Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About raghav130593
raghav130593
Explorer
Member since:
11-03-2016
06-05-2020
Community Statistics
| Posts | 8 |
| Solutions | 1 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 11-03-2016 |
Activity Feed
- Karma Re: mvcombine ignores specified delimiter for peter7431. 06-05-2020 12:47 AM
- Posted Re: Regex field != expression not matching on Splunk Search. 02-13-2017 05:50 PM
- Posted Re: Regex field != expression not matching on Splunk Search. 02-08-2017 04:42 PM
- Posted Regex field != expression not matching on Splunk Search. 02-08-2017 04:19 PM
- Tagged Regex field != expression not matching on Splunk Search. 02-08-2017 04:19 PM
- Tagged Regex field != expression not matching on Splunk Search. 02-08-2017 04:19 PM
- Posted Re: Splunk throwing HTTP 401 not authorized error when called from Java SDK on Alerting. 01-31-2017 03:17 PM
- Posted Re: How to write splunk output in csv file using python code? on Getting Data In. 01-27-2017 02:13 PM
- Posted Splunk throwing HTTP 401 not authorized error when called from Java SDK on Alerting. 12-27-2016 07:08 PM
- Tagged Splunk throwing HTTP 401 not authorized error when called from Java SDK on Alerting. 12-27-2016 07:08 PM
- Tagged Splunk throwing HTTP 401 not authorized error when called from Java SDK on Alerting. 12-27-2016 07:08 PM
- Tagged Splunk throwing HTTP 401 not authorized error when called from Java SDK on Alerting. 12-27-2016 07:08 PM
- Tagged Splunk throwing HTTP 401 not authorized error when called from Java SDK on Alerting. 12-27-2016 07:08 PM
- Posted Re: Why are my search results are not matching the lookup table? on Splunk Search. 11-04-2016 12:15 AM
- Posted Why are my search results are not matching the lookup table? on Splunk Search. 11-03-2016 07:39 PM
- Tagged Why are my search results are not matching the lookup table? on Splunk Search. 11-03-2016 07:39 PM
- Tagged Why are my search results are not matching the lookup table? on Splunk Search. 11-03-2016 07:39 PM
- Tagged Why are my search results are not matching the lookup table? on Splunk Search. 11-03-2016 07:39 PM
- Tagged Why are my search results are not matching the lookup table? on Splunk Search. 11-03-2016 07:39 PM
- Tagged Why are my search results are not matching the lookup table? on Splunk Search. 11-03-2016 07:39 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
02-08-2017
04:42 PM
I used stats in the query so I have a statistics table with selected fields. So, an example of the result which shouldn't be there would be
field1 field2
api.twitter.com ABC\xyz1aul4
This should ideally be avoided since it matches the second field's regex but it hasn't
... View more
02-08-2017
04:19 PM
I have a query where I am performing regex matching on two different fields, field1 and field2. index=proxylogs uri!=aa.*|regex field1=".*abc\..*|.*api\..*"|regex field2!="(?i)abc\\xyz[a-z0-9]{5}|(?i)abc\\kkr[a-z0-9]{6}"|... . Field 1 matches with the regex pattern and provides results that have matching values. However, field 2 doesn't work as I am getting the results that do match the regex of field2 and not discarding them. According to the '!=', the values that match that particular regex shouldn't be present in the result of the query, but they are. So, it isn't working as it supposed to. I have tested the regex elsewhere and it is correct. Any ideas?
... View more
01-31-2017
03:17 PM
I found the issue. It was a lazy authorization issue within Apache Nifi's GetSplunk processor and not really Splunk's issue. The session that getting created used to expire and a new session wasn't getting created consecutive times within the cron scheduler.
... View more
01-27-2017
02:13 PM
I had a question regarding output_mode for export search. In the export search, there's no search job created and the results are streamed. I wasn't able to find anything conclusive regarding setting output_mode of an export search to 'CSV'. I wanted to know how is it done?
... View more
12-27-2016
07:08 PM
I have multiple GetSplunk processors running using a Cron driven scheduling strategy. The Cron expression looks like '0 30 13 * * ?'. They all successfully execute the query the first time it's run. But, the next day it errors out with a 401 error from Splunk. The error from nifi-app.log is as below. The Cron scheduler in NiFi is a QuartzScheduler.
WARN [Timer-Driven Process Thread-7] o.a.n.c.t.ContinuallyRunProcessorTask Administratively Yielding GetSplunk[id=01581009-026c-114b-5e2e-401ebea6427d] due to uncaught Exception: com.splunk.HttpException: HTTP 401 -- call not properly authenticated
2016-12-21 13:30:00,300 WARN [Timer-Driven Process Thread-2] o.a.n.c.t.ContinuallyRunProcessorTask
com.splunk.HttpException: HTTP 401 -- call not properly authenticated
at com.splunk.HttpException.create(HttpException.java:84) ~[na:na]
at com.splunk.HttpService.send(HttpService.java:452) ~[na:na]
at com.splunk.Service.send(Service.java:1293) ~[na:na]
at com.splunk.HttpService.get(HttpService.java:165) ~[na:na]
at com.splunk.Service.export(Service.java:222) ~[na:na]
at com.splunk.Service.export(Service.java:237) ~[na:na]
at org.apache.nifi.processors.splunk.GetSplunk.onTrigger(GetSplunk.java:461) ~[na:na]
at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27) ~[nifi-api-1.1.0-SNAPSHOT.jar:1.1.0-SNAPSHOT]
at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1064) ~[nifi-framework-core-1.1.0-SNAPSHOT.jar:1.1.0-SNAPSHOT]
at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:136) [nifi-framework-core-1.1.0-SNAPSHOT.jar:1.1.0-SNAPSHOT]
at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:47) [nifi-framework-core-1.1.0-SNAPSHOT.jar:1.1.0-SNAPSHOT]
at org.apache.nifi.controller.scheduling.QuartzSchedulingAgent$2.run(QuartzSchedulingAgent.java:165) [nifi-framework-core-1.1.0-SNAPSHOT.jar:1.1.0-SNAPSHOT]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_101]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_101]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [na:1.8.0_101]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [na:1.8.0_101]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_101]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_101]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
The GetSplunk processor makes use of Java SDK for Splunk. My earliest time is '-24h' and latest time is 'now'. I am hitting splunkd with port 8089.
Help appreciated.
... View more
11-04-2016
12:15 AM
Great. Sorry I have very limited experience with Splunk hence wasn't aware of that. But, I was able to achieve my result through what you suggested. Thanks.
... View more
11-03-2016
07:39 PM
I am performing a search where I am making use of a CSV lookup and only get those results that match one of the fields in the lookup. Here's my scrubbed out search
index="logs"|regex url = "..."|stats sum(bytes),count(uri) by url ip|lookup csv_lookup ip OUTPUT oe|sort -sum(bytes)
This gives out results with the unmatched events along with the matched events. Any idea what's going wrong?
... View more
