Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About Bhuavana
Bhuavana
Explorer
Member since:
05-21-2014
06-05-2020
Community Statistics
| Posts | 38 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 1 |
| Member Since | 05-21-2014 |
Activity Feed
- Karma Re: How to correct my regex to extract text from two or more lines? for Venkat_16. 06-05-2020 12:47 AM
- Karma Re: Will Splunk DB Connect work with a Splunk Free license? for aweitzman. 06-05-2020 12:47 AM
- Got Karma for Where to find the python.log for details on an error that occurred while generating a PDF report?. 06-05-2020 12:47 AM
- Posted How to dynamically put today's date in the source field of an xml input value? on Splunk Search. 02-02-2015 10:17 PM
- Posted Re: Where to find the python.log for details on an error that occurred while generating a PDF report? on Splunk Dev. 01-21-2015 10:48 PM
- Posted Where to find the python.log for details on an error that occurred while generating a PDF report? on Splunk Dev. 01-21-2015 10:42 PM
- Tagged Where to find the python.log for details on an error that occurred while generating a PDF report? on Splunk Dev. 01-21-2015 10:42 PM
- Tagged Where to find the python.log for details on an error that occurred while generating a PDF report? on Splunk Dev. 01-21-2015 10:42 PM
- Posted Why python file executes successfully to add data to an index through Splunk Python SDK, but no events are found in the index? on Splunk Dev. 12-23-2014 04:09 AM
- Tagged Why python file executes successfully to add data to an index through Splunk Python SDK, but no events are found in the index? on Splunk Dev. 12-23-2014 04:09 AM
- Tagged Why python file executes successfully to add data to an index through Splunk Python SDK, but no events are found in the index? on Splunk Dev. 12-23-2014 04:09 AM
- Posted Re: Is it possible to integrate splunk with non relational databases using Splunk DB Connect? on Knowledge Management. 12-07-2014 09:52 PM
- Posted Re: Why can't I find the JDBC Scripted Input app in splunkbase? on All Apps and Add-ons. 12-04-2014 10:09 PM
- Posted Why can't I find the JDBC Scripted Input app in splunkbase? on All Apps and Add-ons. 12-04-2014 02:36 AM
- Posted Will Splunk DB Connect work with a Splunk Free license? on Security. 12-03-2014 02:27 AM
- Tagged Will Splunk DB Connect work with a Splunk Free license? on Security. 12-03-2014 02:27 AM
- Posted What are the differences between Splunk DB Connect and the jdbc scripted input app? on All Apps and Add-ons. 12-01-2014 01:16 AM
- Posted Is it possible to integrate splunk with non relational databases using Splunk DB Connect? on Knowledge Management. 11-30-2014 09:07 PM
- Posted How to correct my regex to extract text from two or more lines? on Splunk Search. 11-11-2014 03:09 AM
- Tagged How to correct my regex to extract text from two or more lines? on Splunk Search. 11-11-2014 03:09 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-03-2015
01:16 AM
3 Karma
Hi Bhunavana,
take this example:
index=_internal [| gentimes start=-1 | eval source="foo.boo-" + strftime(now(), "%Y-%m-%d") | return source]
this will translate to this Splunk litsearch:
litsearch index=_internal source="foo.boo-2015-02-03"
So using your provided search try something like this:
index=test [| gentimes start=-1 | eval source="/env/transactionlog/aaa_Logs/TL_aaa_WUCARD_LOOKUP_" + strftime(now(), "%Y-%m-%d") + ".xml" | return source ] | rex field=_raw "(?P[^<]+)" | stats count by Tran
Hope this helps ...
cheers, MuS
... View more
05-06-2020
04:15 AM
As long as you've properly setup internal log forwarding as per best practices... this search will show the python logs.
index=_internal sourcetype=splunk_python
... View more
12-16-2014
02:46 PM
Hi @Bhuavana
Looks like someone answered that question in your other post.
http://answers.splunk.com/answers/200608/what-are-the-differences-between-splunk-db-connect.html
Seems like that had experience with the jdbc scripted input app when it still existed, but as of now, there is only Splunk DB Connect which is more all encompassing.
... View more
According to http://docs.splunk.com/Documentation/DBX/1.1.5/DeployDBX/Deploymentrequirements :
"Splunk DB Connect has not been tested and is not supported with Splunk Free."
... View more
12-12-2014
02:32 AM
The splunk db connect lets you enrish and combine your machine with database data
While jdbc scripted input app it is app use to querying database (Sql server logs)
... View more
12-07-2014
09:56 PM
Correct me if I am wrong but tcph is mentioned as a database name in the above link. right?
Apart from that did you follow the instructions and restatred splunk after making those changes stated in the above document??
... View more
11-11-2014
04:24 AM
1 Karma
hi Bhuavana,
ClientIp=\d{12}\s\:\s\-\s(?P<msg>(.|\r)+?)\(No\ssuch\sfile\sor\sdirectory\)
please try this...
Thanks,
Venkat
... View more
11-10-2014
11:12 PM
I need to extract message like [for ex: Exception while getting fileApolloWhitelistedCredentials.properties ResourceHandler:getConfirationProperties()
java.io.FileNotFoundException: /apps/mobiliser5.1.0/02/money/conf/ApolloWhitelistedCredentials.properties (No such file or directory] from above logs.
Similar to above text, from above logs text which starts next to : - and ends at [at]
... View more
11-18-2014
11:12 PM
1 Karma
Hi Bhuavana,
In the below code I have performed the dynamic drilldown by passing the exceptiontype as token. You just need to include the stanza ..
<chart>
<searchString>index=test exception_type=* | timechart count by exception_type</searchString>
<earliestTime>0</earliestTime>
<latestTime>now</latestTime>
.....
<drilldown>
<link>/app/your_app_name/your_next_dashboard?form.exceptiontype=$click.name2$</link>
</drilldown>
</chart>
... View more
11-06-2014
02:29 AM
Thanks a lot.. above solution is worked...
... View more
11-03-2014
11:38 PM
thnx for your reply
... View more
10-16-2014
12:44 AM
You can find it out by copying that section in regex101.com and playing around. I found this:
During searchtime:
| rex "name:\s(?<DBname>\S+)"
Or in the field-extractor
(?m)name:\s(?<FIELDNAME>\S+)
... View more
09-19-2014
02:10 AM
By hiding do you mean hide chart untill drilldowm event occurs??
In that case you can use the depends-rejects while setting tokens.
Documentaion : http://docs.splunk.com/Documentation/Splunk/6.1.3/Viz/PanelreferenceforSimplifiedXML#set
You alsa have a similiar example in Splunk 6 Dashboard Examples App.
... View more
09-12-2014
12:42 AM
I need to hide 2nd chart based on the stats count value of one chart[the charts are placed up and down]. In Splunk 6.0 i have used html code to achieve this. But in 5.0.2 i dont have option to do.
... View more
09-11-2014
03:04 AM
Hi Martin,
Thanks for the update. I have applied the logic based on above code and it worked out. Thanks again!
... View more
08-17-2016
07:32 AM
Try the following:
search1.startSearch();
var revisionlabel= search1.data('results');
revisionlabel.on("data", function() {
var findrevisionlabel = revisionlabel.data().rows;
var output=findrevisionlabel [0][0];
});
... View more
07-28-2014
06:17 AM
Im using Splunk 6.0
... View more
07-18-2014
07:53 AM
Have a look at this. (advanced xml with sideview util 2.0 or above)
http://answers.splunk.com/answers/54481/can-i-hide-and-show-the-modules?page=1&focusedAnswerId=67916#67916
... View more
07-02-2014
06:06 AM
Take a look at the outputlookup command: http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/outputlookup
... View more
