Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About shahid285
shahid285
Path Finder
Member since:
11-05-2018
10-31-2020
Community Statistics
| Posts | 34 |
| Solutions | 2 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 11-05-2018 |
Activity Feed
- Karma Re: Can we fetch the last available data in an index , which is not ingested in the last 24hrs? for kmorris_splunk. 06-05-2020 12:50 AM
- Got Karma for Re: timechart when span set to a week gives a different values , in comparison to span set to a day for a duration of a week.. 06-05-2020 12:50 AM
- Posted Re: failed to connect using client.connect on Splunk Dev. 08-30-2019 12:12 AM
- Posted Re: Can we fetch the last available data in an index , which is not ingested in the last 24hrs? on Getting Data In. 05-29-2019 11:21 PM
- Posted Re: Splunk SDK: service.jobs.oneshot not working under multithreading. on Splunk Dev. 05-29-2019 11:00 PM
- Posted Can we fetch the last available data in an index , which is not ingested in the last 24hrs? on Getting Data In. 05-29-2019 04:00 AM
- Tagged Can we fetch the last available data in an index , which is not ingested in the last 24hrs? on Getting Data In. 05-29-2019 04:00 AM
- Tagged Can we fetch the last available data in an index , which is not ingested in the last 24hrs? on Getting Data In. 05-29-2019 04:00 AM
- Tagged Can we fetch the last available data in an index , which is not ingested in the last 24hrs? on Getting Data In. 05-29-2019 04:00 AM
- Posted Re: Splunk SDK: service.jobs.oneshot not working under multithreading. on Splunk Dev. 05-28-2019 04:15 PM
- Posted Re: Splunk SDK: service.jobs.oneshot not working under multithreading. on Splunk Dev. 05-28-2019 12:24 PM
- Posted Re: Splunk SDK: service.jobs.oneshot not working under multithreading. on Splunk Dev. 05-28-2019 12:00 PM
- Posted Re: Splunk SDK: service.jobs.oneshot not working under multithreading. on Splunk Dev. 05-28-2019 11:40 AM
- Posted Re: Splunk SDK: service.jobs.oneshot not working under multithreading. on Splunk Dev. 05-28-2019 10:56 AM
- Posted Getting errors while executing Splunk SDK script: "NoneType' object has no attribute 'startswith". on Splunk Dev. 05-28-2019 02:43 AM
- Tagged Getting errors while executing Splunk SDK script: "NoneType' object has no attribute 'startswith". on Splunk Dev. 05-28-2019 02:43 AM
- Tagged Getting errors while executing Splunk SDK script: "NoneType' object has no attribute 'startswith". on Splunk Dev. 05-28-2019 02:43 AM
- Tagged Getting errors while executing Splunk SDK script: "NoneType' object has no attribute 'startswith". on Splunk Dev. 05-28-2019 02:43 AM
- Tagged Getting errors while executing Splunk SDK script: "NoneType' object has no attribute 'startswith". on Splunk Dev. 05-28-2019 02:43 AM
- Posted Can you help me resolve this failed to reap viewstate error? on Monitoring Splunk. 04-01-2019 09:14 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
06-08-2022
10:48 PM
I don't know if you're aware of it but you've just dug up a thread that's almost 7 years old. Also, your problem is indeed similar, but different. So you'll get a best chance of receiving help if you start a new thread (you can post a link to this threaf for reference if you did try something based on the solution presented here). And paste your event sample in a preformated or code block so it stays properly indented - it's much more readable that way.
... View more
05-29-2019
11:21 PM
@kmorris_splunk : Thanks a lot, your solution worked as expected
Thanks again!
Shahid
... View more
05-29-2019
11:35 PM
it should be possible, it's described here, but not sure how to do it 😞
https://docs.splunk.com/DocumentationStatic/PythonSDK/1.1/client.html
... View more
04-01-2019
09:14 AM
Hi ,
I am getting the below error in splunkd.log, due to which, the data is not getting ingested.
Requesting help to resolve this.
ViewstateReaper - Failed to reap viewstate *:fwkc7yq6 (user: nobody, app:APPLICATION, root: /opt/ci/splunk/etc): Not removable: /nobody/APPLICATION/viewstates/*:fwkc7yq6
Thanks,
Mohammed Shahid Nawaz
... View more
03-29-2019
03:18 AM
HI @renjith.nair ,
Thank you for the response, my situation and concern is to write an event to an index through SPL. For which i had requested suggestion here.
https://answers.splunk.com/answers/736766/is-there-a-possibility-to-write-an-event-to-splunk.html
The suggestion to my posted issue here, was to use collect command. but in order to use collect command, i further found that it needs summary index to be configured. Hence, i configured one. but even post that i am not able to get things working in my favour.
the following is the savedsearches.conf changes made to enable summary indexing, and below is the query i am using to write an event to an index.
savedsearches.conf
[xxxx_capacity_threshold]
action.summary_index = true
action.summary_index._name = xxxxx
action.email.useNSSubject = 1
alert.track = 0
search = index="$param$-xxx" sourcetype="xxx" | table maxPercentage percentage
Query (with collect command)
| makeresults | eval raw = "{\"maxPercentage\":\"70\", \"percentage\":\"90\"}" | table _raw | collect index="xxxxxx-xx" file="new_settings$timestamp$.stash" sourcetype="xxxxxx" addtime=true testmode=false
Thanks
Mohammed Shahid Nawaz
... View more
03-28-2019
11:07 AM
Guys, Still waiting for update on the solution, need it badly. Please help 🙂
... View more
03-27-2019
08:19 AM
1 Karma
After multiple and repeated attempts, the query was unable to return data like the week starting from today, hence i had to go the span of 1w@w1, where the weeks starts from Monday and ends in Sunday. The problem with this approach is the return of additional days data (>30) even when the earliest is set to last 29 days from today.
The following is the query,
index="83299-aci" sourcetype="_internal" earliest=-29d@w1 latest=+1d@d-1s | timechart span=1w@w1 sum(auditsCount) as "count" |eval timeTp=strftime(_time,"%Y-%m-%dT%H:%M:%S%:z") | eval today=relative_time(now(), "@d")|eval yesterday=relative_time(now(), "+1d@d-1s")|eval yesterday = strftime(yesterday,"%Y-%m-%dT%H:%M:%S%:z")| eval weekend=_time+604799 | eval currentWeekend=today-518400 |eval currentWeekend = strftime(currentWeekend,"%Y-%m-%dT%H:%M:%S%:z")|eval weekend=strftime(weekend,"%Y-%m-%dT%H:%M:%S%:z")| eval minTime =min(_time)| eval diff = (today - minTime)| eval diff = round(diff/60/60/24) | eval minTime = strftime(minTime,"%Y-%m-%dT%H:%M:%S%:z") | eval _time = strftime(_time,"%Y-%m-%dT%H:%M:%S%:z")|eval dayBefore =(today-1)|eval dayBefore=strftime(dayBefore,"%Y-%m-%dT%H:%M:%S%:z") | eval tonight =(today+(86400-1))|eval tonight=strftime(tonight,"%Y-%m-%dT%H:%M:%S%:z")| eval today = strftime(today,"%Y-%m-%dT%H:%M:%S%:z")| eval week = case((diff=0),today+" - "+tonight,(diff <= 7),_time+" - "+tonight,(diff > 7) ,_time+" - "+weekend) | eval count = if(count!="" or count != NULL, count,0 ) | table week count
Thank you for your support @DMohn
Regards
Mohammed Shahid Nawaz
... View more
05-17-2019
11:55 AM
1 Karma
Use splunk SDK 1.6.5.0 with gson 2.8.2. This set up works for me fine.
... View more
11-09-2018
01:33 AM
@shahid @adonio
yes i get thats what TIME_PREFIX will do
TIME_PREFIX = \"requested_on\":\s
tune this
"requested_on": "2015-07-12 06:47:51",
... View more
08-30-2019
12:48 AM
@shahid285
Not sure about your exact issue, So can you please refer below link for that?
https://answers.splunk.com/answers/609126/ssl-error-while-trying-to-connect-to-splunk-web-fr.html
... View more
05-17-2019
11:54 AM
Use splunk SDK 1.6.5.0 with gson 2.8.2. This set up works for me fine.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-31-2020
02:51 PM
|
