All Topics

Top

All Topics

I am currently using a drill down which refreshes a graph in the same page, now I want to create a click elsewhere in the chart which brings the drilldown back to default values. Could someone help w... See more...
I am currently using a drill down which refreshes a graph in the same page, now I want to create a click elsewhere in the chart which brings the drilldown back to default values. Could someone help with this? Basically, its a pie chart with drilldown to a tabular view. Clicking on one of the pie changes the tabular view based on which pie is clicked. Now, I want to create some thing which can take me back to the default view i.e. all the values in pie chart and all the values in tabular form.
I have a JSON event like this:      { ...otherfields..., "fields": { "id1": 123, "id2": 456, "id3": 789, ... }, ...otherfields... }      I want to extract some key-value pairs from ... See more...
I have a JSON event like this:      { ...otherfields..., "fields": { "id1": 123, "id2": 456, "id3": 789, ... }, ...otherfields... }      I want to extract some key-value pairs from the "fields" object, i.e., I want to see the extracted fields in the "interesting fields" section. For example, if I only want to extract id1 and id3, I should use      eval new_id1 = mvindex(fields.id1, 0) eval new_id3 = mvindex(fields.id3, 0)      , right? Or is there another efficient way but not to use Foreach? I am new to the Splunk syntax so would appreciate any help. 
hello im new to learning splunk and asked about simple sample dataset logs i can practice on and someone suggested bots v3. I managed to download the dataset but it says that it require a lot of soft... See more...
hello im new to learning splunk and asked about simple sample dataset logs i can practice on and someone suggested bots v3. I managed to download the dataset but it says that it require a lot of software (splunkbase apps/adds-on) now i really not that familiar with what are these apps/adds-on i just wanted to download a dataset to practice on. the issue im encountering is that whenever i click the download button it just keeps loading the page and wont let me download the apps! is it necessary to download these apps to actualy start analysing the dataset? this is all new to me and i could not find any tutorials on how to download it only walkthroughs. 
How can i add my search time range in my table title?  Code:  <title>Search from &lt;$SelectTime.earliest$&gt; to &lt;$SelectTime.latest$&gt;</title> OutPut: Search from <1691971200> to <16920576... See more...
How can i add my search time range in my table title?  Code:  <title>Search from &lt;$SelectTime.earliest$&gt; to &lt;$SelectTime.latest$&gt;</title> OutPut: Search from <1691971200> to <1692057600>
How to change the size & colors for labels in dashboard studio?
Hi, We want to monitor the Health of the API's using the Analytics Custom event schema.  To achieve this we have created the schema using postman and published the data to the event schema we hav... See more...
Hi, We want to monitor the Health of the API's using the Analytics Custom event schema.  To achieve this we have created the schema using postman and published the data to the event schema we have created.  But, how we can replicate this for monitoring the API Performance. Can you please let us know how can we achieve this. Thanks, Vijay. 
Hi team  Is it possible to configure alert trigger actions via the splunk-sdk (nodejs) for a Splunk Add-On ? . I like to  add the slack-alert action . Is there any way to do this by rest api or... See more...
Hi team  Is it possible to configure alert trigger actions via the splunk-sdk (nodejs) for a Splunk Add-On ? . I like to  add the slack-alert action . Is there any way to do this by rest api or via official sdk     
Attached snapshot for reference.     As well as how to reduce the table size to small one
There are two searches with CI_Name as the common field . I have output and want compare the two columns installed and Server_Installed_Package based on CI_Name as common , if both are common mark it... See more...
There are two searches with CI_Name as the common field . I have output and want compare the two columns installed and Server_Installed_Package based on CI_Name as common , if both are common mark it as "Completed" in another column. If there is no match mark it as Not completed. first search output:   CI_Name installed shouldBe match Server1 nss-3.44.0-7.el6_10 nss-3.44.0-13.el6_10   Server1 nss-devel-3.44.0-7.el6_10     nss-devel-3.44.0-13.el6_10   Server1 nss-sysinit-3.44.0-7.el6_10 nss-sysinit-3.44.0-13.el6_10     Second search output : CI_Name Server_Installed_Package Server1 libgdata-0.6.4-2.el6.x86_64 Server1 util-linux-ng-2.17.2-12.28.el6_9.2.x86_64 Server1 rt73usb-firmware-1.8-7.el6.noarch Server1 sssd-1.13.3-60.el6_10.2.x86_64  
Hi.. I have a query that finds the values of service_name and service_name_count by user,Account_name .. I need to search for service_name_count>5 which is flagged as |eval flag1=new, and I need t... See more...
Hi.. I have a query that finds the values of service_name and service_name_count by user,Account_name .. I need to search for service_name_count>5 which is flagged as |eval flag1=new, and I need to exclude the history from the search using | join type=left user,Account_name [base query... earliest=-15d and latest=-7d].. . which is flagged as |eval flag2=history I need to search only for events | search flag1="New" NOT flag2="History"  Apart from these I need to find 1. Total count of new services (count the new services from all the requests that have at least 5 new services 2. Count the number of requests where each request have at least 5 new services These needs to be grouped by account_name user Please help me with any suggestions to find the above my sample code here:   index=test_index sourcetype=test_sourcetype | fields Service_Name Service_Name_Count Account_Name Account_Domain user Source_IP index sourcetype | stats earliest(_time) as earliest latest(_time) as latest values(Service_Name) as Service_Name values(Service_Name_Count) as Service_Name_Count values(Account_Name) as Account_Name values(Account_Domain) as Account_Domain values(Source_IP) as Source_IP values(index) as orig_index values(sourcetype) as orig_sourcetype by user | convert ctime(earliest) ctime(latest) | search Service_Name_Count > 5 | eval flag1="New", flag2="n.a." | join type=left Account_Name Service_Name [ search index IN (test_index2,test_index3) sourcetype=test_sourcetype2 EventCode=1234 earliest=-15d latest=-7d | fields Account_Name user Account_Domain Service_Name src_ip | rename src_ip as Source_IP | eval flag2="History"] | search flag1="New" NOT flag2="History" | table earliest latest Account_Name user Account_Domain Service_Name_Count Service_Name Source_IP flag1 flag2   Thanks in advance!
Inde= x source=xtype | table _time bank | bucket span =1sec _time | stats count as pps by _time | timechart span=1 hr  max(pps)  as "maxpps"    _time.  Max pps  columns getting output but radical... See more...
Inde= x source=xtype | table _time bank | bucket span =1sec _time | stats count as pps by _time | timechart span=1 hr  max(pps)  as "maxpps"    _time.  Max pps  columns getting output but radical chart not navigated panel  
Show if field "subject" contains one or more camel case strings like: LuckyChance to Receive a FREE IpadPro! ClaimNow! I'm having a hard time creating a regex for this. Please help.   Thank... See more...
Show if field "subject" contains one or more camel case strings like: LuckyChance to Receive a FREE IpadPro! ClaimNow! I'm having a hard time creating a regex for this. Please help.   Thank you.  
| stats count by field1 field1 field2 field3 only show yesterday count,  how can I  show count1 for yesterday, count2 for 2-day ago, count3 for 3-day ago, shown as following field1   field2 field... See more...
| stats count by field1 field1 field2 field3 only show yesterday count,  how can I  show count1 for yesterday, count2 for 2-day ago, count3 for 3-day ago, shown as following field1   field2 field3 count1 count2 coun3
What's new in July 2023? WATCH THIS PAGE FOR UPDATES — Click the caret menu above right, then Subscribe... Want notification of new monthly Product Update editions? Click here, then Subscribe on t... See more...
What's new in July 2023? WATCH THIS PAGE FOR UPDATES — Click the caret menu above right, then Subscribe... Want notification of new monthly Product Update editions? Click here, then Subscribe on the message bar In July 2023, v23.7 brought a raft of enhancements, updates, and fixes to *Cloud Native Application Observability, Agents, the SaaS Controller, On-premises Controller, and Accounts Management. *Now, Cisco Cloud Observability 11/27/2023 In this article… What release highlights should I know about? Link to Release Highlights Table Release Summaries: Cloud Native Application Observability | Agents | SaaS Controller | On-premises Controller | Accounts and Licensing  Heads Up - What else should I know about? Resolved and known issues Essentials What release highlights should I know about? What’s new? This section shows highlights from the newest features and capabilities for July 2023, whether they are new or revised. TIPS |  You can use the links on this table to jump to the product category’s corresponding section in this article, below. Looking for library updates and minor enhancements? See “other changes” for links to the Documentation. HIGHLIGHTS | Cloud Native Application Observability, Agents,   SaaS Controller, On-premises Controller, and Accounts Management  Cloud Native Application Observability enhancement highlights    To Summary NEW FEATURE MAJOR UPDATE MINOR UPDATE Troubleshoot AWS Lambda functions using OTel ✓     Monitor Google Cloud Platform (GCP) Services ✓     Monitor resources on GKE ✓     Observe additional AWS entities ✓     Configure user-defined BTs and mark favorites ✓     Onboard logs from cloud services ✓     Two ways to onboard OTel logs ✓     Avoid rolling restarts of Log Collector pods after configuration change   ✓   Support for true default log collection ✓     Log Collection exclusion condition ✓     View the entities surrounding a target log message ✓     Flexibly explore your data with the Query Builder ✓     Better understand your tech stack with the Schema Browser ✓     FSO Tenant Custom Roles ✓     Anomaly Detection expansion for Infrastructure Entities ✓     Agent enhancement highlights    To Summary NEW FEATURE MAJOR UPDATE MINOR UPDATE Analytics Agent     ✓ Android Agent: EULA Update     ✓ Apache Web Server Agent     ✓ iOS Agent     ✓ Cluster Agent     ✓ Java Agent     ✓ Machine Agent     ✓ .NET Agent     ✓ Node.js Agent     ✓ PHP Agent     ✓ Python Agent     ✓ SaaS Controller enhancement highlights.   To Summary NEW FEATURE MAJOR UPDATE MINOR UPDATE New Controller configuration flag that retries metric aggregation     ✓ Keyboard Accessibility support     ✓ UI Changes for applications with SAP ABAP servers     ✓ New sensitivity levels for Anomaly Detection to monitor BTs ✓     Email notification when a large number of evaluating entities are disabled ✓     Exclude data from Custom Dashboard widgets for a specified period ✓     New Controller setting to resolve performance issues while managing application permissions     ✓ Support for HTTP Strict Transport Security protocol for all AppDynamics SaaS endpoints     ✓ Support for defining the Databases variable     ✓ AppDynamics On-Premises enhancement highlights.   To Summary NEW FEATURE MAJOR UPDATE MINOR UPDATE Alert and Respond ✓     Android Agent     ✓ Apache Agent     ✓ On-premises Controller       Dash Studio ✓     Database Visibility   ✓   Enterprise Console (EC)     ✓ EUM Server     ✓ Java Agent   ✓   License Management   ✓   Mobile Agent   ✓   .NET Agent     ✓ Node.js Agent     ✓ PHP Agent     ✓ Private Synthetic Agent ✓     Python Agent     ✓ Xamarin Agent     ✓ Accounts and Licensing enhancement highlights.   To Summary NEW FEATURE MAJOR UPDATE MINOR UPDATE Custom roles from the Account Management portal     ✓ NOTE | The Documentation Product Announcements and Alerts Home page for ongoing product release announcements, security and support advisories, as well as end-of-life and end-of-life support notices.  Also in Documentation, each product category has a Release Notes page where enhancements are described in detail on an ongoing basis. They are:  Cisco Full-Stack Observability (FSO)  Cloud Native Application Observability  AppDynamics APM Platform 23.x  On-premises AppDynamics APM Platform  In this article, each product enhancement summary section below will include links to the referenced Release Notes page in Documentation. Where available, links to the specific version will be included.  Back to top Product Enhancement Summaries SUMMARIES| Cloud Native Application Observability,  Agents,   SaaS Controller,  On-premises Controller,  Accounts Management  Cloud Native Application Observability enhancement summaries NOTE |See the Release Notes page in the Documentation for a complete list of Cloud Native Application Observability enhancements in July, including minor releases not included here. Alert and Respond (GA v23.6.0) You can now use the not equal to (!=) operator expression for monitored entities. See Define Entity Details. Troubleshoot AWS Lambda functions using OTel GA v23.7 You can now correlate traces and spans of Lambda functions to CloudWatch metrics from Lambda for troubleshooting.  Monitor Google Cloud Platform (GCP) Services GA v23.7 You can now observe GCP Persistent Disk, and GCP Pub/Sub, for more visibility across your cloud infrastructure.  Monitor resources on GKE GA v23.7 You can now monitor the Kubernetes resources on GKE. Observe additional AWS entities GA v23.7 A number of new artifact versions are included in v23.6.0, including OTel Docker images for Linux and Windows, Cluster and Infrastructure Collectors Docker image, AppDynamics Collectors (as well as Operator) Helm chart, and DB Collector Docker image. Configure user-defined BTs and mark favorites GA v23.7 You can now define your own Business Transactions and mark favorites to appear at the top of the list.  Onboard logs from cloud services GA v23.7 Forward CloudWatch logs from AWS EC2 and Lambda to your tenant.  Two ways to onboard OTel logs GA v23.7 You can now use either the new filelog receiver in otel-collector, or the otel-java-agent. For the necessary K8s and App Services.  Avoid rolling restarts of Log Collector pods after configuration change GA v23.7 New Helm chart parameter that prevents sequential rolling restarts of Log Collector pods is available for download.  Support for true default log collections GA v23.7 New deployments only need to deploy the Log Collector to immediately see logs in the system, parsed by timestamp. Further refine your parsing configurations as needed.  Log collection exclusion condition GA v23.7 Specify conditions for excluding log collection with the new logCollectorConfig.container.excludeCondition in your collectors-values.yaml parameter.  View the entire surrounding a target log message GA v23.7 Visibility into the log messages before and after a target message enhances troubleshooting with insight into root cause.  Flexibly explore your data with the Query Builder GA v23.7 The Query Builder, powered by our extensible Universal Query Language (UQL) lets you explore metrics, events, logs and traces across your entire ecosystem. Use pre-built templates or build your own queries using type-ahead suggestions, real-time syntax highlighting, and error detection.     Better understand your tech stack with the Schema Browser GA v23.7 View all of the entities, along with their relationships and ingested metadata, across your entire data schema ..  FSO Tenant Custom Roles GA v23.7  Account and Tenant Administrators can create custom roles to fine-tune user and Service Principal permissions for FSO tenant or FSO tenants through the Account Management Portal or through the Access Management API.  Anomaly Detection for Infrastructure Entities GA v23.7 We expanded Anomaly Detection support for both Classic and Application ELB to proactively discover issues before they propagate and impact your business.  Back to top Agent enhancement summaries NOTE | See the  AppDynamics v23.7 Agent Release Notes page for a complete list of Agent enhancements in July, including library updates and bug fixes for: Analytics Agent, iOS Agent, Apache Web server Agent, PHP Agent, .NET Agent. For Bug Fixes, see Agent Resolved Issues Android Agent v23.7.1  GA August 4, 2023 The EULA file was updated in this release.   Apache Web Server Agent v23.7.3 GA July 21, 2023  Support for the IBM AIX operating system. See Supported Apache Web Servers.   Cluster Agent Now, you can use the enableInstallationReport parameter to view the summarized installation report. See Default Auto Instrumentation Properties in the documentation.  RKE2 1.26 is also supported, and the Cluster Agent was upgraded to Go language 1.20.6.    iOS Agent v23.7  GA July 31, 2023 cocoalumberjack  is updated to 1.9.2   Java Agent v23.7  GA July 31, 2023  Set the enable-openai-metrics node property to true to enable OpenAI API Monitoring on the Java Agent. See Monitor OpenAI with Java Agent in the documentation.   Support for the TheoKanning/openai-java framework. See Java Framework Support under JVM Support in the documentation.    Machine Agent v23.7  GA July 26, 2023  Use the InsallServiceWrapper.vbs script to address the unquoted service path enumeration vulnerability. See Windows Install Using ZIP with Bundled JRE in the documentation.  Upgraded third-party components: jackson-databind was upgraded to v21.13.5; com.google.guava was upgraded to v 32.0.1-jre    .NET Agent v23.7  GA August 1, 2023  Code optimizations and performance improvements by enabling inlining on Linux .Net Agent.   Node.js Agent Node.js Agent 23.7.0 supports Node.js versions 14, 15, 16, 17, 18, 19, and now 20. See Node.js Supported Environments.  The Agent also includes support for OpenSSL 3.0  Upgraded third-party library: protobuf v7.2.4    PHP Agent v23.7  GA July 19, 2023  Now supporting PHP v8.2 (See PHP Supported Environments in the documentation), this Agent also includes the resolution of issue PHP-2317 (See Agent Resolved Issues).    Python Agent v23.7  GA July 26, 2023  Run the Python Agent proxy with the compatible JRE versions (8, 11, 17, and 19), thus you can download the agent without JRE. You can also opt to download the Python Agent that is bundled with the default JRE. For more information, see Install the Python Agent.    Back to top   SaaS Controller enhancement summaries NOTE | See the full 23.6 SaaS Controller Enhancements for a complete, searchable, and sortable list of Agent enhancements, including minor updates not mentioned here. Cisco Secure Application This release includes security attack alerts.  DOCUMENTATION  Alerts Using Cisco Secure Application  (GA v23.6 Released June 28, 2023) Back to top   AppDynamics On-premises enhancement summaries NOTE | See the full On-premises and AMP Platform Release Announcements for a complete, ongoing, and sortable list of enhancements Synthetic Server The Java version was upgraded to version 17. See Synthetic Server Requirements. (GA v23.6 Released June 30, 2023) Back to top Accounts and Licensing enhancement summaries NOTE | See the full Accounts and Licensing Release Notes page for a complete, ongoing, and sortable list of enhancements Auditing Tenant Administrators can use auditing to monitor and review user actions. Among other use cases: identify security risks, adhere to compliance standards, gain behavior insights, and troubleshoot issues. See Auditing for more, including a list of common use cases, requirements, and limitations. (GA v23.6 Released June 26, 2023) Back to top SaaS Controller enhancement summaries NOTE | See the full 23.6 SaaS Controller Enhancements for a complete, searchable, and sortable list of Agent enhancements Cisco Secure Application This release includes security attack alerts.  DOCUMENTATION  Alerts Using Cisco Secure Application  (GA v23.6 Released June 28, 2023) Back to top What else should you know? AppDynamics Documentation changes REMINDER: End-user documentation is now part of Cloud Native Application Observability. You can discover and subscribe to Cloud Native Application Observability Modules and applications on the FSO Platform Exchange. Cost Insights, Application Resource Optimizer, and Kubernetes Cost and Workload Profiler . Coming Webinars Plenty of webinar activity is live on Community, including Embark on your OpenTelemetry-based full-stack observability journey (September 6 & 7), and An Introduction to Cisco AppDynamics (August 23 & 24). See dates and time by region, as well as registration links, in their respective posts above.  Check out the Events and Webinars filter in News & Announcements to keep an eye on more webinars to come.  University News From self-paced Anomaly Detection courses (Standard), and How to Integrate Secure App with Splunk (Premium), to instructor-led ADQL for Business IQ, and ADQL Vizualization for Business IQ Insights, find the details on the Education product update, July 2023 post.   NOTE | Premium Self-Paced courses require a Premium University subscription. Visit our site for more information on subscription types.   Register for new courses here.  Community News We’ve recently published a change to the structure of Community, reflected in the top navigation. Check out these posts for the details: A better way to browse and discover Community content is around the corner... and New Community structure and navigation is live!   Keep an eye on Community Updates for additional upcoming announcements.    [Suspicious] Email issue  We are experiencing an ongoing issue with automated Community emails, which members are receiving with “[Suspicious]” in the subject line. Rest assured, we are working on it, but don’t yet have a resolution. Follow the Investigating email issue with [Suspicious] in the subject post for updates.  Back to top Resolved issues See the complete lists of resolved Issues in the Release Notes. • FSO Platform Release Notes, June 2023 • AppDynamics Cloud Native Application Observability Release Notes, June 2023 • AppDynamics (CSaaS) Release Notes, June 2023 • Accounts and Licensing Release Notes, June 2023 Back to top Essentials PLANNING AN UPGRADE? | Please check backward compatibility in the Agent and Controller Compatibility documentation as part of your upgrade planning process Download Essential Components (Agents, Enterprise Console, Controller (on-prem), Events Service, EUM Components) Download Additional Components (SDKs, Plugins, etc.) How do I get started upgrading my AppDynamics components for any release? Product Announcements, Alerts, and Hot Fixes Open Source Extensions License Entitlements and Restrictions Back to top
I have this current search: index=web | eval Year=strftime(_time,"%Y") | eval Month=date_month | eval success=if(status=200,1=1,0) | search status=200 OR status=403 | chart count by Month, stat... See more...
I have this current search: index=web | eval Year=strftime(_time,"%Y") | eval Month=date_month | eval success=if(status=200,1=1,0) | search status=200 OR status=403 | chart count by Month, status | eval orden = if(Month="january",1,if(Month="february",2,if(Month="march",3,if(Month="april",4,if(Month="may",5,if(Month="june",6,if(Month="july",7,if(Month="august",8,if(Month="september",9,if(Month="october",10,if(Month="november",11,12))))))))))) | sort orden | fields - orden This search shows a graph of the amount of status "200" and "403" separated by months, I'm trying to develop a percentage line of the amount of status 200 compared to the total, how do I do this? can you help me please!      
Hi ,  I have two servers with plugin details . I want to evaluate a column as Package_installed and Package_shouldbe based on the hostname in separate column . server2 has multiple packages I want ... See more...
Hi ,  I have two servers with plugin details . I want to evaluate a column as Package_installed and Package_shouldbe based on the hostname in separate column . server2 has multiple packages I want separate row and column for each package_shouldbe and package_installed and hostname field should be same . hostname Plugins server1 Plugin Output: Remote package installed : gnutls-3.6.16-5.el8_6 Should be                : gnutls-3.6.16-6.el8_7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations. server2 Plugin Output: Remote package installed : httpd-2.4.6-98.el7_9.6 Should be                : httpd-2.4.6-98.el7_9.7 Remote package installed : httpd-tools-2.4.6-98.el7_9.6 Should be                : httpd-tools-2.4.6-98.el7_9.7 Remote package installed : mod_session-2.4.6-98.el7_9.6 Should be                : mod_session-2.4.6-98.el7_9.7 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.
Hello, I have created a splunk app, very similar to the weather example here on github My app needs to be authenticated in order to access the 'service.storage_passwords' , however when running t... See more...
Hello, I have created a splunk app, very similar to the weather example here on github My app needs to be authenticated in order to access the 'service.storage_passwords' , however when running the command on my admin Splunk account   |test_command   'None' is being printed in my search.log file for the authenticated object.   This is my Python code -   #Various imports logger = logging.getLogger("MyCommand") logger.setLevel(logging.DEBUG) @Configuration() class MyCommand(GeneratingCommand): ip = Option(require=True) def generate(self): try: logger.debug("Starting MyCommand run") service = self.service # THIS IS NONE sesh_key = self._metadata.searchinfo.session_key) # THIS IS NONE logger.debug(service) #None logger.debug(sesh_key) #None # Dispatch your custom search command dispatch(MyCommand, sys.argv, sys.stdin, sys.stdout, __name__)     and my commands.conf (unsure if these options are correct)   [test_command] type = python filename = test_command.py supports_getinfo = true supports_rawargs = true passauth = true enableheader = true      I assume I am missing something fairly obvious regarding how to pass authentication into my app when a command is ran, however I cannot determine the issue.   Appreciate any help.
How to create a dashboard to show the activities of the users specially uploading files. Kindly  
Hi, I'm working with a large amount of data. I have a main report that extracts all data of the previous month and 5 additional small reports that filter by event type and take the only fields tha... See more...
Hi, I'm working with a large amount of data. I have a main report that extracts all data of the previous month and 5 additional small reports that filter by event type and take the only fields that are relevant for the event. For example: report 1 for event A, report 2 for event B, and so on.. In order to improve the performance I want to use a summary index. I read the documentation and I'm doing the following: Create a report in: "Searches, Reports, and Alerts" the query is : index=myIndex source=mySource sourcetype=_json | rename… | table … | stats values(*) as * by TimeStamp,source | lookup lookUp_table_toAdd_Fields.csv source AS source | sistats values(*) as * by TimeStamp,source Enable summary index   Scheduled the report. Run daily for 24 hours.   Create a new search to extract data saved in the index: index="summary" source="SummaryIndex_Main" | stats values(*) as * by TimeStamp,source | table * Data range- only 6 days  (data between 1.8-6.8, only 987,771 events) Results: When it runs it looks like it collecting the data but when the run finish, the statistics tab contain no results and I get the error:" The following error(s) occurred while the search ran. Therefore, search results might be incomplete." I don’t have permission to change the config files and I'm not sure what I'm doing wrong. Please help!!   *Note- I need to extract all the original fields from the main query this is why I use sistats and stats (and not collect). And I have no aggregation. Just need to extract the data and be aware of overlaps. * Relevant questions that I have posted: https://community.splunk.com/t5/Reporting/Summary-index-for-non-aggregated-data-How-to-read-only-delta/m-p/653550#M12166 https://community.splunk.com/t5/Reporting/Why-sistats-doesn-t-work-after-lookup/m-p/653864#M12170 Thanks, Maayan
some issues with short id we cant able to search through incident review, actually the paloalto saor is integrated with splunk, some incidents will changing their status and short id creating from xs... See more...
some issues with short id we cant able to search through incident review, actually the paloalto saor is integrated with splunk, some incidents will changing their status and short id creating from xsoar its reflecting in splunk but we cant able to search with that short id in incident review. only short id created by Xsoar we can't able to searchable remaining shortid in splunk can be searchable . Please provide me how to resolve this issue