Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About vrmandadi
vrmandadi
Builder
Member since:
08-14-2015
10-20-2020
Community Statistics
| Posts | 532 |
| Solutions | 5 |
| Karma Given | 49 |
| Karma Received | 22 |
| Member Since | 08-14-2015 |
Activity Feed
- Posted Re: unable to find filename property for lookup splunk on Splunk Search. 10-19-2020 08:47 AM
- Got Karma for unable to find filename property for lookup splunk. 10-19-2020 08:43 AM
- Posted unable to find filename property for lookup splunk on Splunk Search. 10-19-2020 08:16 AM
- Karma Re: Will I get duplicate events if I have Multiple Heavy Forwarders (HF) having same inputs set up? for nickhills. 06-05-2020 12:51 AM
- Karma Re: Can we add new indexer through UI and what happens to the data when indexers are removed for nickhills. 06-05-2020 12:51 AM
- Got Karma for Re: Help in creating alert for sourcetype not receivng data. 06-05-2020 12:51 AM
- Got Karma for Re: Help in creating alert for sourcetype not receivng data. 06-05-2020 12:51 AM
- Karma Re: Can you help props.conf to break the event and mask the data? for somesoni2. 06-05-2020 12:50 AM
- Karma Re: Windows Monitoring Stanza help for richgalloway. 06-05-2020 12:50 AM
- Karma Re: Help with data masking for mayurr98. 06-05-2020 12:50 AM
- Karma Re: How to include "-" in between a field value? for gcusello. 06-05-2020 12:50 AM
- Karma Re: How to disable a index temporarily for Vijeta. 06-05-2020 12:50 AM
- Karma Re: How to get a trendline or show change when a value of a field is changed? for solarboyz1. 06-05-2020 12:50 AM
- Karma Re: How to convert hexadecimal IP to decimal for poete. 06-05-2020 12:50 AM
- Got Karma for help with regex. 06-05-2020 12:50 AM
- Got Karma for getting error for regex "exceeded configured match_limit, consider raising the value in limits.conf". 06-05-2020 12:50 AM
- Got Karma for HIGH CPU USAGE ON HEAVY FORWARDER WHERE AWS ADD ON IS INSTALLED. 06-05-2020 12:50 AM
- Got Karma for How to disable an index temporarily?. 06-05-2020 12:50 AM
- Karma Re: How to calculate the average of a field value for n number of days? for c_boggs. 06-05-2020 12:49 AM
- Karma Re: How to calculate the average of a field value for n number of days? for somesoni2. 06-05-2020 12:49 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-19-2020
08:47 AM
I did see that link before posting my question , that did not solve the issue
... View more
10-19-2020
08:16 AM
1 Karma
Hello , I see lot of warning internal logs for one of the csv which says unable to find filename property for lookup .Anyone had the same issue and how to troubleshoot it? Thanks in Advance
... View more
Labels
- Labels:
-
lookup
05-12-2020
01:19 PM
I have *nix add-on installed on all our linux machines and we get all the default data from the add-on , which source or sourcetype gives the user login details with root access.
I am trying get a list of all the users on hosts logged in as root.
Thanks in Advance!
... View more
03-27-2020
02:05 PM
Yes I checked everthing .
This worked for me.
[sourcetype]
SHOULD_LINEMERGE= false
LINE_BREAKER= ()(\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}.\d{3})
NO_BINARY_CHECK= true
MAX_DAYS_AGO= 2
... View more
03-27-2020
12:29 PM
Hello @richgalloway I tried this but it did not work . I am looking to break the events like below from the sample event
2020-03-27 00:00:00.003 [quartzJobExecutor-1] INFO c.c.c.r.c.s.r.i.BusinessAssetsForDataSetRecommenderDelegate - (dataset, asset): Starting model computation
2020-03-27 00:00:00.033 [quartzJobExecutor-1] INFO c.c.c.r.c.s.r.i.BusinessAssetsForDataSetRecommenderDelegate - (dataset, asset): # data set ids: 9 / # events: 0
2020-03-27 00:00:00.050 [quartzJobExecutor-1] INFO c.c.d.c.s.StatisticSchedulerJob - StatisticScheduler saving statistics for statistic
2020-03-27 00:00:00.050 [pool-9-thread-1] INFO c.c.d.core.statistic.StatisticBuffer - Persisting statistics
... View more
03-27-2020
10:52 AM
I have the following raw data and I am trying to break the individual events starting with timestamp and before another timestamp starts .
2020-03-27 00:00:00.003 [quartzJobExecutor-1] INFO c.c.c.r.c.s.r.i.BusinessAssetsForDataSetRecommenderDelegate - (dataset, asset): Starting model computation2020-03-27 00:00:00.033 [quartzJobExecutor-1] INFO c.c.c.r.c.s.r.i.BusinessAssetsForDataSetRecommenderDelegate - (dataset, asset): # data set ids: 9 / # events: 02020-03-27 00:00:00.050 [quartzJobExecutor-1] INFO c.c.d.c.s.StatisticSchedulerJob - StatisticScheduler saving <21> statistics for statistic 2020-03-27 00:00:00.050 [pool-9-thread-1] INFO c.c.d.core.statistic.StatisticBuffer - Persisting <21> statistics
Thanks in Advance
... View more
03-26-2020
06:50 PM
I have events with GMT time .I want to convert to EST.
Wed, 25 Mar 2020 21:43:31 GMT title="Webex Meetings: Users connecting to Webex Meetings may experience latency or failures joining computer audio"
Thanks in Advance
... View more
03-26-2020
03:06 PM
Hello ,
I have installed the syndication input app from splunk base https://splunkbase.splunk.com/app/2646/ .I gave the URL https://status.webex.com/history.rss and gave custom sourcetype and created new index=webex .But I see data going to index main and having source=/opt/splunk/var/spool/splunk/syndication___RSS_WEBEX_1585256859.14_12157.stash_syndication_input sourcetype=stash_syndication_input-too_small and does not recognize timestamp .I want to use the custom sourcetype and index so that the event breaks correctly and it recognizes the timestamp.How to create an input and which file to edit.
Thanks in Advance
... View more
03-26-2020
01:43 PM
Thanks.it went to index=main , I actually created a new index webex , but somehow it is overriding the sourcetype and index .Do you know how to change that
... View more
03-26-2020
01:22 PM
Thank you @richgalloway .What time format do I need to set for events which have Mar 25, 21:43 UTC as timestamp
... View more
03-26-2020
10:01 AM
Ya.I see that .I tried using the same one but did not get data into Splunk .Should I create a new input or disable and enable the existing ? .What settings you have made in the input like time interval ,Include only new or changed entries,Convert HTML to Text
... View more
03-26-2020
09:50 AM
What is the URL that you have used? .I used this URL https://status.webex.com/service/status?lang=en_US . If you see the URL that I sent ,you can see something like webex meeting , webex and it shows status operational .I am trying to get that data .Is that same as the URL you sent me or is it something different
... View more
03-26-2020
09:26 AM
I have a file that I am monitoring has time in epoch format milliseconds .What setting should be placed in the props.conf to convert it to human readable
... View more
03-26-2020
09:14 AM
I installed the add-on and gave the URL https://status.webex.com/service/status?lang=en_US but I dont see any data.I have attached a screenshot of the input created in the question
... View more
03-26-2020
08:42 AM
Is there an add-onn or way to get the RSS data for webex into splunk to know its health status? .I used https://splunkbase.splunk.com/app/2646/
Thanks in Advance
... View more
03-25-2020
02:32 PM
This worked.
[ alt ]
CHARSET=UTF-8
INDEXED_EXTRACTIONS=JSON
KV_MODE=JSON
LINE_BREAKER=([\r\n]+)
MAX_TIMESTAMP_LOOKAHEAD=60
NO_BINARY_CHECK=true
SHOULD_LINEMERGE=true
TRUNCATE=10000
category=Structured
description=JavaScript Object Notation format. For more information, visit http://json.org/
disabled=false
pulldown_type=true
TIME_PREFIX=(Date()\d+)\\/\"}]
... View more
03-25-2020
02:10 PM
Thank You @darrenfuller for your reply . I tried the props you told me but that did not work .
[alt ]
CHARSET=UTF-8
INDEXED_EXTRACTIONS=JSON
KV_MODE=JSON
LINE_BREAKER=([\r\n]+)
MAX_TIMESTAMP_LOOKAHEAD=25
NO_BINARY_CHECK=true
SHOULD_LINEMERGE=true
TRUNCATE=10000
category=Structured
description=JavaScript Object Notation format. For more information, visit http://json.org/
disabled=false
pulldown_type=true
TIME_PREFIX=(dateAdded:\s\/Date()\d+)\/}]
TIME_FORMAT=%s%3N
I am pasting the raw format of data how it looks like.the one in bold before collection id is what I am looking at
"dateAdded":"\/Date(1576263356219)\/"},{"addedById":"5d013cd01758d3c468","appId":"5d013d418c2cf","dateAdded":"\/Date(1576263482497)\/"},{"addedById":"5d013cd013c468","appId":"5d35d43d17588644c6c25","dateAdded":"\/Date(1576263489027)\/"},{"addedById":"5d013cd084d3c468","appId":"5e5dc7827acaa","dateAdded":"\/Date(1583177463548)\/"},{"addedById":"5d013cd01d3c468","appId":"5e5d5c7827af0c","dateAdded":"\/Date(1583177467959)\/"}],"collectionId"
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-20-2020
05:04 PM
|
