Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About kartm2020
kartm2020
Communicator
Member since:
03-10-2020
03-14-2024
Community Statistics
| Posts | 78 |
| Solutions | 3 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 03-10-2020 |
Activity Feed
- Posted Re: Splunk - Rest API - Curl - Failing with Unbalanced Quotes on Getting Data In. 03-14-2024 12:13 AM
- Posted Re: sendMail "From= " on Splunk Enterprise. 03-13-2024 11:35 PM
- Posted Re: How to merge the Single viz and table vis in same row in splunk dashboard XML on Splunk Enterprise. 12-11-2022 11:11 PM
- Posted How to merge the single viz and table vis in same row in Splunk dashboard XML? on Splunk Enterprise. 12-11-2022 02:28 AM
- Tagged How to merge the single viz and table vis in same row in Splunk dashboard XML? on Splunk Enterprise. 12-11-2022 02:28 AM
- Tagged How to merge the single viz and table vis in same row in Splunk dashboard XML? on Splunk Enterprise. 12-11-2022 02:28 AM
- Posted Re: Can we able to merge the column headers like excel on Dashboards & Visualizations. 11-25-2021 10:34 PM
- Posted Can we able to merge the column headers like excel on Dashboards & Visualizations. 11-25-2021 03:34 AM
- Posted Re: How to add the field values based on the criteria on Splunk Search. 11-02-2021 11:42 PM
- Tagged How to add the field values based on the criteria on Splunk Search. 11-02-2021 11:09 PM
- Posted How to add the field values based on the criteria on Splunk Search. 11-02-2021 11:07 PM
- Posted Re: Splunk search - How to search the fields1 values contains in field2 on Splunk Search. 08-22-2021 07:50 AM
- Posted Re: Splunk search - How to search the fields1 values contains in field2 on Splunk Search. 08-21-2021 02:16 AM
- Posted Re: Splunk search - How to search the fields1 values contains in field2 on Splunk Search. 08-21-2021 01:10 AM
- Posted Splunk search - How to search the fields1 values contains in field2 on Splunk Search. 08-20-2021 07:21 AM
- Posted Data is not rolling out from warm to Cold bucket on Splunk Enterprise. 06-10-2021 02:27 AM
- Posted Sending CSV file from application server to splunk via HTTP Event collector on Getting Data In. 05-24-2021 06:38 AM
- Karma Re: Javascript - Splunk onclick function not working on second click in same row for kamlesh_vaghela. 06-05-2020 12:51 AM
- Posted Re: Javascript - Splunk onclick function not working on second click in same row on Splunk Dev. 06-01-2020 11:50 PM
- Posted Re: Javascript - Splunk onclick function not working on second click in same row on Splunk Dev. 06-01-2020 06:29 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-18-2019
03:06 AM
Hi Vikcee,
Please try the below regex. Hope this helps you to find it.
rex field=_raw """(?P[A-Z][a-z]+)"""
... View more
10-18-2019
02:57 AM
Status field has only one value(either "STATE UP" or STATE DOWN" in each event.
Values are unique between src destination and port
... View more
10-17-2019
10:47 PM
Hi moliminous,
I have used your query but still i am getting both values like state up and state down for each src and destination.
But i need the latest event field value.
... View more
10-17-2019
06:39 AM
Hi Jacobevans,
Thank you for the query. But i am expecting the different results. In netscaler, The events will trigger when there is a status change from UP to DOWN or DOWN to UP. I would like to display the latest status with respect to source and destination. You query gives all the results which is not expected one
Example : I have 3 events
10/17/19 7:05 PM : Status was DOWN
10/17/19 7:06 PM : Status was UP
10/17/19 7:07 PM : Status was DOWN
expected out put should be the current status, Like below:
STATE was DOWN(Because this status is the latest)
... View more
10-17-2019
05:25 AM
Search query :1
index="main" earliest=06/01/2019:00:00:00 latest=now | stats first(status) by src destination port
Search query : 2
index="main" earliest=06/01/2019:00:00:00 latest=now | stats latest(status) by src destination port
I have used first and latest command in stats.
There 2 status in the events like "STATE UP" and "STATE DOWN". I would like fetch the latest event with latest status field. But if i am searching the above query it is showing the both.(STATE UP and STATE DOWN). I would like display the latest either "status up or status down".
Someone help me to find the solution.
Current Results:
src destination port first(status)
XXX YYY 443 State DOWN
XXX YYY 443 State UP
... View more
10-17-2019
05:17 AM
We have got the solution for this issue.
This is happened due to replication behavior in SH cluster environment. So we need to white-list the authentication.conf file in server.conf file like below.
3 different applications in Azure AD for 3 different SH's with different Endpoints should be the correct approach. Since authentication.conf is white-listed, the configuration wont be replicate on each search head.
~/SPLUNK_HOME/etc/system/local/server.conf
under [shclustering] stanza
check whether this Parameter is false or not in each SH.
conf_replication_include.authentication = false.
then go ahead and restart all the 3 SH's altogether. Not one by one it has to be restarted all the 3 SH's together.
Once restarted verify that the replication of Authentication.conf is stopped or not.
it was worked in our environment.
... View more
09-13-2019
03:26 AM
Hi Giuseppe,
It is giving the expected result. But i need the difference the two fields and results should be in the third field as a percentage.
... View more
09-13-2019
02:32 AM
How can i compare the fields values with 1hour_before with latest fields values
... View more
09-12-2019
10:39 PM
Great. Thank you. How can i compare the fields values with 1hour_before with latest fields values
... View more
09-12-2019
07:08 AM
Hi,
We are monitoring the transaction count. I need to verify the results of last one hour, if there is any decrease in the count the alert needs to be generated.
For example :
7 AM to 8 AM - transaction count with fields
8 AM to 9 AM - I need to verify the fields values with 7AM to 8AM field values. If the count get decreased alerts needs to notified.
How to write the search for this scenario.?
Please suggest
... View more
- Tags:
- splunk-enterprise
Can anyone help me on this?
... View more
08-21-2019
01:11 AM
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/SAMLSHC
... View more
08-21-2019
01:10 AM
Hi, I have 3 SHs in a cluster. (XXX.XXX.XX.37,XXX.XXX.XX.38,XXX.XXX.XX.39). I have configured SAML with the Identity , Sign on URL as https://XXX.XXX.XX.37 in Azure SSO. I have followed the steps from splunk docs. Everything has been finished as per the doc. It is working also. Issue: 1. If I am trying to access .38 SH it is redirecting to .37 and same for .39 as well. 2. Scenario: If .37 is DOWN, SAML is not working if i trying to login into .38 or .39. It is trying to redirect into .37 which is already DOWN. 3. I have gone through below document, but i couldn't understand it. Can you someone explain me the step by step procedure for integrating SAML in Search head cluster.
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/SAMLSHC
... View more
Labels
- Labels:
-
SAML
08-12-2019
09:46 PM
Hope I answered your question.
... View more
08-07-2019
09:49 PM
Sorry for the late response. You are putting total as 3. Can you please put origin as 1 and total as 4. It might get work. Please let me know about the status.
... View more
08-05-2019
08:29 PM
No it wont. Because you have 4 nodes with rep factor of 3. total should always greater than or equal to rep factor. In your command you have written the total as 2. thats the reason it showing an error "total should be greater than or equal to replication_factor"
... View more
08-05-2019
07:30 AM
From your command it says total is 2. But your replication factor is 3. Replication factor is different from site replication factor.
The site_replication_factor replaces the standard replication_factor used with single-site clusters.
So it is not taking. If you have 3 nodes in your environment then it might get work.
If you are not setting any rep factor. by default it will take as origin:2,total:3.
Hope i have answered your question. Please let me know for more clarification.
https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/Sitereplicationfactor
... View more
08-05-2019
06:41 AM
https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/MultisiteCLI
When comes to the multisite cluster. You have to go with the default value and you cant reduce it. but you can increase it.
... View more
08-05-2019
06:21 AM
Can you please try the below command
splunk edit cluster-config -mode master -multisite true -available_sites site1,site2 -site site1 -site_replication_factor origin:2,total:3 -site_search_factor origin:1,total:2
... View more
I cant post the events. i want it to make it in a table format.
Column1 Column2
ROW1 --- Transaction1 67 56
ROW2 --- Transaction2 86 89
ROW3 --- Transaction3 99 110
... View more
I just want to do report like below:
11:10 PM 11:20 ...........
transactiontotal1 67 56
transactiontotal2 86 89
transactiontotal3 99 110
... View more
- Tags:
- splunk-enterprise
08-02-2019
12:39 AM
Wow great. It worked really. Thank you
I have changed the refresh time as i min in the hidden panel.
... View more
08-02-2019
12:38 AM
Wow great. It worked really. Thank you
I have changed the refresh time as i min in the hidden panel.
... View more
08-02-2019
12:08 AM
This XML code is working. but timestamp is not getting refreshed when i click the refresh button. But when i refresh whole web page it is getting refresh.
Please look into it
... View more
- « Previous
- Next »
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-14-2024
05:50 AM
|
