Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About fabiocaldas
fabiocaldas
Contributor
Member since:
04-16-2013
10-02-2020
Community Statistics
| Posts | 90 |
| Solutions | 6 |
| Karma Given | 143 |
| Karma Received | 54 |
| Member Since | 04-16-2013 |
Activity Feed
- Got Karma for Re: How to display the count in piechart as labels. 06-07-2024 04:15 AM
- Got Karma for Re: Pie Chart data labels. 10-16-2023 06:52 AM
- Got Karma for Re: Display percentage on pie charts in Splunk 6?. 09-04-2023 07:29 PM
- Got Karma for Re: Pie Chart data labels. 04-27-2022 03:08 PM
- Got Karma for Re: Display percentage on pie charts in Splunk 6?. 11-07-2021 02:49 PM
- Got Karma for Re: Pie Chart data labels. 11-07-2021 02:48 PM
- Got Karma for Re: Why am I getting "Missing enough suitable candidates to create a replicated copy" building a multisite indexer cluster staging environment?. 10-20-2021 06:23 AM
- Got Karma for Re: Why am I getting "Missing enough suitable candidates to create a replicated copy" building a multisite indexer cluster staging environment?. 07-19-2021 09:48 AM
- Got Karma for Re: Pie Chart data labels. 03-20-2021 03:18 PM
- Karma Re: delete events from _internal index for somesoni2. 10-02-2020 06:43 AM
- Karma Re: What does "action.logevent.ttl" value represent? for harsmarvania57. 08-06-2020 05:40 AM
- Karma Re: how can we set the default search mode to verbose always. Can we set it from a config file. for DalJeanis. 06-30-2020 11:44 AM
- Karma Re: ITSI - Preview Aggregate Thresholds y-axis for MVREID. 06-29-2020 07:15 AM
- Karma Re: Is there a trial version that allows API access? for gcusello. 06-17-2020 06:14 AM
- Karma SmartStore on Azure? for port7. 06-05-2020 12:50 AM
- Got Karma for Re: SmartStore on Azure?. 06-05-2020 12:50 AM
- Karma Re: Splunk 7.0.0 on Mac failing to run for mattymo. 06-05-2020 12:49 AM
- Karma Re: How to get peak and average TPS for all the service call for xpac. 06-05-2020 12:49 AM
- Got Karma for Re: apply shcluster-bundle returning insufficient permission to access this resource. 06-05-2020 12:49 AM
- Karma Re: How to calculate a rolling percentage of growth between two values? for somesoni2. 06-05-2020 12:48 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
06-27-2016
12:19 PM
Created Croyal .. Case Number: 369323
... View more
06-27-2016
10:33 AM
I also can't see my data even using Mint.Flush command
... View more
06-16-2016
08:48 AM
I downvoted this post because it's not a real response
... View more
10-05-2015
11:38 AM
1 Karma
Hey muebel,
I already tested it by configuration file published by the master and it's works fine. Indeed I asked here to check if there was anyway to use the new web ui to publish it from the master, but ok I can wait for an upgrade in next versions 🙂
... View more
10-01-2015
08:26 AM
HttpEventCollector is an amazing and welcome feature from Splunk 6.3, but there is no documetation explaining how should it be set to work on clustering environment.
The documentation only teach how to set it on a single server, but I need to set it on my deployment server and send it to all peers node.
Anyone know how to do it?
... View more
09-27-2015
01:11 PM
Yes it helps, thanks I'm already creating my first tours 🙂
... View more
09-27-2015
11:49 AM
1 Karma
Hi,
During the Tour feature presentation on .Conf 2015, it was said that there were some searches that could be done to know which users already did the tours.
Anyone know how?
... View more
08-11-2015
01:25 PM
11 Karma
I used http://answers.splunk.com/answers/154860/how-to-aggregate-percentage-information-in-pie-chart-labels.html that works like a charm
<option name="charting.chart.showPercent">true</option>
... View more
08-11-2015
01:23 PM
9 Karma
I used http://answers.splunk.com/answers/154860/how-to-aggregate-percentage-information-in-pie-chart-labels.html that works like a charm
<option name="charting.chart.showPercent">true</option>
... View more
08-11-2015
01:23 PM
8 Karma
I used http://answers.splunk.com/answers/154860/how-to-aggregate-percentage-information-in-pie-chart-labels.html that works like a charm
<option name="charting.chart.showPercent">true</option>
... View more
05-15-2015
06:47 AM
I set a restrict search terms into a role and logged with a user associated with this role. On search view and the restrict search terms works fine. But when I start to created a pivot, based on a model that has the field used on restrict search terms I can see all data without filtering it.
That's terrivel since will allow the user to see more data than he should.
... View more
05-07-2015
09:23 AM
I'm facing this same WARN here in my Splunk 6.2.2 cluster and have no clues about it
... View more
05-05-2015
03:23 PM
Thanks martin_mueller, your anwser helped a lot !!
... View more
04-08-2015
12:16 PM
AWED, did you got any solution? I'm facing same problem to a role group
... View more
04-04-2015
08:56 PM
transtrophe did yout got any solution?
... View more
03-19-2015
10:29 AM
Did you tried v6.2.2 to see if it was fixed there? I'm also having same issue
... View more
02-09-2015
09:27 AM
I was using Kinesis Moduluar Input to consume 5 Kinesis queue on my Splunk 6.2 environment for last month and it was woking fine. Today I just upgrade the app and now it's giving me error like:
02-09-2015 17:06:26.272 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/kinesis_ta/bin/kinesis.py" Can't connect to Splunk REST API with the token [Splunk 2ScoSY4vwensp1G1PmP1O_rw2tQO3qM_7xk0yf4Amju2CSQG2aXUutgt6x9ldqvF44CLNze0uc7UHrKANy^PxsV6WasDmaZQJx_BLomQxVFI9WgPUJ_A0hApwES], either the token is invalid or SplunkD has exited : No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Any idea how to solve it?
... View more
02-09-2015
09:21 AM
I'm having this same problem with Amazon Kinesis Modular Input
... View more
01-28-2015
08:25 AM
Thanks richgallowaY for your help. At end the solution was much simplier I only use a regex to purge what I really don't want
That's was my solution after all:
props.conf
[source::/var/log/nginx/error.log]
TRANSFORMS-setJanusEdgeData = sendVarLogNginxErrorToPurge
transforms.conf
[sendVarLogNginxErrorToPurge]
REGEX = : unlink
DEST_KEY = queue
FORMAT = nullQueue
... View more
01-28-2015
08:22 AM
1 Karma
That's was my solution after all. Purge only what I don't want:
props.conf
[source::/var/log/nginx/error.log]
TRANSFORMS-setJanusEdgeData = sendVarLogNginxErrorToPurge
transforms.conf
[sendVarLogNginxErrorToPurge]
REGEX = : unlink
DEST_KEY = queue
FORMAT = nullQueue
... View more
01-28-2015
07:42 AM
You mean use only one transformation to discard? I think it doesn't work, but I will be testing it
... View more
01-28-2015
07:14 AM
I tried the regex that you gave above ** (?!: unlink)** on https://regex101.com/#python using the sample that I put on question but it give a match always. It's strange
... View more
01-28-2015
07:11 AM
I tried a transforms like
[sendToPurge]
REGEX = : unlink
DEST_KEY = queue
FORMAT = nullQueue
[sendToIndexing]
REGEX = .
DEST_KEY = queue
FORMAT = indexQueue
But i leave everything (including messages with unlink) to be indexed. Any sugestion?
... View more
01-28-2015
06:51 AM
Hi richgalloway, I just edited the question with the sample data that I don't wan't to index
... View more
01-28-2015
06:43 AM
1 Karma
For a sourcetype nginx log error, I would like to index everything except data that contains : unlink text. Eg:
2015/01/28 13:26:44 [crit] 29614#0: unlink() "/media/ephemeral0/cache/vtex_files_nginx/0/d4/9d3194ccb8b1e93e6e041ca812155d40" failed (2: No such file or directory)
This's the kind of message I don't want to index
So I created a props.conf
[source::/var/log/nginx/error.log]
TRANSFORMS-setJanusEdgeData = sendToPurge,sendToIndexing
and also a transforms.conf
[sendToPurge]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue
[sendToIndexing]
REGEX = ^((?!: unlink).)*$
DEST_KEY = queue
FORMAT = indexQueue
It's works fine leaving only messages without ": unlink" text to be indexed. Despite the success if I look at my indexing peers the splunkd.log file it's there messages like that one:
ERROR Regex - Failed in pcre_exec: Error PCRE_ERROR_RECURSIONLIMIT for regex: ^((?!: unlink).)*$
Where is the problem with regex? Or where I can change the RECURSIONLIMIT?
... View more
