×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
lee_melvin
Path Finder
Member since: ‎05-28-2014
‎08-26-2024
Community Statistics
Posts 12
Solutions 1
Karma Given 1
Karma Received 1
Member Since ‎05-28-2014
Activity Feed
View All

Re: Splunk TA for NetApp Data ONTAP - insufficient...

by in Splunk Enterprise
‎12-15-2022 12:47 PM
‎12-15-2022 12:47 PM
If this is still an issue for you a year and a half later, please take a look at my (redundant) question "Splunk_TA_ontap OntapPerf.py only fetches a subset of volumes".  There's a trivial modification to the OntapPerf.py file in the add-on, that will collect data for all volumes. ... View more

Re: Splunk_TA_ontap OntapPerf.py only fetches a su...

by in All Apps and Add-ons
‎12-15-2022 12:44 PM
‎12-15-2022 12:44 PM
I finally ran this one to ground, after several attempts over the last few months. The short form here is to modify Splunk_TA_ontap/bin/ta_ontap/OntapPerf.py, and change line ~500 from next_tag = ET.tostring(next_tag.getchildren()[0]) to next_tag = ET.tostring(next_tag.getchildren()[0], encoding="unicode")   As far as I can tell, the default encoding for the tostring function changed between XML modules in the Python 2 (Splunk 7.x) and Python 3 (Splunk 8.x) releases.  It used to default to some basic string, and changed to a byte stream.  If you look at the tostring definition in splunk/lib/python3.7/xml/etree/ElementTree.py line ~1134: stream = io.StringIO() if encoding == 'unicode' else io.BytesIO() I'm guessing that didn't happen in the earlier version of the xml module. Really hoping that Splunk will develop a (supported) complete replacement ONTAP add-on that leverages REST API instead of the current unsupported add-on using ONTAPI...   ... View more

Re: How to group events by a common directory pref...

by in Splunk Search
‎02-07-2017 03:17 PM
‎02-07-2017 03:17 PM
The 'streamstats | stats last(*)' construct is the concept I was missing. I ended up with a search rather like this: source=backup OR source=volume | eval fs_path=path | eval backup_path=ndmp_path | eval path=coalesce(fs_path, backup_path) | sort -path source | streamstats current=f reset_on_change=t values(path) as allpaths by server | eval idx=mvfind(allpaths, "^" + path) | eval match_path=if(isnotnull(idx), mvindex(allpaths, idx), path) | stats last(*) as * by server match_path | table server path fs_path backup_path I still have some details to work out, but its workable. Thanks! ... View more

Re: Splunk App for NetApp Data ONTAP: Why am I rec...

by in All Apps and Add-ons
‎10-11-2016 12:57 AM
‎10-11-2016 12:57 AM
We have exactly the same error and have created a support case for this. I will try to do as you suggested and will see how this plays out. ... View more

Re: How to graph a (non-cumulative) total of field...

by in Splunk Search
‎09-30-2016 03:35 PM
‎09-30-2016 03:35 PM
I came back to needing to do this again, dug around, and found a trivial solution (https://answers.splunk.com/answers/47101/complete-a-timechart-with-a-total-column.html) -- do the timechart, then just use | addtotals to get what I needed. Sigh. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-26-2024 02:27 PM
Karma from
View All
Karma given to
View All