Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About VijaySrrie
VijaySrrie
Builder
Member since:
02-22-2019
04-14-2026
Community Statistics
| Posts | 276 |
| Solutions | 13 |
| Karma Given | 73 |
| Karma Received | 10 |
| Member Since | 02-22-2019 |
Activity Feed
- Posted Re: DB connect version 4.2.0 on All Apps and Add-ons. 04-14-2026 10:19 PM
- Posted DB connect version 4.2.0 on All Apps and Add-ons. 04-14-2026 10:18 PM
- Posted Splunkbase app download via command line on Splunk Enterprise Security. 09-13-2024 02:19 AM
- Posted Auto Update MaxMind Database on Splunk Enterprise. 09-04-2024 02:24 AM
- Karma Re: Skipped search for vigneshnarendra. 09-03-2024 06:43 PM
- Posted Skipped search on Splunk Search. 09-02-2024 04:21 AM
- Posted Re: Log latency on Security. 08-28-2024 01:53 AM
- Karma Re: Log latency for KendallW. 08-28-2024 01:53 AM
- Posted Log latency on Security. 08-23-2024 03:37 AM
- Karma Re: timechart and trendline command for ITWhisperer. 08-23-2024 03:08 AM
- Posted Re: timechart and trendline command on Splunk Search. 08-23-2024 03:07 AM
- Posted Re: timechart and trendline command on Splunk Search. 08-18-2024 05:45 PM
- Posted Re: timechart and trendline command on Splunk Search. 08-13-2024 04:27 PM
- Karma Re: Dashboard studio - Add colours for inventsekar. 08-13-2024 04:12 AM
- Posted timechart and trendline command on Splunk Search. 08-13-2024 04:11 AM
- Posted Dashboard studio - Add colours on Dashboards & Visualizations. 07-31-2024 03:16 AM
- Posted Re: dashboard studio to classic dashboard on Dashboards & Visualizations. 07-23-2024 08:43 PM
- Posted dashboard studio to classic dashboard on Dashboards & Visualizations. 07-22-2024 06:18 AM
- Posted Skipped searches on Knowledge Management. 07-16-2024 06:56 PM
- Karma Re: Skipped Search for richgalloway. 07-04-2024 11:40 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-20-2020
07:15 PM
syslog and kernal log goes to endpoint Datamodel. Endpoint Datamodel: The fields and tags in the Application State data model describe service or process inventory and state, such as Unix daemons, Windows services, running processes on any OS, or similar systems. Antivirus database update logs goes to Malware Datamodel Malware Datamodel: Use this model for any malware detection (e.g. anti-virus) or malware operation (e.g. scan start, malware signature update) event It is best suited to signature-based anti-malware, where the scanning engine receives updates to a set of signatures Some products are difficult to decide whether they are best modeled as Malware or Intrusion Detection: either can be network or host based, and there is significant overlap. If it is unclear, then initiate a discussion with CSOC and other Splunk developers to decide which model is best used for a given product's logs.
... View more
07-19-2020
07:05 PM
Hi, Please let me know to which datamodel below logs should be tagged to ? 1)Syslog: Jun 18 06:25:02 ip-00-0-00-000 start-amazon-cloudwatch-agent[0000]: 2020/06/18 06:25:02 Stopping tail as file no longer exists: /var/log/syslog 2) Antivirus Database update logs: Wed May 27 23:46:53 2020 -> daily database available for download (remote version: 00000) 3) Linux Kernal Logs May 27 09:28:45 ip-00-0-0-000 kernel: [ 0.000000] Initializing cgroup subsys cpuset
... View more
Labels
- Labels:
-
investigation
07-17-2020
08:32 AM
1 Karma
@richgalloway Do you have a savedsearch named - License Usage Data Cube? I have reproduced the error with this savedsearch. In splunk - I ran this search for 1 minute and filtered one component where in splunk I am getting 1 log, when I try connecting the API with the same savedsearch for same timing and same filters applied, I am able to see 4 logs in JSON Mode.
... View more
07-17-2020
02:51 AM
This one worked https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export?output_mode=json&segmentation=none&latest_time=2020-07-15T00%3A05%3A00.000&earliest_time=2020-07-15T00%3A00%3A00.000&search=|savedsearch%20savedsearchname%20|search%20Code=XXX-10-12
... View more
07-17-2020
02:48 AM
This one worked https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export?output_mode=json&segmentation=none&latest_time=2020-07-15T00%3A05%3A00.000&earliest_time=2020-07-15T00%3A00%3A00.000&search=|savedsearch%20savedsearchname%20|search%20Code=XXX-10-12
... View more
07-16-2020
09:56 PM
1 Karma
Hi, I am using below REST API Call and able to see the results - But it is giving me duplicate values. In splunk I am able to see only one log whereas in REST API Call I am able to see 3 logs. Please let me know how to eliminate the duplicate values in REST API Call https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export?output_mode=json&segmentation=none&latest_time=2020-07-15T00%3A05%3A00.000&earliest_time=2020-07-15T00%3A00%3A00.000&search=|savedsearch%20savedsearchname%20|search%20Code=XXX-10-12 Note: This duplicate value could be seen only for JSON Format, for other formats it is working fine. Let me know how to eliminate duplicate values for JSON Format
... View more
Labels
- Labels:
-
configuration
07-14-2020
06:58 PM
Hi, I am using below REST API https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export?output_mode=json&count=1&search=|savedsearch%20savedsearchname%20|search%20ProjectCode=1NN I need to include time in the above URL - Please let me know how to do it, in the saved search we have DateAndTime values, when I try to fetch the DateAndTime as I am fetching the Project Code its not working https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export?output_mode=json&count=1&search=|savedsearch%20savedsearchname%20|search%20ProjectCode=1NN%20|search%20DateAndTime=2020-07-14%2022:20
... View more
07-12-2020
05:06 PM
The Time which we give here is that in UTC?
... View more
07-09-2020
11:21 PM
I am using the below command. Is this correct? It not giving me the exact result (between 13:00 to 13:05) its fetching all the results, I could see the time values 12:00 also 15:00 curl -k -u admin:password -d search="savedsearch %22testsavedsearch%22" -d %22earliest%3d07%2f10%2f2020%3a13%3a00%3a00%20latest%3d07%2f10%2f2020%3a13%3a05%3a00%22 -d output_mode="json" https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export > time4.txt
... View more
07-09-2020
08:31 PM
Its not working curl -k -u admin:password -d search="savedsearch %22testsavedsearch%22" -d earliest="07/08/2020:10:00:00" latest="07/08/2020:10:30:00" -d output_mode="json" https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export > time2.txt I am getting error as Could not resolve host: latest=07; Name or service not known If I remove latest="07/08/2020:10:30:00" its working (How to include the latest time)
... View more
07-09-2020
08:09 PM
Hi, I am using below CURL to export data in JSON format, in this command, may I know how to add the exact date and time to search the results? For instance if I need to search the results from 8th of Wednesday 2020 10am (May i know how to give this time in command?) curl -k -u admin:password -d search="savedsearch %22testsavedsearch%22" -d earliest_time=-24h@h -d output_mode="json" https://splunk-api-url:8089/servicesNS/nobody/appname/search/jobs/export > json.txt
... View more
Labels
- Labels:
-
configuration
07-03-2020
04:40 AM
May I know how to write CURL command for a particular saved search called advanced_automation I am using below command, where I am getting error as no such saved search. curl -k -u admin:password -d "search=savedsearch advanced_automation" https://localhost:8089/services/search/jobs/
... View more
07-02-2020
01:51 AM
Hi 1. If suppose I need to view some particular index logs in putty, how to write a curl query ? 2. Question no. 1 should be seen for every 15 mins For Question 1, I used below query but getting error (>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.) curl -u adminuserid:password -k https://splunk.com/app/search/search?sid=gave that job id which we see in splunk u = user id k= ???
... View more
- Tags:
- api
06-29-2020
05:25 PM
@anilchaithu - I used access_timestamp but the query was not working with rising column, so we have added one more select statement in the start of the query. Now it is working fine.
... View more
06-29-2020
02:15 AM
How to set time range using REST API call
... View more
Labels
- Labels:
-
configuration
06-24-2020
01:04 AM
Hi, I have two different time values 2020-06-24 03:07:39,997Z 2020-06-24 03:07:39.990Z The first value has a comma(,) and the second value has a dot(.) How can I parse both the values. Any documentation on this?
... View more
Labels
- Labels:
-
time
06-23-2020
11:44 PM
06-21-2020
07:33 PM
Hi, I am trying to connect to Database using DB connect. When I choose Input type as Batch --> I am able to fetch the database and able to see the logs But when I choose as Raising --> with raising column --> access_timestamp I am getting this error --> org.postgresql.util.PSQLException: No value specified for parameter 1. Please let me know how to proceed further.
... View more
06-03-2020
01:30 AM
@gcusello
index=_internal "host1" --> able to see the logs
index=_internal "host2" --> able to see the logs
for host1 ---> I am able to see the logs into the particular index assigned.
Issue is only with host2
I am not able to see the logs for host 2 into the particular index. May I know what troubleshooting can be done?
... View more
06-03-2020
12:37 AM
Hi Team,
HF has been installed in a server, connectivity has been created to splunk, but we are not able to see any logs in splunk.
We have two different hosts.
For one of the hosts we are able to see the logs, but not able to see the logs for another host.
Note:
1) Host2 is using the same index name and log files are placed in same path as of host 1
... View more
- Tags:
- splunk-enterprise
05-28-2020
05:27 AM
05-28-2020
05:11 AM
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-14-2026
10:15 PM
|
Karma given to
