Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About MousumiChowdhur
MousumiChowdhur
Contributor
Member since:
07-13-2016
03-28-2023
Community Statistics
| Posts | 113 |
| Solutions | 3 |
| Karma Given | 20 |
| Karma Received | 43 |
| Member Since | 07-13-2016 |
Activity Feed
- Posted How to configure REST API endpoints to fetch data from Office 365 Admin Centre? on Splunk Enterprise. 03-28-2023 01:43 AM
- Got Karma for Re: High CPU usage on UF. 12-06-2021 06:46 PM
- Got Karma for How to import non native python libraries like pyMC in Splunk?. 10-19-2021 02:44 AM
- Got Karma for How to import non native python libraries like pyMC in Splunk?. 08-23-2020 11:58 AM
- Karma Re: Why is it not recommended to use deployment server for deploying config bundles to Search head cluster ? for manjunathmeti. 06-05-2020 12:51 AM
- Karma Splunk Machine Learning Toolkit: Error in Loading custom algorithm for bangalorep. 06-05-2020 12:50 AM
- Karma Re: What is origin when setting a Multisite Indexer Cluster? for somesoni2. 06-05-2020 12:50 AM
- Got Karma for Re: When using Splunk DB Connect, does dbxquery search consume license usage?. 06-05-2020 12:50 AM
- Got Karma for Re: Splunk DB Connect: Data not indexing. 06-05-2020 12:50 AM
- Karma How can I group field names to compare values within a specified time range? for deepashri_123. 06-05-2020 12:49 AM
- Karma Alert Manager functionality not working in search head clsuter environment for sandyIscream. 06-05-2020 12:49 AM
- Karma Re: Shell script execution after a search and outputcsv for anjambha. 06-05-2020 12:49 AM
- Karma how to pass parameters to embedded reports using token which will be pass through Iframe embedded URL for mayurr98. 06-05-2020 12:49 AM
- Karma Re: What is the best way to calculate resource usage of splunkd process on AIX servers? for sandyIscream. 06-05-2020 12:49 AM
- Karma Re: How to calculate percentage deviation for mayurr98. 06-05-2020 12:49 AM
- Got Karma for Is it possible in Splunk to know who has disabled a saved search and when?. 06-05-2020 12:49 AM
- Got Karma for Re: How can we figure out the size of KVStores and Lookups?. 06-05-2020 12:49 AM
- Got Karma for Is it possible in Splunk to know who has disabled a saved search and when?. 06-05-2020 12:49 AM
- Got Karma for Is it possible in Splunk to know who has disabled a saved search and when?. 06-05-2020 12:49 AM
- Got Karma for What is best approach to implement kv store to replace using lookups?. 06-05-2020 12:49 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 3 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 2 |
10-25-2018
04:13 AM
Hi @carlosumbc ,
Please use * instead of - and try.
[host::server*2.example.com]
TRANSFORMS-server2 = route_to_idx2
Let me know if that works.
Thank You!
... View more
10-24-2018
11:56 PM
Hi @jip31 ,
Can you try using * | fillnull value=0 ? Let me know if that's working for you.
Thank You!
... View more
10-24-2018
08:16 PM
Hi @woodcock ,
Ya I could get an output field clientip for the internal host names but not external host names. Later just found that resolving any external host names is out of scope for the available name server.
... View more
10-24-2018
06:23 AM
Hi,
After spending some time on troubleshooting, I found that the name server that is there for my Search heads can only resolve internal IPs/Hostnames. Resolving external IPs/Hostnames is out of scope for the name server.
Thank you.
... View more
10-18-2018
04:37 AM
Hi @Nadhiyaa,
Can you please confirm if you have got all the permissions required to fetch data?
... View more
10-17-2018
08:30 PM
Hi,
I am using external_lookup.py in Splunk to resolve the IPs/hostnames and get the respective hostnames/IPs. I could see that the python script is only able to resolve the internal IPs/hostnames but not external IPs/hostnames like www.google.com or so. I am assuming that because of the proxy it's not able to resolve the external IPs/hostnames. If anyone has tried this before, can you please guide me how can I achieve that?
Thank you!
... View more
10-17-2018
08:02 AM
Hey! Can you attach the screenshot? Also, if you could share a tad more information would be helpful to understand the problem.
Thanks.
... View more
10-17-2018
04:24 AM
Hi @abhishekgandhe
You can write a regular expression to extract the batch id and the true/false value.
Regex to extract batchId - (batchId)\s+\=\=\>(?P<batchID>\d+[^\=]+)
Regex to extract true/false value - batchId\s+\=\=\>[0-9a-f\-]+\=\=(?P<value>\w+[^\s+]+)
You can then find out all the events for which value="false" , get the respective batchId and set an alert.
Let me know if that works for you.
Thank You!
... View more
10-16-2018
09:05 PM
Hi @abhishekgandhe ,
Can you share a few sample events?
... View more
10-08-2018
09:16 PM
Can you provide a little bit more information like sample event or so?
... View more
09-26-2018
11:36 PM
3 Karma
Hi,
I am working on building some Bayesian model in Splunk which requires non native libraries to be imported like pyMC.
Has anyone tried out something like this and help me with ways to achieve this in Splunk? Also, I would like to know in which directory can I find the native libraries in PSC add-on.
Splunk version 7.1.2
ML Toolkit version 3.4
PSC version 1.3
Thanks!
... View more
05-31-2018
11:06 PM
Hi @marycordovacaa,
Does Splunk 7.0.0 version support this add on because I am not getting any data after doing the configurations?
Thank you!
... View more
05-31-2018
10:41 PM
Hi @lmorillogonzazlez,
Even I am getting the same error. Can you help me with how exactly you solved the issue?
Thank you!
... View more
05-31-2018
10:39 PM
Hi,
Inspite of doing all the configurations as per the document, I am not able to get data in Splunk. Kindly help me with what I am missing.
Thank you!
... View more
05-24-2018
01:41 AM
Hi,
I want to install Splunk Mobile App. I have android version 8.1.0 and iOS version 11.3 but I am unable to find the Splunk Mobile Access app in my play store and app store. May I know if this app only supports certain versions and why I am not able to find that in my play store/app store?
... View more
04-16-2018
03:28 AM
Hi,
I have multiple APIs in my log whose availability duration needs to be determined on daily basis i.e., from 00 to 24 hours based on active and inactive status, which means, it will have to check the status of the API from the last event of previous day to the first event of current day to check the status of that particular API. But to make any calculation on availability it will have to start the calculation only since 00 hour.
Kindly help to build the query, this is how far I've managed to go.
`urlendpoint`
| search endpoint=*
| eval Brand="xyz"
| eval status=case(like(elb_status_code,"2%") OR like(elb_status_code,"3%") OR like(elb_status_code, "505") OR like(elb_status_code, "510") OR like(elb_status_code, "511"), "active", like(elb_status_code,"4%") OR like(elb_status_code,"500"), "inactive")
| reverse
| streamstats current=f last(_time) AS last_time last(status) AS last_status by endpoint
| stats values(last_time) AS last_time values(last_status) AS last_status values(status) AS status by endpoint, _time Brand
| eval active_time=case(last_status="active", _time-last_time)
| eval inactive_time=case(last_status="inactive", _time-last_time) | eval day = strftime(_time, "%d")
| eval month=strftime(_time, "%m")
| eval Date = strftime(_time, "%d/%m/%y") | stats sum(active_time) AS active by day month Date Brand endpoint
| eval active=active/(3600)
| sort - month day
| fields - month
| fillnull value=0
Thanks!
... View more
03-16-2018
08:24 PM
Hi HealyManTech,
You can adjust the time span of the search in the dashboard panel according to the duration you would like to see the alert result for.
Also, webhook does let you make an alert message pop up. You can refer the below link which describes how to configure that.
https://docs.splunk.com/Documentation/Splunk/7.0.2/Alert/Webhooks
Hope that helps you!
Thank you.
... View more
03-16-2018
05:24 AM
Hi,
Actually you can create a dashboard whose search and time window will be same as that of your alert. This will help you see the alert result on a dashboard and you don't have to navigate to alert triggered page.
Thanks.
... View more
03-16-2018
02:57 AM
There needs to be a common field atleast time field to get the exclusion done.
... View more
03-15-2018
11:19 PM
Hi!
You can use the below query to display the result from both the lookups:
| inputlookup <lookupname> | appendcols [ | inputlookup <lookupname>]
Please let me know what exactly do you need to exclude further.
... View more
03-15-2018
04:46 AM
Hi brober27,
It would be better if you can provide sample logs to provide you with exact query but meanwhile you can take the reference of the below query to identify the error message with that specific error in your log. The below query is specifically for ERROR from splunk internal log.
index=_internal log_level=ERROR | rex "(ERROR)\s+(?P<ErrorMessage>.*)" | stats count by log_level ErrorMessage
You can add your own index name, rex and log level field name in the above search query.
... View more
03-15-2018
03:34 AM
1 Karma
Hi rmadhwan,
Please check if you have permission to the index within the app. Please check the link below which might help you.
https://helgeklein.com/blog/2017/07/troubleshooting-splunk-error-search-process-not-exit-cleanly/
Thanks!
... View more
03-14-2018
10:15 PM
Hi!
I just want to know that do you want to see the alert results somewhere other than the alert triggered page?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-28-2023
05:14 AM
|
Karma given to
