this? So far I have the following returning results: sourcetype=A | rex field=_raw "John\s+(?<endpoint>\w+)" | append [| search sourcetype=B "Live" | rex field=_raw "Mike\s+(?<endpoint>\w+)"] This does give me results from both indexes, but this is not correlating results from A to B (obviously). I have tried several commands (join, transaction, coalesce etc) and removed these failed attempts from the above for simplicity. I may have been using these commands incorrectly as well.  TYIA
Hi Splunkers I'm trying to send alerts data from one index to another using a macro For ex: The macro is having 4 arguments like below and would like to send data to new index called "newidx" usi... See more...
Hi Splunkers I'm trying to send alerts data from one index to another using a macro For ex: The macro is having 4 arguments like below and would like to send data to new index called "newidx" using collect command here is the macro called `newmacro` eval apple=xyz, banana=abc, mango=www, grape=123 | collect index=newidx the idea is wherever I reference this macro in an alert that exact alert raw data need to be copied to the newidx but the sourcetype always changes as stash instead of original. I don't see all original fields in summary index Is there any way to define a sourcetype something like |collect index=newidx sourcetype=$sourcetype$
Dear All, Unable to send data from universal forwarder, to Splunk Enterprise i have minimal knowledge in Splunk  I'm trying to configure universal forwarder but unable to success could you please he... See more...
Dear All, Unable to send data from universal forwarder, to Splunk Enterprise i have minimal knowledge in Splunk  I'm trying to configure universal forwarder but unable to success could you please help me in this regards Please find the below my configurations i am using Splunk Enterprise 9.0 and universal forwarder version 9.1.1using Cent OS 7.0 inputs.conf [root@Universalforwarders local]# [monitor:///var/log/messages] index=os disabled=0 outputs.conf [root@Universalforwarders local]# [tcpout] defaultGroup = default-autolb-group [tcpout:default-autolb-group] [server://192.168.122.1:9997]   i used following command to check port status: netstat -an | grep 9997 tcp     0     0   0.0.0.0:9997   0.0.0.0:*   LISTEN localhost.localdomain --- my Splunk enterprise instance 127.0.0.1 --- my Splunk Universal forwarder   i want to know where i am doing mistake would be appreciate your kind support thanks in advance            
Hello, I have a lookup where all the hostnames are available under the field called "title" with respect to teams.I would like to set up an alert for team "abc" if any of the host stops reporting fo... See more...
Hello, I have a lookup where all the hostnames are available under the field called "title" with respect to teams.I would like to set up an alert for team "abc" if any of the host stops reporting for more than 15 mins, I tried the below search but unable to get the results.Can anyone please help me with the search, it is highly helpful. Search which i am using: | inputlookup 123.csv | search team="abc" | table title | rename title as host | appendpipe [ | stats count as islookupcount ] | eval current_time =now() | eval islookupcount = coalesce(islookupcount, 0) | search islookupcount = 0 | eventstats latest(_time) as last_event_time by host | where current_time - last_event_time > 900 | eval stopped_sending_time=strftime(current_time,"%Y-%m-%d %H:%M:%S") | table unit_id, host, stopped_sending_time please help me with the better search for my usecase may be i am not using the right one. Thanks
I am trying to create a dashboard panel that will have dropdowns different by the row you select.  I am using one of the searches that comes with the monitoring application as my search: index=_inte... See more...
I am trying to create a dashboard panel that will have dropdowns different by the row you select.  I am using one of the searches that comes with the monitoring application as my search: index=_internal sourcetype=splunkd TERM(group=tcpin_connections) TERM("cooked") OR TERM("cookedSSL") (hostname!=*.splunk*.*) | dedup hostname | stats c as fwdCount by version | rex field=version "^(?<fwdV>\d+.\d+)" | eval splV= [ | makeresults | eval VERSION=7.0 | append [ | rest splunk_server=local count=1 /services/server/info | stats max(version) as VERSION] | rex field=VERSION "^(?<version>\d+.\d+)" | stats max(version) as splV | return $$splV ] | eval fwd_7_3_eos=relative_time(strptime("22-Oct-2021", "%d-%b-%Y"), "+1d@d"), fwd_8_0_eos=relative_time(strptime("22-Oct-2021", "%d-%b-%Y"), "+1d@d"), fwd_8_1_eos=relative_time(strptime("19-Apr-2023", "%d-%b-%Y"), "+1d@d"), fwd_8_2_eos=relative_time(strptime("30-Sep-2023", "%d-%b-%Y"), "+1d@d"), fwd_9_0_eos=relative_time(strptime("14-Jun-2024", "%d-%b-%Y"), "+1d@d"), fwd_9_1_eos=relative_time(strptime("28-Jun-2025", "%d-%b-%Y"), "+1d@d"), fwd_default_eos=relative_time(strptime("01-Jan-1971", "%d-%b-%Y"), "+1d@d") | eval expTimestamp = case( match($$fwd_version$$, "^7\.3"), fwd_7_3_eos, match($$fwd_version$$, "^8\.0"), fwd_8_0_eos, match($$fwd_version$$, "^8\.1"), fwd_8_1_eos, match($$fwd_version$$, "^8\.2"), fwd_8_2_eos, match($$fwd_version$$, "^9\.0"), fwd_9_0_eos, match($$fwd_version$$, "^9\.1"), fwd_9_1_eos, 1==1, fwd_default_eos) | fields - fwd_*_eos | eval warn=case( (now() > expTimestamp), fwdCount, 1==1, 0) | eval info=fwdCount-warn | rename warn as "Out of date", info as "Up to date" | fields - fwdV, splV, fwdCount, expTimestamp   What I want to do is to drop down based on the row I select (see attached snapshot)
Haven't been able to find this, but I want to basically calculate up time percentage for a host based on 2 unique events.  One gets logged when something is bad, the other gets logged when everything... See more...
Haven't been able to find this, but I want to basically calculate up time percentage for a host based on 2 unique events.  One gets logged when something is bad, the other gets logged when everything is fine.   An example would be to have a host log 10 minutes of "ok" events, then 4 minutes of "bad" events, then 18 minutes of "on" events, etc. I need to out put the following based on the search range of the query. Host | total_ok_duration | total_bad_duration | percentage_ok_duration this need to be run and return for multiple hosts as well.
Hello, I am trying to change the color of the sparkline in my table. I don't have the option to change it using the dropdown menu under "Column-specific formatting" so I'm trying to do it through ... See more...
Hello, I am trying to change the color of the sparkline in my table. I don't have the option to change it using the dropdown menu under "Column-specific formatting" so I'm trying to do it through he Code option. Here is the current code I have:  { "type": "splunk.table", "dataSources": { "primary": "ds_xNY7uyLU" }, "title": "Top Notable Sources", "options": { "fontSize": "extraSmall", "columnFormat": { "sparkline": { "data": "> table | seriesByName(\"sparkline\") | formatByType(sparklineColumnFormatEditorConfig)", "sparklineColors": "> table | seriesByName(\"sparkline\") | matchValue(sparklineColorsEditorConfig)" } } }, "context": { "sparklineColorsEditorConfig": [ { "string": {}, "value": "#66aaf9" } ] }, "showProgressBar": false, "showLastUpdated": false }  
Hello Splunkers, I’m looking for the best algorithm to search for events. with the below criteria. I have a lookup with only one field but multi-valued. About 10000 lines, for example, “vatsal, ja... See more...
Hello Splunkers, I’m looking for the best algorithm to search for events. with the below criteria. I have a lookup with only one field but multi-valued. About 10000 lines, for example, “vatsal, jagani” “10.0.0.1,“10.0.0.2” I want to search index=abc, for the last 2 hours (about 50 events) to see if there are at least two events (but can be more) that contain words from one set.   For example. event-1 - “hello, I’m Vatsal. event-2 - “hello, I’m jagani too.” here, two events have matching words from the same lookup field.   Another example, event-3 - “hi, vatsal” event-4 - “hello, vatsal” this also considers matching.   And I want to run this alert every hour.   Solution-1 - I could use the map command as below but I don't think that's very efficient.   | inputlookup words_lookup.py | eval or_field = <convert words to or list like "vatsal" OR "jagani"> | map max_count=1000000 "search index=abc $or_field$"     Solution-2 - I could write a Python script, but I'm not sure what algorithm to use.   I'm looking for a more efficient query or python algorithm to do this efficiently.
I have lookup table in splunk. I want check if ever been update in Splunk using output lookup command
Hi, I am using Splunk 9.0.6, and I configured HEC + Syslog Connector for Splunk for the data ingestion. At the moment, I receive events from our two different firewall (PaloAlto and Stormshield). M... See more...
Hi, I am using Splunk 9.0.6, and I configured HEC + Syslog Connector for Splunk for the data ingestion. At the moment, I receive events from our two different firewall (PaloAlto and Stormshield). My problem arises with the fact that Stormshield is not directly supported by SC4S, so the extracted fields are not CIM compliant. More precisely, the field action should contain blocked or allowed as possible values, but it contains pass and block instead. My question is how it would be the best way to implement this transformation. I tried creating the following files in the path  C:\Program Files\Splunk\etc\apps\splunk_httpinput\local props.conf [StormShield:StormShield] TRANSFORMS = rewriteaction transform.conf [rewriteaction] EVAL-action = case(action="pass", "allowed", action="block", "blocked" , 1=1, "UNKNOWN") I restarted Splunk, but nothing really happened. Any idea of what I am doing wrong?  Many thanks.  
In dashboard classic it was possible to add a heatmap overlay to a tabular chart.  Is it possible to add the heatmap data overlay to a tabular chart in Dashboard Studio?
Hi at all, I have to use in Splunk Enterprise an external authentication using LDAP. I'm mapping roles with AD groups. I don't see empty AD gropus (groups without associated users) in the mapping ... See more...
Hi at all, I have to use in Splunk Enterprise an external authentication using LDAP. I'm mapping roles with AD groups. I don't see empty AD gropus (groups without associated users) in the mapping page. Do you think that there could be a misconfiguration or (as I suppose) it isn't possible to see them until a user is inserted in?  Thank you for your confirmation. Ciao. Giuseppe