Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About mahesh27
mahesh27
Communicator
Member since:
09-02-2022
09-22-2024
Community Statistics
| Posts | 101 |
| Solutions | 0 |
| Karma Given | 23 |
| Karma Received | 2 |
| Member Since | 09-02-2022 |
Activity Feed
- Posted Error: Regex: Missing Closing Parenthesis on Dashboards & Visualizations. 09-22-2024 05:12 PM
- Karma Re: Issue with line breaker for richgalloway. 09-22-2024 05:03 PM
- Posted Issue with line breaker on Dashboards & Visualizations. 09-16-2024 04:14 PM
- Posted Logs not showing up on Dashboards & Visualizations. 09-10-2024 06:35 PM
- Posted Custom Alert Setup on Dashboards & Visualizations. 08-26-2024 11:55 AM
- Posted Re: Json logs not parsing properly. on Dashboards & Visualizations. 08-21-2024 07:39 AM
- Posted Json logs not parsing properly. on Dashboards & Visualizations. 08-21-2024 07:27 AM
- Posted Re: Custom text - Table on Dashboards & Visualizations. 07-23-2024 02:08 PM
- Karma Re: Custom text - Table for richgalloway. 07-23-2024 02:08 PM
- Posted Custom text - Table on Dashboards & Visualizations. 07-23-2024 01:16 PM
- Posted Re: Dynamic drop down from field values on Dashboards & Visualizations. 05-31-2024 08:20 AM
- Posted Re: Dynamic drop down from field values on Dashboards & Visualizations. 05-27-2024 07:07 AM
- Posted Re: Dynamic drop down from field values on Dashboards & Visualizations. 05-24-2024 11:30 AM
- Posted Dynamic drop down from field values on Dashboards & Visualizations. 05-21-2024 06:01 PM
- Tagged Dynamic drop down from field values on Dashboards & Visualizations. 05-21-2024 06:01 PM
- Posted How to get 1st 3 count on Splunk Search. 05-05-2024 06:14 PM
- Posted Re: Alert Query not working as expected on Splunk Search. 04-15-2024 06:27 PM
- Posted Re: Alert Query not working as expected on Splunk Search. 04-15-2024 05:54 PM
- Posted Alert Query not working as expected on Splunk Search. 04-15-2024 04:45 PM
- Posted Re: Need help to combine queries on Splunk Search. 04-12-2024 05:55 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
05-01-2023
06:30 AM
I am creating an alert where the time range should be from 7 to 18 and corn schedule is for 5 mins So in my alert if i give earliest=@d+7h and latest =@d+18h will this works?? And i dont want to receive alert after this time range. how i can do this??
... View more
04-25-2023
05:47 PM
When compared to original query with tstats query success, failed and total count is not matching. original query: index=app-cod-idx host_ip=11.123.345.23 sourcetype=code:logs |rex field =_raw "\|presentdata\:(?<COD_data>.*\|" |where isnotnull(COD_data) |eval Success=if(COD_data="0" OR COD_data="", "Success", null()) |eval Failed=if(COD_data!="0", "Failed", null()) |stats count(Success) as Successlogs count(Failed ) as Failedlogs count(COD_data) as totalcount
OUTPUT:
Successlogs
Failedlogs
totalcount
14
10
24
tstats query:
|tstats count where index=app-cod-idx host_ip=11.123.345.23 sourcetype=code:logs by PREFIX(cod-data=) |rename cod-data= as COD_data |where isnotnull(COD_data) |eval Success=if(COD_data="0" OR COD_data="", "Success", null()) |eval Failed=if(COD_data!="0", "Failed", null()) |stats count(Success) as Successlogs count(Failed ) as Failedlogs count(COD_data) as totalcount
OUTPUT:
Successlogs
Failedlogs
totalcount
1
0
1
... View more
Labels
- Labels:
-
using Splunk Enterprise
04-17-2023
01:32 PM
thank you for the information. can you please provide the drop down code for classic dashboard.
... View more
- Tags:
- Splunk Enterprise
04-14-2023
07:31 PM
Hi @woodcock, but my requirement is in studio dashboard. Can you please help on this
... View more
04-13-2023
03:31 PM
i am new to dashboard studio, i have 15 panels in my dashboard and i want to create a dropdown with 3 options as success, warnings and error success- 5 panels Warnings- 5 panels error-5 panels. So when i select success from the dropdown, only Success-5panels should display. when i select errors only error related panels should show up.
... View more
Labels
- Labels:
-
using Splunk Enterprise
04-05-2023
06:25 PM
Thank you @richgalloway Can you please let me know what roles and capabilities will be given in order to see cut service now action items while creating alerts.
... View more
04-04-2023
03:23 PM
I have many alerts in splunk, now i want to get the list of alerts where cut service now incident is configured. how can i get this???
... View more
Labels
- Labels:
-
using Splunk Enterprise
03-29-2023
02:32 PM
i have many alerts and reports which configured with particular email id(splunkdata@gmail.com) Now i want to change the email id to (splunklogs@gmail.com) How do i get the list of alerts and reports configured with this email id(splunkdata@gmail.com)
... View more
Labels
- Labels:
-
using Splunk Enterprise
03-26-2023
10:52 AM
Hi @richgalloway , if we use SEDCMD the --- lines are disappearing but i want that lines should display like shown below. how can i do that?? -------------------------------------------------------------
Time: 02/12/2021 01:45:05.777
Message: there is a exception error code gg456hhhrgh34567
type: application code
data: system
------------------------------------------------------------- -------------------------------------------------------------
Time: 24/12/2021 01:45:05.777
Message: there is a exception error code 897fghj56879hgj
type: application code jobs
data: system jobs
------------------------------------------------------------- -------------------------------------------------------------
Time: 28/12/2021 02:54:15.767
Message: there is a exception error code 89hjyt5643edhjjy656
type: application code error
data: system error
------------------------------------------------------------- --------------------------------------
Timeline: 12/02/2021 12:44:32.667
Message Details - Application code contains error at 12/02/2021 11:30:00.212
-------------------------------------- --------------------------------------
Timeline: 23/02/2021 10:23:22.124
Message Details - Application code contains error at 12/02/2021 08:20:10.100
-------------------------------------- --------------------------------------
Timeline: 24/02/2021 10:20:12.667
Message Details - Application code contains error at 24/02/2021 07:10:23.112
--------------------------------------
... View more
- Tags:
- Splunk Enterprise
03-25-2023
07:21 PM
i tried the blow props but ----- is coming down like this [sourcetype] LINE_BREAKER=[r\n]Timeline:\s\d{2}/\d{2}/\d{4}\s\d{2}:\d{2}:\d{2}.\d{3}|Time:\s\d{2}/\d{2}/\d{4}\s\d{2}:\d{2}:\d{2}.\d{3} TIME_FORMAT=%d/%m/%Y %H:%M:%S.%3N disabled=false truncate=50000 MAX_TIMESTAMP_LOOKAHEAD=40 should_linemerge=false Timeline: 23/02/2021 10:23:22.124
Message Details - Application code contains error at 12/02/2021 08:20:10.100
--------------------------------------
-------------------------------------- Time: 02/12/2021 01:45:05.777
Message: there is a exception error code gg456hhhrgh34567
type: application code
data: system
-------------------------------------------------------------
-------------------------------------------------------------
... View more
03-25-2023
03:31 PM
Hi All, below are the sample logs: can i get props for this sample logs.
-------------------------------------------------------------
Time: 02/12/2021 01:45:05.777
Message: there is a exception error code gg456hhhrgh34567
type: application code
data: system
------------------------------------------------------------- -------------------------------------------------------------
Time: 24/12/2021 01:45:05.777
Message: there is a exception error code 897fghj56879hgj
type: application code jobs
data: system jobs
-------------------------------------------------------------
-------------------------------------------------------------
Time: 28/12/2021 02:54:15.767
Message: there is a exception error code 89hjyt5643edhjjy656
type: application code error
data: system error
------------------------------------------------------------- --------------------------------------
Timeline: 12/02/2021 12:44:32.667
Message Details - Application code contains error at 12/02/2021 11:30:00.212
-------------------------------------- --------------------------------------
Timeline: 23/02/2021 10:23:22.124
Message Details - Application code contains error at 12/02/2021 08:20:10.100
-------------------------------------- --------------------------------------
Timeline: 24/02/2021 10:20:12.667
Message Details - Application code contains error at 24/02/2021 07:10:23.112
--------------------------------------
... View more
Labels
- Labels:
-
configuration
-
using Splunk Enterprise
03-16-2023
01:35 PM
Hi All, I have one universal forwarder which is reporting to DS and receiving internal logs, but i am not getting any data into index. Logs are present in the server. How to troubleshoot this kind of issues???
... View more
Labels
03-10-2023
08:07 AM
Search:
index=xxxxx host_ip IN(16.121.12.123 OR 16.121.12.124 OR 16.121.12.126 OR 16.121.12.128) sourcetype=xxxxxxx
|search "activity_status"=done
|eval results=if((like(response, "200"), "success", "failure")
|stats count(eval(result="success")) AS Overall_Success, count(response) as total
|eval Success_per=(Overall_Success/total)*100.0
|stats avg(Success_per) as SuccessPer
how can i write the condition like when my SuccessPer is <40 i need to see message like "The application is less thank 40 %, please check." If the SuccessPer is >40 then SuccessPer value should display. How can i do this???
... View more
Labels
- Labels:
-
using Splunk Enterprise
03-06-2023
02:34 PM
@ITWhisperer , Now i am getting the expected results, the mistake i did is in chart i was mentioning as chart sum(value), but i should mention as chart sum(diff). Thank you for your response, it helped me.
... View more
03-05-2023
12:40 PM
Hi @ITWhisperer . |chart sum(value) by home_feature, application_name I tried the above query but i am getting the output as: home_feature NULL ampt.gc.com 678 https:gtt.com 345 ggt.com 45678 gct.com 567 gtt.com 199 And also i tried the query |chart sum(value) over home_feature by application_name This is also giving same results as shown above.
... View more
03-03-2023
11:58 AM
Search:
index=xxxx sourcetype=xxxxx home_feature!=connectapp application_name IN(artical, login, management, pageout)
|table Description application _time count
|sort Description _time home_feature application_name
streamstats current=f window=1 values( Description) as desp values(home_feature) as app values(_time) as totaltime values (count) as totalcount
|eval siml=if(home_feature == app AND Description == desp, count - totalcount,0)
|eval siml2=if(siml <0, Count, siml)
|where siml2 > 0
|eval time=strftime(now(), %d/%m/%YT%H:%M:%S)
|stats sum(value) by home_feature, application_name
Output:
home_feature
application_name
sum(value)
ampt.gc.com
login
298
ampt.gc.com
pageout
2341
https:gtt.com
artical
4567
wcw.gft.com
management
678
app.df.com
login
499
rt.hj.com
pageout
567
tt.com
artical
345
ggt.com
management
178
but i need the output as shown below:
_time
home_feature
login
pageout
management
artical
03/02/2023T14:05:15
ampt.gc.com
298
100
678
567
03/02/2023T12:05:15
ampt.gc.com
345
345
12341
789
03/02/2023T11:05:15
https:gtt.com
100
45678
9087
4567
03/02/2023T10:05:15
wcw.gft.com
456
567
678
789
03/02/2023T09:05:15
app.df.com
900
345
23499
3215
03/02/2023T08:05:15
rt.hj.com
789
125
567
678
03/02/2023T06:05:15
tt.com
12
34
345
45
03/02/2023T04:05:15
ggt.com
23
14
178
34
how to achieve this?
... View more
Labels
- Labels:
-
using Splunk Enterprise
02-22-2023
10:52 AM
Hi All, i have one app in splunk and created inputs, under input i have Jira Query Language(JQL)......................project=IIT%20AND%20updated%3E-6h But now i need to add other project into it, the project is IIM, now i am not getting how to add in this JQL query. please help me on this.
... View more
Labels
- Labels:
-
using Splunk Enterprise
02-10-2023
07:16 AM
I have to set up an alert with corn schedule from 9pm to 7am. when i tried to get it from crontab it was not coming. how can i create the corn schedule for this timings.
... View more
Labels
- Labels:
-
using Splunk Enterprise
01-25-2023
02:19 PM
Query: index=apl-app-grap sourcetype=grap:apps source=*applications* host=xxxxxx |rex field =_raw "\|rank\:(?<Report>.*?)\|" |eval Pass=if(Report="0", "Pass", null()) |stats count(Pass) as Passed_Count output:
Passed_Count
700
But i need the output for day wise, suppose if i select 7 days i should get 7 rows (showing each day count) like shown below:
Passed_Count
100
100
100
100
100
100
100
... View more
Labels
01-16-2023
04:20 PM
Hi, i have 2 hosts and 2 sources, previously i was getting data from 2 sources, but now we have teardown and resdeployed existing servers. Due to that the host ips are same but host names got changed. but now i am getting data from 2 hosts but from only one source not getting data from 2nd source. how to troubleshoot this issue??
... View more
Labels
01-11-2023
12:49 PM
HI @richgalloway okay, but can you please tell me what are the other methods tocheck.
... View more
01-11-2023
10:56 AM
Hi @richgalloway , i could not see any option with name source type under settings.
... View more
01-11-2023
09:23 AM
Hi All, how can i know whether props has been defined to particular sourcetype. how can i check it.
... View more
Labels
- Labels:
-
using Splunk Enterprise
01-09-2023
10:20 AM
hi @richgalloway as it is showing correctly but in splunk the quotation events are getting clubbed together not breaking properly. what could be the reason behind it.
... View more
01-09-2023
08:10 AM
Hi @richgalloway i tried the below props but its not working as expected, it is taking up space, because of that for quotation events are not breaking properly all are getting into one event. please find the attached screenshot
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-22-2024
09:37 PM
|
Karma given to
