cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
johnoke
Explorer
Member since: ‎09-22-2016
‎11-03-2021
Community Statistics
Posts 10
Solutions 1
Karma Given 7
Karma Received 4
Member Since ‎09-22-2016
Activity Feed
View All

Re: install add-on: Error connecting to /services/...

by in All Apps and Add-ons
‎05-04-2020 08:45 AM
2 Karma
‎05-04-2020 08:45 AM
2 Karma
Yes it is. Actually got this to work from splunk web just by searching and installing from the manage apps page. The error was received after I downloaded and tried to install from file. Acceptable workaround for now. ... View more

install add-on: Error connecting to /services/apps...

by in All Apps and Add-ons
‎05-04-2020 07:42 AM
1 Karma
‎05-04-2020 07:42 AM
1 Karma
Ubuntu 18.04.4 LTS trying to install Python for Scientific Computing (for Linux 64-bit). I've seen other similar questions but no answers. this is Splunk Enterprise Version: 8.0.2.1 Build: f002026bad55 ... View more

Re: Install Splunk Add On Builder Error read opera...

by in All Apps and Add-ons
‎05-04-2020 07:39 AM
‎05-04-2020 07:39 AM
same here on Ubuntu 18.04.4 LTS trying to install Python for Scientific Computing (for Linux 64-bit) ... View more

Re: Setting up the Splunk Add-on for ServiceNow, w...

by in All Apps and Add-ons
‎05-04-2020 07:38 AM
‎05-04-2020 07:38 AM
same issue with Ubuntu 18.04.4 LTS ... View more

Re: Is it possible for Splunk to see the performan...

by in Getting Data In
‎10-05-2016 01:04 PM
‎10-05-2016 01:04 PM
I wonder if anyone has taken a look at this since the question was asked. Sybase ASE has a sp_sysmon stored procedure but the output is a messy large text file with difficult formatting. ideally, the output of the SP could be formatted differently, or the tables directly queried via db connect. Any updates on this? My client is definitely interested. ... View more

Re: How to calculate the duration of a single even...

by in Splunk Search
‎09-28-2016 09:06 AM
‎09-28-2016 09:06 AM
Thanks so much for pointing out the original issue and docs. %M:%S:%3N%P worked. ... View more

Re: How to calculate the duration of a single even...

by in Splunk Search
‎09-28-2016 09:05 AM
‎09-28-2016 09:05 AM
ah yes it was the colon vs the dot for millisconds. Took me forever to find that. Wow, great catch. Thanks to @MuS and @cusello! Great job. ... View more

Re: How to calculate the duration of a single even...

by in Splunk Search
‎09-28-2016 05:40 AM
‎09-28-2016 05:40 AM
I set up a field extraction (maybe that's the problem?) like this. I took the defaults after highlighting the 2 Transaction_Start,Transaction_End fields. I re-imported the sample below and the field extracts appear to work well. EXTRACT- Transaction_Start,Transaction_End Owner admin App search Permissions Owner App All apps Source type SAMPLE_CMLU Sample event 00007103-FFA4-4BF7-BB30-D3EE3F83807D|93075237|438A0E3E-CA6A-4320-8ABB-C7C7F40DBDD7|Processing|EADJ|Sep 19 2016 4:41:58:003PM|Sep 19 2016 4:41:59:390PM|cmcaclcl.cpp|2511|CMC_APP_CLAIMS_BASE::SetStatTime|cmcaclcl.cpp|2540|CMC_APP_CLAIMS_BASE::SetStatTime|E|1|Jan 1 1753 12:00:00:000AM Fields Transaction_Start,Transaction_End Regular Expression ^(?:[^\|\n]*\|){5}(?P[^\|]+)\|(?P[^\|]+) My search is this: host= | eval T_Start=strptime(Transaction_Start, "%b %d %Y %I:%M:%S.%3N%P"), T_End=strptime(Transaction_End, "%b %d %Y %I:%M:%S.%3N%P") T_Start and T_End are not displayed. It won't let me attach a file due to my karma deficiency, but here's a copy/paste of a few rows of data. 00002A81-A2E6-4F0C-BBE0-157D8CF8F2B1|93075229|BC433907-71D5-4F58-9135-F4E10FC5F066|XSQL.POSTSAVE|EXTM|Sep 19 2016 3:28:33:936PM|Sep 19 2016 3:28:34:060PM|ceraxmgr.cpp|652|CER_EXIT_MGR::CallExit|ceraxmgr.cpp|654|CER_EXIT_MGR::CallExit|E|1|Jan 1 1753 12:00:00:000AM 00002B07-4AF8-4CBF-97DD-03DF217D5952|93075275|CBAA78E2-4FB5-453C-B0B0-5D12AF04DEA6|XSQL.POSTSAVE|EXTM|Sep 19 2016 4:04:49:823PM|Sep 19 2016 4:04:49:933PM|ceraxmgr.cpp|652|CER_EXIT_MGR::CallExit|ceraxmgr.cpp|654|CER_EXIT_MGR::CallExit|E|1|Jan 1 1753 12:00:00:000AM 00006119-1E3E-4636-8596-0C8F9F85F57F|93075175|255A972F-9DCD-4676-9D07-A640BC53A2A0|XSQL.POSTSAVE|EXTM|Sep 19 2016 2:32:31:646PM|Sep 19 2016 2:32:31:706PM|ceraxmgr.cpp|652|CER_EXIT_MGR::CallExit|ceraxmgr.cpp|654|CER_EXIT_MGR::CallExit|E|1|Jan 1 1753 12:00:00:000AM 00007103-FFA4-4BF7-BB30-D3EE3F83807D|93075237|438A0E3E-CA6A-4320-8ABB-C7C7F40DBDD7|Processing|EADJ|Sep 19 2016 4:41:58:003PM|Sep 19 2016 4:41:59:390PM|cmcaclcl.cpp|2511|CMC_APP_CLAIMS_BASE::SetStatTime|cmcaclcl.cpp|2540|CMC_APP_CLAIMS_BASE::SetStatTime|E|1|Jan 1 1753 12:00:00:000AM 0000884A-F7F1-475C-9691-EEFAFA08AFD1|93075167| |Electronic Claim|EADJ|Sep 19 2016 4:57:15:016PM|Sep 19 2016 4:58:30:610PM|cmcaclcl.cpp|2511|CMC_APP_CLAIMS_BASE::SetStatTime|cmcaclcl.cpp|2540|CMC_APP_CLAIMS_BASE::SetStatTime|E|1|Jan 1 1753 12:00:00:000AM 0000A99A-87A3-41AB-8D4C-93DEBCD490BE|93075237|90321E52-5EF1-4E7B-B2F7-40CB60BCF248|PRESAVE|EXTT|Sep 19 2016 3:11:16:863PM|Sep 19 2016 3:11:17:160PM|ceraxmgr.cpp|562|CER_EXIT_MGR::CallExits|ceraxmgr.cpp|600|CER_EXIT_MGR::CallExits|E|1|Jan 1 1753 12:00:00:000AM 0000C487-7A06-44B5-B2ED-33C2C590A0A4|93075211|AD666596-797D-4385-8EFB-B9EB0A10322C|PRESAVE|EXTT|Sep 19 2016 1:35:02:923PM|Sep 19 2016 1:35:03:000PM|ceraxmgr.cpp|562|CER_EXIT_MGR::CallExits|ceraxmgr.cpp|600|CER_EXIT_MGR::CallExits|E|1|Jan 1 1753 12:00:00:000AM 0000C66E-EA51-4924-B862-36C9A946FC2D|93075207|B8260148-8FFD-4522-80A1-AB9B65255552|XSQL.POSTSAVE|EXTM|Sep 19 2016 2:24:34:376PM|Sep 19 2016 2:24:34:423PM|ceraxmgr.cpp|652|CER_EXIT_MGR::CallExit|ceraxmgr.cpp|654|CER_EXIT_MGR::CallExit|E|1|Jan 1 1753 12:00:00:000AM 0000E31F-A5DF-4207-B7B5-E33A13D4D9BD|93075175|F7C77CEB-00DA-4888-9551-68878576AE0E|POSTSAVE|EXTT|Sep 19 2016 1:59:42:586PM|Sep 19 2016 1:59:42:786PM|ceraxmgr.cpp|562|CER_EXIT_MGR::CallExits|ceraxmgr.cpp|600|CER_EXIT_MGR::CallExits|E|1|Jan 1 1753 12:00:00:000AM 0001151F-C540-4EE5-871A-69CC4EEC0881|93075267|797E20D7-C2CB-4F0C-9678-3DF66A0C562D|XSQL.POSTSAVE|EXTM|Sep 19 2016 2:23:10:956PM|Sep 19 2016 2:23:10:986PM|ceraxmgr.cpp|652|CER_EXIT_MGR::CallExit|ceraxmgr.cpp|654|CER_EXIT_MGR::CallExit|E|1|Jan 1 1753 12:00:00:000AM 00012937-948A-452F-A542-261F8C77FDEF|93075275|8225051D-67EB-4C4A-BBB5-0E13F6B0764E|POSTSAVE|EXTT|Sep 19 2016 5:02:13:290PM|Sep 19 2016 5:02:13:366PM|ceraxmgr.cpp|562|CER_EXIT_MGR::CallExits|ceraxmgr.cpp|600|CER_EXIT_MGR::CallExits|E|1|Jan 1 1753 12:00:00:000AM Thanks! ... View more

Re: How to calculate the duration of a single even...

by in Splunk Search
‎09-27-2016 08:13 AM
‎09-27-2016 08:13 AM
That makes perfect sense and I've tried several variations of the above, all to no effect. it simply ignores the resulting field, so I assume a conversion error is still happening. Is that error logged somewhere? I couldn't find it on the server (ironic?). Or a debug option to see where it's failing? The reserved fields date_hour, date_minute and date_second are fine and can be used in an eval. But this isn't cutting it for whatever reason. ... | eval EVAL-myfield1 = strptime(STIN_BEG_DTM,"%b %d %Y %I:%M:%S.%3N%P") Thanks again. ... View more

How to calculate the duration of a single event?

by in Splunk Search
‎09-26-2016 11:42 AM
‎09-26-2016 11:42 AM
Please bear with me as I’m sure this is very simple. I’ve seen examples here of calculating duration for a transaction with multiple log events, but this one has the start and end times in a single event. In the above example, I’ve tried |eval myduration=STIN_END_DTM-STIN_BEG_DTM And |concurrency duration=STIN_END_DTM-STIN_BEG_DTM both which take the command without error but does not create a duration field. Please be gentle in telling me what I’m missing! Thanks. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-03-2021 02:26 PM
Karma from
View All
Karma given to