Hi While running a script from my app bin directory I am executing a search query so that it will write some file to the location where my forwarder is monitoring. I am using bin/ExecuteSplunkQuery.sh to execute my splunk query which is taking around 70 seconds to complete but my problem is I am getting below error in the file as it's waiting for 30 seconds and killing my job, so my question is where to increase that 30-second value. I am getting below error- Splunk is taking too much time to complete search query...Quiting........itrCnt:30 ... View more

Hi Folks, i have a requirement to create relevant query in Splunk to retrieve daily count of records from Kafka server for all topics disctintively along with total records. Below is my Query it runs though but is very slow to process. Can you please help me to accelerate the data in populating : index=blc_db sourcetype=jmx EventType="messages" | where IN(mbean_property_topic,"ciot_pdx_vision_er_gorr_modify","ciot_pdx_vision_er_gorr_subscription_account","ciot_pdx_vision_er_gorr_transaction","ciot_pdx_vf_sharepoint_group_tac_list","com_vodafone_smartlife","com_witsoftware_vodafone_smartlife","android_com_vodafone_smartlife","android_com_crvsh_vodafone_smartlife","prod_ciot_mongo","ciot_pdx_unipart_dispatches_uk","ciot_pdx_vf_italy_liveperson","ciot_pdx_mongodb_flow_orchestrator_transaction","ios_com_vodafone_smartlife","ios_com_crvsh_vodafone_smartlife","my_com_maxis_smartlife","android_my_com_maxis_smartlife","ios_my_com_maxis_smartlife","ciot_pdx_vss_events","ciot_pdx_vss_events_detailed","ciot_nginx_cg_01","ciot_pdx_chatlingual_full","ciot_pdx_vision_er_gorr_refund") | bin _time span=1d | stats range(Count) as countPerHost by host, _time, mbean_property_topic | stats count(host) as hostCount, sum(countPerHost) as totalCountPerDay by _time, mbean_property_topic                 ... View more

Hi , Below is the existing query but when i run this for a single index  with its fields i get the  statistics data & count but when  i am trying to run all these 4 -indexes and it's respective fields together i am not  getting any Statistical table as output what changes do i need to make to list out all 4 indexes with their respective count in statistics. ..(For single index and it's fields it's working fine but when i try to merge all 4 index details it's statistics value is 0 as you can see below.)   ... View more

Below is my existing query : i want to add ceratin common feilds with different value for the respective indexes .How can i add and get the filter count of events .Please help me in tuning the query ASAP here's attaching the different feilds for respective indexes  :     ... View more

How do I Create a single dashboard panel with two different index and their respective source types displaying count for same field with a drop down suggesting for index selection i.e if i select a particular index from the dropdown respective count for that field is displayed and so on. ... View more

Hi Friends , I want to create an alert for my Hadoop Job Monitoring and trigger an alert mail to team notifying or hihglighting only for jobs which has been running for more than 90mins based on which action can be taken.I am attaching the screenshot of my query .Please help me in modifying and fine tuning the query changes if needed. Before i proceed to set an alert for monitoring . ... View more

Hi Friends, Please help me in building a dashboard query where i have to prepare a dashboard which should populate events for 3 Sources Suppose A,B and C with each ingesting 3 data types like Android ,IOS and JSON. So I want to calculate Event Count , Size Count and show the ingested data in panel just by selecting Android ,IOS and JSON from one dropdown and selecting sources either A,B or C from From another. For Example, If i select B source from input drop down and IOS from another drop down then it should show me the event count and Size Count for Source-B IOS data in the below two panel one showing Size count and the other showing Size count. ... View more