Dear Friends , Suddenly all indexers are running with multiple process more then 800 count . How to check if any increase in process recently is due to any changes? And how the  process can be reduced? ( Resources( RAM/CPU) of Server already upgraded ).        

We are using a direct link to a dashboard like https://splunk.company.com/en-US/app/product_metrics/product_metrics_clone_sandbox If the user is not logged on to splunk, he/she is taken to the login-page with a "return_to" field https://splunk.company.com/en-US/account/login?return_to=%252Fen-US%252Fapp%252Fproduct_metrics%252Fproduct_metrics_clone_sandbox But after completing the login, the user is not taken to this dashboard, but to "app/launcher/home" with the hint "Could not load dashboard." However: If the user is logged in, the direct dashboard link works just fine! What setting could be wrong?

So based off my original query that shows 100+ hosts, I would like to generate a list of the hosts in statistics but my query isn't populating. It's worked before but for some reason none of the queries that are similar to this one are working. Suggestions on refining my query? index=* sourcetype=* | stats count as host by "selected fields" | stats list(host) as host list(selected fields) as "selected fields"

Hi all, About PlayBook Conditional Expressions I have a question. We use the Apps "imap", and we want to execute a process when a certain keyword is included in the body of an email we collect. Keywords are specified as "Japanese keywords", but there are no hits even if they are included in the body of the e-mail. However, if you search for Japanese keywords in the subject line of the email, you will get hits. Example Subject : "abcてすとdef" in "てすと" = True Mail body: "abcてすとdef" in "てすと" = False Does anyone have any idea what the cause is? I'm translating Japanese. Sorry if the text is not correct.

I am new to AppDynamics (~2 months), just starting to learn the technology.  During this time, I find some documentation can be improved e.g. a link to another page could have been put instead of pure text, ambiguous statements. Wanting to help improve the documentation to speed up learning (for me and others after me), is there a way to provide feedback per document/web page?

Hi Team. I have a splunk query with a list of IP addressses(Client_IP). I also have a lookup file with the IP ranges(cidr_match) which also has a location(location) fields pinpointing a location of that IP address. How can I build a report using my query of IP addresses with the location information off of the lookup file?

I use the following command try to talk to the Splunk search service -  curl -k -u myUser/myPassword  https://xxx.xxx.xx.xxx:8089/services/search/jobs -d search="search *" It returns the xml <?xml version='1.0' encoding='UTF-8'?> <response> <messages> <msg type="ERROR">No users exist. Please set up a user. </msg> <messages> </response>  and the myUser/myPassword  is correctly in the system with Admin access right. Do you have any suggestion about the error? Thanks, Gary Ngai General Dynamics

Hello Splunkers,    I am trying to compare two multi value ID columns, and return true when at least of the values matches between these 2 ID columns.    For example:  ID1 ID2 Match 402830 602369 602369 244633 TRUE 402830 840317 602369 602369 244633 TRUE 152893 443482 602369 244633 FALSE 227213 244633 602369 244633 TRUE 422210 442824 602369 244633 FALSE   The question is how to create the Match column by comparing ID1 to ID2. They are both multi value fields, and one field could contain up to  25 values.  As long as there is one match between ID1 and ID2, the match returns TRUE.  I have tried match() and mvfind(), but haven't found any luck.    Thanks all! 

I know this seems obvious I'm searching 5 minutes back and alerting on the results every 1 minute so there is 4 minutes of over lap on each search.  But due to some internal issues the logs are not always indexed right on time so I can't to a 1 minute search for a 1 minute alert or I would for sure miss stuff. The alert is throttled to to suppress triggering for 5 minutes but this is missing alerts too.  Is there any way for the alert to be aware of a previous alert result and make a dynamic allow list?

I'm trying to get an accurate percentile representation from a dataset of hourly metrics, excluding outliers.  The dataset consists of user sessions by group of machines for each hour where there's a production and a DR set of machines.  On occasion, to validate DR, those machines are used as production so when those occasions occur, they drastically skew the percentiles of an otherwise low number of DR sessions in use. Data would be like so..... Environment-Group Day Hour Session Count   Environment-Group Day Hour Session Count   Prod-A            Monday 8:00 1000   DR-A Monday 8:00 10   Prod-A            Monday 12:00 1500   DR-A Monday 12:00 25   Prod-A            Monday 16:00 1300   DR-A Monday 16:00 15   Prod-A            Tuesday 8:00 1050   DR-A Tuesday 8:00 20   Prod-A            Tuesday 12:00 1600   DR-A Tuesday 12:00 30   Prod-A            Tuesday 16:00 1400   DR-A Tuesday 16:00 25   Prod-A            Wednesday 8:00 500 Outliers-low DR-A Wednesday 8:00 500 Outliers-high Prod-A            Wednesday 12:00 800 Outliers-low DR-A Wednesday 12:00 800 Outliers-high Prod-A            Wednesday 16:00 600 Outliers-low DR-A Wednesday 16:00 600 Outliers-high Prod-A            Thursday 8:00 1000   DR-A Thursday 8:00 15   Prod-A            Thursday 12:00 1500   DR-A Thursday 12:00 50   Prod-A            Thursday 16:00 1300   DR-A Thursday 16:00 30     For this data, I might have 30 days of data where each hourly metric is below 50 for a DR group but for 1 or two days in the month it might be in the hundreds or thousands and I'm trying to represent what the consumption looks like for the month, without skewing the numbers with a DR test event. Ideally I'd like to omit the top and bottom 1, 2 or 3 percent, then get percentiles from the remaining values. The link below shows an excel example of this type calculation, excluding top & bottom values from percentiles. Using the Percentile function while excluding outliers : excel (reddit.com) =PERCENTILE.INC(IF((Values>Min)*(Values<Max),Values),Percentile)   Thanks, Jim

I have a list of software installed in our environment but some of the software have several entries duplicated with the different versions. How do I clean up the list by removing the other versions and remaining with the latest version for each software. I need help with a query for this. The query must create a corrected list of the software.