Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About tomapatan
tomapatan
Communicator
Member since:
09-27-2022
11-15-2024
Community Statistics
| Posts | 76 |
| Solutions | 6 |
| Karma Given | 16 |
| Karma Received | 4 |
| Member Since | 09-27-2022 |
Activity Feed
- Posted Help with the Splunk Add-on Builder - creating a custom Python app on Splunk Dev. 11-15-2024 06:35 AM
- Karma Re: Is it possible to loadjob a post-processed search? for nick405060. 11-06-2024 06:41 AM
- Karma Re: How to set loading order for panels? for woodcock. 10-03-2024 06:45 AM
- Posted Re: How to increase height of input text box html dashboard on Dashboards & Visualizations. 10-03-2024 01:20 AM
- Posted Re: How to increase height of input text box html dashboard on Dashboards & Visualizations. 10-03-2024 12:22 AM
- Posted Help with token setting and unsetting on Splunk Search. 09-18-2024 06:47 AM
- Posted Re: Conditional token usage on Dashboards & Visualizations. 08-15-2024 06:31 AM
- Karma Re: Conditional token usage for ITWhisperer. 08-15-2024 06:31 AM
- Posted Re: Conditional token usage on Dashboards & Visualizations. 08-15-2024 05:14 AM
- Posted Re: Conditional token usage on Dashboards & Visualizations. 08-15-2024 02:45 AM
- Posted Conditional token usage on Dashboards & Visualizations. 08-15-2024 02:00 AM
- Got Karma for Getting Microsoft Teams Data into Splunk?. 07-10-2024 12:26 PM
- Posted Re: How to get encrypted password fields during modular input parameters validation? on All Apps and Add-ons. 06-25-2024 07:58 AM
- Karma Re: how to change color for entire row for SanjayReddy. 04-23-2024 11:27 PM
- Karma Re: Table message when No results found. for MattZerfas. 04-10-2024 07:01 AM
- Posted Integrate Akamai Prolexic logs with Splunk on All Apps and Add-ons. 03-27-2024 03:57 AM
- Posted Re: Bug: Why are there duplicate values with INDEXED_EXTRACTION? on Getting Data In. 03-26-2024 07:05 AM
- Posted Re: Bug: Why are there duplicate values with INDEXED_EXTRACTION? on Getting Data In. 03-21-2024 08:30 AM
- Karma Re: How to identify drops in traffic with bucket and streamstats? for lguinn2. 03-19-2024 08:36 AM
- Posted Re: Splunk addon builder checkpoint on All Apps and Add-ons. 03-19-2024 04:56 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-05-2023
01:28 AM
Hi @MattHatter Did you find a solution to this ? We had exactly the same problem and we managed to get is resolved by editing the lookup_edit file (under Settings - User Interface - Views) as follows: <view template="lookup_editor:/templates/generic.html" type="html" isDashboard="true" isVisible="true">
<label> Lookup edit </label>
</view>
... View more
09-28-2023
11:53 AM
1 Karma
Hi @gcusello , Thanks for getting back to me. Turns out the splunk user did not have access to the pihole.log, only to the pihole-FTL.log files. Splunk started to ingest both files after I changed the permissions. Thanks, Toma.
... View more
09-27-2023
03:38 PM
My inputs.conf on the rasberryPi look like this: [monitor:///var/log/pihole.log]
disabled = 0
sourcetype = pihole
index = main
[monitor:///var/log/pihole-FTL.log]
disabled = 0
sourcetype = pihole:ftl
index = main Both log files exist in /var/log, but only one sourcetype gets sent to my indexer and that`s "pihole:ftl". Any assistance would be greatly appreciated.
... View more
Labels
- Labels:
-
configuration
08-17-2023
05:29 AM
Good point, The timestamps are quite old. What are the defaults for MAX_DAYS_AGO and MAX_DAYS_HENCE as I cannot see them being defined in the sourcetype settings ? Should I go ahead and define them ? Some of the data is older than 2000 days. Many thanks.
... View more
08-17-2023
05:23 AM
Hi, I`ve added a sample event and sourcetype configurations, hope this is enough information.
... View more
08-17-2023
01:40 AM
Hi Everyone,
Data coming in from an API is using the _indextime as the _time field because the timestamp format that is being sent is not recognised by Splunk.
An example of the timestamp would look like this:
2016-06-21T01:18:51-07:00
OR
2018-02-16T06:34:31-08:00
As you can see, an offset of -7 or -8 hours is being added to the time field.
The timestamp format we`re currently using for the sourcetype is:
%Y-%m-%dT%H:%M:%S%:z
This is no longer working after the sender made some changes to the timestamp, but I`m not entirely sure how to represent the new format.
Using Splunk Cloud.
Any help would be greatly appreciated.
Toma.
... View more
- Tags:
- sourcetype
- timestamp
Labels
- Labels:
-
sourcetype
07-05-2023
07:41 AM
Hi, We use a hybrid environment, so I could clone the dashboard and put it onto the SOC SH as a temporary workaround until the issue with the lookup editor affecting the main SH gets resolved by Splunk (we have a case open with them). Do you have any suggestions on how to setup a URL redirect from the existing dashboard to the temporary one ? Using Splunk v9. Many thanks.
... View more
07-04-2023
07:38 AM
Hi, We`ve got a dashboard sitting on a problematic SH and would like to clone and move it to another working SH. Is there a way to redirect the users to the newly created cloned dashboard ? Many thanks, Toma
... View more
Labels
- Labels:
-
other
06-29-2023
07:18 AM
Update: DBConnect is sending the logs to both our Cloud and On Prem instances - some events are missing from the Cloud indexer, although they are present on the local indexer. We`ve raised a support ticket with Splunk to investigate.
... View more
06-26-2023
04:49 AM
Hello, Can`t seem to find anything in the _internal index and the DB Connect Health dashboard doesn`t appear to be working. - I`m currently looking into this. "How are you verifying that you have missing records?" - I use the "delta" command to compute the difference between the current value of the rising column field and the previous value. The gaps are only present in the Splunk index and I can see all the rows incrementing as expected in the DB connection. - I also compared the total number of events with the total number of records in the database over a given period of a day and the results are inconsistent: most days they are correct, but every few days there is a discrepancy.
... View more
- Tags:
- hi
06-22-2023
08:06 AM
Hello, We ingest data from a database using rising columns, however a small amount of events are missing from the index, although I can see them in DBConnect. The field that we use as a rising column is set as an identity column so I`m expecting that each new value is generated based on the current seed & increment. Query timeout is set to 30 seconds, max rows to retrieve is 0 (maximum), fetch size is 300 and frequency is 60 seconds - from what I`ve observed this should be sufficient for our requirements. Any assistance would be greatly appreciated. Many thanks.
... View more
- Tags:
- dbconnect
Labels
- Labels:
-
other
06-05-2023
07:54 AM
Hi, The operational requirement is to run the report every minute, but I`m thinking to propose to run it every 5 mins outside of busy operational times. We do have enough resources to run the queries, but would still like to optimise the search and frequency as much as possible. Currently I`m using the report as a base search for my dashboard, but I`m not entirely sure how to call both of the reports, as suggested ? Many thanks.
... View more
06-02-2023
04:51 AM
Is it possible to add multiple cron schedules to a single base report ?
... View more
06-02-2023
03:50 AM
Hi,
I have a dashboard that runs off the back of a report that is scheduled to run every minute. I need to amend the report schedule to run every minute between the specified hours AND every 5 minutes outside those hours to save on resources.
My current cron expression looks like this:
*/1 * * * *
To run every minute between the specified hours, I could write something like this.
*/1 3-8,12-20 * * *
The question I have is how to add a clause to schedule the search to run every 5 minutes outside those hours?
Many thanks.
... View more
Labels
- Labels:
-
cron
04-20-2023
02:40 AM
How would I get this working for reports with a longer name format, for example: [REPORT] This is a test report I`ve tried to URL encode the characters without success: %5BREPORT%5D%20This%20is%20a%20test%20report
... View more
04-20-2023
02:13 AM
1 Karma
Hi Gregg, This is amazing, thanks for sharing, wish I could mark more than one answer as a solution. joao_amorim answer was addressing my basic question, but I can see how I can expand on the REST API topic using your solution. Many thanks, Toma
... View more
- Tags:
- other
04-20-2023
02:06 AM
Please ignore my previous answer, the report was set to private and this does in fact work. I had to add the "-o" (output) flag and specify where the file should go to as I didn`t know what the default location was.
... View more
04-20-2023
01:12 AM
Unfortunately it doesn`t work. I`m getting Error in 'savedsearch' command: Unable to find saved search named 'Test' Although the report definitely exists and is scheduled to run.
... View more
04-18-2023
06:26 AM
Hi Rich, I guess my question is what is the correct endpoint and what is the correct syntax for exporting the report as a CSV file ? I`ve looked at the "REST API Reference Manual", but couldn't really find my answer. Many thanks.
... View more
04-18-2023
06:13 AM
Sorry to bring up such an old topic, but would really appreciate if you could share an example.
... View more
- Tags:
- other
04-18-2023
05:49 AM
Hi,
I`m looking to export a scheduled report using the REST API but I`m struggling with the syntax.
I was able to run a new search inside "curl" and export it, but can`t seem to be able to do the same for saved reports.
Would be grateful if someone could help with the syntax for exporting the following report as a CSV file:
curl -k -H "Authorization: Bearer myValidToken" https://myValidDomain.splunkcloud.com:8089/servicesNS/userName/app/saved/searches/%20Test%20/history
... View more
Labels
- Labels:
-
other
04-11-2023
12:49 AM
Worked like a charm, much appreciated.
... View more
04-06-2023
01:28 AM
Hi Everyone, I`m learning about the Splunk REST API and I`m experiencing some temperamental behaviour, for example I can fetch results using the query listed below from some reports, but it fails for others, example below: curl -k -H "Authorization: Splunk myValidToken" https://myValidDomainName.splunkcloud.com:8089/services/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/acl Response: <?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Could not find object id=[LOOKUP] Active Directory Devices No2</msg>
</messages>
</response> The report name is correct. Have you got any suggestions for me ? Many thanks, Toma
... View more
Labels
- Labels:
-
other
04-03-2023
01:50 PM
Thanks for the reply. I`ve managed to create the token using a native user account and I can successfully query the Admin Config Services API, but I`m having issues getting data from the REST API, receiving a timed out message. curl https://[myValidStackName].splunkcloud.com:8089/services/saved/searches/ Am I using the correct endpoint ? Also, can the REST API be queried using the token, or do I have to provide credentials ? Many thanks.
... View more
04-03-2023
04:06 AM
I`m trying to query Splunk Cloud using the REST API so that I can export some data externally, however I`m not entirely sure how to download/install/configure the ACS Open API 3.0 specification. The Splunk documentation is a bit ambiguous.
I`m also unable to setup a new authentication token, receiving the error below. I`m using an admin account.
curl -u username:password -X POST https://admin.splunk.com/[myValidStackName]/adminconfig/v2/tokens {"code":"401-unauthorized","message":"{\"messages\":[{\"type\":\"ERROR\",\"text\":\"Unauthorized\"}]}. Please refer https://docs.splunk.com/Documentation/SplunkCloud/latest/Config/ACSerrormessages for general troubleshooting tips."}
... View more
Labels
- Labels:
-
using Splunk Cloud
- « Previous
-
- 1
- 2
- Next »
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-15-2024
02:39 PM
|
Karma given to
