Activity Feed
- Karma Re: How to get multiple Indexers Summary index data into Search head for somesoni2. 06-05-2020 12:48 AM
- Karma Re: In the Monitoring Console, why does Search Head Clustering dashboard display "no captain available"? for jmccallhbo. 06-05-2020 12:48 AM
- Karma Re: Splunk Alert for martin_mueller. 06-05-2020 12:47 AM
- Karma Re: fschange not working for rsennett_splunk. 06-05-2020 12:47 AM
- Karma Re: How to schedule alert every 3 hours? for martin_mueller. 06-05-2020 12:47 AM
- Karma Re: How to schedule alert every 3 hours? for ankireddy007. 06-05-2020 12:47 AM
- Karma Re: Why Splunk DB Connect is not properly importing data in Splunk after configuring an Oracle database input? for theouhuios. 06-05-2020 12:47 AM
- Karma Re: what is difference between two service now apps? for kristian_kolb. 06-05-2020 12:47 AM
- Karma Re: Splunk Alert for renems. 06-05-2020 12:47 AM
- Karma Re: Why am I getting two different date values in SQL and Splunk? for pmdba. 06-05-2020 12:47 AM
- Karma Re: how to blacklist events from file for martin_mueller. 06-05-2020 12:47 AM
- Karma Re: How to get the difference of time between 2 events for Ayn. 06-05-2020 12:47 AM
- Karma Re: DB Connect: Why am I getting "Error validating dbmonTail for monitor..." trying to create a database input? for pradeepkumarg. 06-05-2020 12:47 AM
- Karma Re: How to get list of host and source type which are not not sending data for last 24 hour. for alacercogitatus. 06-05-2020 12:47 AM
- Karma Re: Extract Field for MuS. 06-05-2020 12:47 AM
- Got Karma for What is the process to move an infrastructure from virtual machines to physical machines in our Splunk 6.1.3 environment?. 06-05-2020 12:47 AM
- Got Karma for What is the process to move an infrastructure from virtual machines to physical machines in our Splunk 6.1.3 environment?. 06-05-2020 12:47 AM
- Got Karma for DB Connect: Why am I getting "Error validating dbmonTail for monitor..." trying to create a database input?. 06-05-2020 12:47 AM
- Got Karma for what is difference between two service now apps?. 06-05-2020 12:47 AM
- Got Karma for select dropdown is not working. 06-05-2020 12:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 2 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-01-2016
11:16 AM
Hello Soni,
Thanks for the reply as i have described we are creating an generic app which can be used in clustered and non clustered environment. So how ill do the same thing in stand alone system.
and i am not aware about forwarding _internal and summary index logs from Non-indexers to the Indexers , Could you please describe this little bit.
Thanks
Gajanan Hiroji
... View more
04-01-2016
09:36 AM
Hey cook,
We are trying to get all data at one place and trying created an App which will help Splunk administrator in better way on Search Head without going to Each and every Splunk instance.
Thanks
Gajanan Hiroji
... View more
04-01-2016
09:34 AM
Hey Thanks Soni for the reply. One last question here how will configure Summary_index data from all the Non-indexers to Indexer cluster. Because this data is in Index Not in File.
... View more
04-01-2016
06:29 AM
Hello Guys,
Hope you are all doing well Splunking. Need little help here in 2 things .
1) We have infrastructure like 3 search head, 5 indexers, 1 deployment server , 1 master server and 1 license server.
We would like to index all the _internal logs from all the instances into "New index" and want to search those information on Search Head.
So it will like getting all _internal information at one place.
2) There are summary indexes on each and every instance how should i reindex that data into Indexes so that i can search that into Search head.. So how do i get all summary index data at one place?
Thanks
Gajanan Hiroji
... View more
11-04-2015
01:25 AM
Hello Thanks for the reply but how do you match Data column values with Name Column values with respect to particular number?
... View more
11-03-2015
05:47 AM
Hello All,
I have CSV data and it consists of 3 columns “Name”, “Number” and “Data”.
We need to filter out data based on the “Number” column first, and then check if the “Data” column has values which are there in the “Name” column for that particular value of “Number“ column.
Ex.
Name Number Data
Dragonfruit 4 Chocolate
Honey 4
Chocolate 4 Kiwi
Icecream 4
Custardapple 4 Error
Apple 4
and we need to first remove Data=Null
Final Output should be like this.
Name Number Data
Chocolate 4 Kiwi
Custardapple 4 Error
May I know how we can achieve this in a search?
Thanks
Gajanan Hiroji
... View more
07-07-2015
12:00 AM
1 Karma
Hey Alacer,
We have resolved it. There was a small mistake we have done.
<collection label="KPI Dashboards" >
<view source="unclassified" match="KPI_dashboard" />
</collection>
<Saved> replaced by <view>
Thanks for your help.
... View more
07-06-2015
11:23 PM
I have tried with giving single name like kpidashboard and match also same but also no luck.
... View more
07-06-2015
10:50 PM
Hey I tried doing this but no luck. I got https:///en-US/debug/refresh working but no luck after that also.
I am missing anything here
<view name="flashtimeline" default='true' />
<collection label="Service Management">
<collection label="KPI">
<collection label="KPI Dashboards">
<saved source="unclassified" match="kpi_dashboard" />
</collection>
</collection>
<divider />
And Dashboard name kpi dashboard testing so the ID of the dashboard will be kpi_dashboard_testing but also it is not coming.
Please help me out.
Thanks
Gajanan Hiroji
... View more
07-06-2015
06:32 AM
No luck after adding match="KPI_dashboard".
... View more
07-06-2015
06:18 AM
Hey Alacercog,
Thanks for your reply , I have changed the xml file and when i do https://splunk-4:8000/en-US/debug/refresh
I am getting following error.
500 Internal Server Error
Return to Splunk home page
TypeError: string indices must be integers, not str
... View more
07-06-2015
12:14 AM
Hello All,
I want to create the custom navigation. Below is the structure.
- KPI
- KPI Dashboards
- KPI Reports
- Match KPI
- Uptime
- Uptime Dashboards
- Uptime Reports
- Match Uptime
- Capacity Planning
- Capacity Dashboards
- Capacity Reports
- Match Capacity
I have created a view with the following details:
<collection label="Service Management">
<collection label="KPI">
<collection label="KPI Dashboards">
<saved source="unclassified" match="KPI dashboard" />
</collection>
<collection label="KPI Reports">
<saved source="unclassified" match="KPI report" />
</collection>
<collection label="Match KPI">
<saved source="unclassified" match="KPI" />
</collection>
</collection>
<divider />
<collection label="Uptime">
<collection label="Uptime Dashboards">
<saved source="unclassified" match="Uptime dashboard" />
</collection>
<collection label="Uptime Reports">
<saved source="unclassified" match="Uptime report" />
</collection>
<collection label="Match Uptime">
<saved source="unclassified" match="Uptime" />
</collection>
</collection>
<divider />
<collection label="Capacity Planning">
<collection label="Capacity Dashboards">
<saved source="unclassified" match="Capacity dashboard" />
</collection>
<collection label="Capacity Reports">
<saved source="unclassified" match="Capacity report" />
</collection>
<collection label="Match Capacity">
<saved source="unclassified" match="Capacity" />
</collection>
</collection>
<divider />
</collection>
This is only categorizing searches, not the dashboard.
I have created 3 dashboards with the names:
1. KPI Dashboard : Overview of KPI
2. Uptime Dashboard : Overview of Uptime
3. Capacity Dashboard : Overview of Capacity planning
But I am not getting Dashboard in the KPI dashboard, Uptime dashboard, and Capacity dashboard Menu bars.
Please help me out to get this.
Thanks
Gajanan Hiroji
... View more
01-29-2015
05:55 AM
thanks for these details.
Thanks
Gajanan Hiroji
... View more
01-29-2015
03:57 AM
Thanks a ton... this was very helpful
... View more
01-29-2015
03:36 AM
Dear All,
We have one production search head, three indexers clustered, a cluster master, and a deployment server. All running Windows 2k8 R2. Splunk version is 6.1.3
We planned to get data from some of the Linux box and we wrote an inputs.conf file but in inputs file we gave the wrong index name.
I wanted to give “oracledb” but we gave “oraclelog”
But when I searched for index usage in _internal index. Oraclelog say 28GB so but “oraclelog” index is not present on indexers so where the data is stored?
If it store on different index then which is that index name? How should copy to the data from one index to another index?
Because now if I correct the log file with “oracldb” index will not be able to get the data once from forwarder which is already indexed? How to do this?
Thanks in advance
... View more
01-23-2015
01:27 AM
2 Karma
Dear All,
We have two production search heads, three indexers clustered, a cluster master, and a deployment server. All running Windows 2k8 R2. Splunk version is 6.1.3.
We are moving all the infrastructure from virtual to physical machines so could you guys help me out here to understand the process?
Thanks in Advance
Gajanan Hiroji
... View more
11-20-2014
08:54 AM
Dear All,
We have created some alerts and we are calling a python script when that alert gets triggered.
How to troubleshoot that script is running or not?
In my python script we are writing a log file so that we can keep track of what the python script is doing. Sometimes its won't write anything in Log file, so we are not able to understand if the script is running or not
Thanks
Gajanan Hiroji
... View more
11-11-2014
08:32 AM
Hello Everyone,
I need to fetch data from one table from an Oracle database, but can we fetch data from a table without a unique ID present?
I am trying to do this using Database input connection of Splunk db connect app.
Thanks
Gajanan Hiroji
... View more
10-06-2014
08:00 AM
Hello,
I am able to see the data into splunk now thanks
Thanks
Gajanan Hiroji
... View more
10-06-2014
07:53 AM
Hello.
here is my new inputs.conf file
[dbmon-tail://qsync_svt/testingqsync]
host = usadac
index = test
output.format = template
output.timestamp = 1
sourcetype = testingqsync1
table = QSYNC_APP.Q_MESSAGE_DETAIL_EXC
tail.rising.column = ID
output.template = $ID$ | $TYPE$ | $PRECIS$ | $ORIGIN_ENV$ | $ORIGIN_DT$ | $LAST_DT$ | $LAST_ACTION$ | $DETAIL$ | $COUNT$ | $COMMENTS$
interval = auto
using this not able to index data into splunk
... View more
10-06-2014
07:48 AM
Hello.
But there is no column in table called STRATTIME.
... View more
10-06-2014
07:47 AM
I trying to pull all the data from the table so i am mentioned table name there.
... View more
10-06-2014
07:40 AM
Hello.
Here is the inputs.conf details.
[dbmon-tail://qsync_svt/testingqsync]
host = usadac
index = test
output.format = template
output.timestamp = 1
sourcetype = testingqsync
table = QSYNC_APP.Q_MESSAGE_DETAIL_EXC
tail.rising.column = ID
output.template = $STARTTIME$| $ID$ | $TYPE$ | $PRECIS$ | $ORIGIN_ENV$ | $ORIGIN_DT$ | $LAST_DT$ | $LAST_ACTION$ | $DETAIL$ | $COUNT$ | $COMMENTS$
still am not able to get the result properly.
Thanks
Gajanan Hiroji
... View more
10-06-2014
07:18 AM
Could you please help me out here where i have to do this?
This is my table shema.
column_name type nullable size decimal_digits radix
1 ID NUMBER NO 10 0 10
2 TYPE VARCHAR2 NO 255 0 10
3 PRECIS VARCHAR2 YES 4000 0 10
4 ORIGIN_ENV VARCHAR2 NO 255 0 10
5 ORIGIN_DT TIMESTAMP(6) NO 11 6 10
6 LAST_DT TIMESTAMP(6) NO 11 6 10
7 LAST_ACTION VARCHAR2 YES 255 0 10
8 DETAIL CLOB YES 4000 0 10
9 COUNT NUMBER NO 10 0 10
10 COMMENTS CLOB YES 4000 0 10
... View more
10-06-2014
06:58 AM
I am getting key value pair values in splunk here are the details of regex.
[dbmon:kv]
SHOULD_LINEMERGE = false
LINE_BREAKER = ([\r\n]+)
... View more
