cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
krithikar
Engager
Member since: ‎07-30-2018
‎07-25-2023
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-30-2018
Activity Feed
View All

ITSI deployment failing with error "Unterminated s...

by in Splunk ITSI
‎07-25-2023 08:20 AM
‎07-25-2023 08:20 AM
Hi All, Issue : ITSI deployment failing in preproduction with error "Unterminated string starting at: line 1 column 11371852 (char 11371851)" The process of deployment for ITSI is that we have a Standalone box where we try to create our services KPIs etc . and take a backup of that service and restore the changes in pre prod environment . while doing so the restorations fail with an error "Unterminated string starting at: line 1 column 11371852 (char 11371851)" ITSI Version: 4.13.2 Splunk version: 9.0.4 Steps tried :  1. Took a backup of the existing service (example service1) in qa, deleted that service1, and restored service1 back to qa - received the same error. 2. Deleted the service and then restored the standalone backup and still failed with the same error  3. created a new test service and KPI on the standalone and restored it in qa and still failed with the same error. Requesting assistance on this issue. I have been trying multiple things and requesting some help on the same. I will provide any additional information if required. ... View more
Labels

Re: Want to route my WMI data to nullqueue , but o...

by in Other Usage
‎04-21-2023 04:29 AM
‎04-21-2023 04:29 AM
I would not be able to do the above as I would want to retain other data coming through from these hosts and want to route data only from a specific source type.   IN my case the index is source type and sources are common and global as they are coming through for  wmi logs.  I would want to use my sourcetype in the transforms and  want to route this wmi data to null queue only for a set of servers     This is what i want to try , Will this work ?. [WinEventLog] TRANSFORMS-null_queue = setnull [setnull] REGEX =  (?ms)(ComputerName=ABCD*.domain.com) DEST_KEY=queue FORMAT=nullQueue Sample event : provide above ... View more

Re: How do I route based on host and source type?

by in Getting Data In
‎04-21-2023 02:50 AM
‎04-21-2023 02:50 AM
What if we have multiple hosts , say 500 and above can we mark and * to pick up all the host name . REGEX = (host*) If my host name starts with ABCD and if i say ABCD* will this work ?. Or say my events have these hosts under a field called computername  REGEX = (?ms)(ComputerName=ABCD*.domain.com) ... View more

Re: Want to route my WMI data to nullqueue , but o...

by in Other Usage
‎04-20-2023 03:57 AM
‎04-20-2023 03:57 AM
Thanks for reverting back,  [host::your_host] TRANSFORMS-null= setnull In the above, i can only add a specific host correct ?. i would want to route all the data from the hosts starting with abcdefg . Would I be able to do the below, so it would be able to pick all the hosts stating with abcdefg?. will this work?. [host : : abcdefg*] ... View more

Want to route my WMI data to nullqueue , but only ...

by in Other Usage
‎04-20-2023 02:47 AM
‎04-20-2023 02:47 AM
Hi All, I am trying to route my WMI data to a null queue but want to route data coming through from a specific group of hosts only. Example : The Windows WmI data is coming through from different group of hosts listed below  Hostgroup1 = ABCDEF hostgroup2 =  XXXXXX hostgroup3 = sssssssss The WMI events (example eventcodes , type, log source etc) are mostly common for all the hosts and hence if i use either of these common fields all of my data will be sent to null queue. I would want to only send Hostgroup1 which starts with ABCDEF , there are around 500+ hosts in the host group  starting with ABCDEF .  Could anyone suggest a way to only route data from the hostgroup1 to Null queue . 04/20/2023 07:01:10 PM LogName=Hello SourceName=Microsoft Windows logs. EventCode=1234 EventType=x Type=Information ComputerName=abcdefghijl2106.domain.abc.com TaskCategory=dynamic OpCode=Info RecordNumber=12345678 Keywords=Audit Success I am trying to write my transforms regex based on the computer name so it can only group the hostgroup1 starting with abcdef  hosts and route that data to null queue  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-25-2023 06:31 AM
Karma given to
View All