Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About marellasunil
marellasunil
Communicator
Member since:
03-08-2013
06-05-2020
Community Statistics
| Posts | 52 |
| Solutions | 4 |
| Karma Given | 11 |
| Karma Received | 5 |
| Member Since | 03-08-2013 |
Activity Feed
- Karma Re: How to edit my wildcard syntax to monitor logs from a file path that contains the current date? for ddrillic. 06-05-2020 12:48 AM
- Got Karma for SIngle value visalisation is not working using sub search. 06-05-2020 12:48 AM
- Karma Re: How to get AD FS 2.0 WinEventLogs into Splunk? for jdaves. 06-05-2020 12:47 AM
- Karma Re: How to change table header after using transpose command? for martin_mueller. 06-05-2020 12:47 AM
- Karma Re: Why are all services still being indexed, even with my WinHostMon whitelist configuration specifying certain services? for richgalloway. 06-05-2020 12:47 AM
- Karma Re: Why are all services still being indexed, even with my WinHostMon whitelist configuration specifying certain services? for tomandrews. 06-05-2020 12:47 AM
- Got Karma for Re: Why is a large amount of WMI data being indexed (6 GB) from Windows servers and how do I prevent this?. 06-05-2020 12:47 AM
- Got Karma for Re: How to get AD FS 2.0 WinEventLogs into Splunk?. 06-05-2020 12:47 AM
- Karma Re: Calculate number of events between time intervels for kristian_kolb. 06-05-2020 12:46 AM
- Karma Re: display lookup file data even if count is zero for martin_mueller. 06-05-2020 12:46 AM
- Karma Re: Is there a Splunk .NET SDK? for psanford_splunk. 06-05-2020 12:46 AM
- Karma Re: Splunk DB Connect MS SQL DB - Connection refused for anwarmian. 06-05-2020 12:46 AM
- Karma Re: String validation in chart eval for kristian_kolb. 06-05-2020 12:46 AM
- Karma Re: Regex to extract a field between 2 fixed words for grijhwani. 06-05-2020 12:46 AM
- Got Karma for Re: How to create Alerts. 06-05-2020 12:46 AM
- Got Karma for Re: How to create Alerts. 06-05-2020 12:46 AM
- Posted Re: SIngle value visalisation is not working using sub search on Dashboards & Visualizations. 08-25-2016 02:00 AM
- Posted SIngle value visalisation is not working using sub search on Dashboards & Visualizations. 08-24-2016 03:53 AM
- Tagged SIngle value visalisation is not working using sub search on Dashboards & Visualizations. 08-24-2016 03:53 AM
- Posted How to edit my wildcard syntax to monitor logs from a file path that contains the current date? on Getting Data In. 06-27-2016 12:26 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-25-2016
02:00 AM
I Am getting number (8).
Even after opening the dashboard, IF i click search icon below dashboard view, Full splunk search is running and getting the result (8)
But in the dashboard view single value visualisation, the value showing is 0 (zero)
... View more
08-24-2016
03:53 AM
1 Karma
I am trying to build single value visualisation using search & sub search, But it is not working.
<dashboard>
<label>SImple dashboard</label>
<search id="search1"> <query>earliest=-60m latest=now index=XXXXXX </query> </search>
<row>
<panel>
<single>
<title>Successfull Logins</title>
<search base="search1">
<query> where like(sourcetype, "XXXXXX") | stats count as Total</query>
</search>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="drilldown">all</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">["0xd93f3c","0x65a637"]</option>
<option name="rangeValues">[0]</option>
<option name="showSparkline">0</option>
<option name="showTrendIndicator">0</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="underLabel">TOtal</option>
<option name="unitPosition">after</option>
<option name="useColors">1</option>
<option name="useThousandSeparators">1</option>
</single>
</panel>
</row>
</dashboard>
... View more
06-27-2016
12:26 PM
I am trying to extract a log file using below configuration in inputs.conf
C:/logs/28062016/*.log
28062016 is the current date.
I have been trying the below paths, non of these are working.
C:/logs/*/*.log
C:/logs/.../*.log
Can anyone help me?
... View more
06-27-2016
12:19 PM
How can I monitor IIS Application pool state?
Is it possible through WMI query or performance monitor?
Can anyone help me?
... View more
09-13-2015
03:43 AM
Hi Martin,
Thanks for your reply.
In the logs, we have OSTIME field. From OSTIME, we need to extract %H:%M.
Everyday this value need to compare with 04:45, to check the job is runningeven after 04:45 AM
The time format in logs looks like below
OSTIME="11/09/2015 06:05:00"
... View more
09-12-2015
06:30 PM
Hi,
A job needs to be completed by 04:45 AM,
Can some one help me to extract time from the logs, compare 04:45 AM and send an alert.
Kindly help
... View more
- Tags:
- time
09-09-2015
11:27 AM
Hi,
Thanks for the reply.
Is it possible to use blacklist? something like Name!="AppHostSvc"
... View more
09-09-2015
10:28 AM
Hi,
I want to index only the services "AppHostSvc", "Iisadmin" & "AppHostSvc", but even with the below input.conf configuration, all the services are being indexed. Can some one help?
[WinHostMon://service]
type = service
interval = 900
whitelist=Name="AppHostSvc"
whitelist1=Name="Iisadmin"
whitelist2=Name="AppHostSvc"
index=winhost_prod
... View more
06-11-2015
05:42 AM
1 Karma
[WinEventLog://AD FS 2.0/Admin]
Is working for me.
Thanks
... View more
05-01-2015
08:32 AM
Hi Stephane,
Thanks for the reply.
Yes it is forwarder, even I have add the below stanza to props.conf file (In deployment server) which did not work, even changed in all indexers $SPLUNK_HOME$/system/local/props.conf as well
[sourcetype_proj]
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
TIME_FORMAT = %d/%m/%Y %H:%M:%S
TIME_PREFIX = timestamp="
TZ = Europe/London
category = Custom
pulldown_type = true
... View more
05-01-2015
06:26 AM
Hi,
Every month 1st, I am facing the below issue.
Splunk stopped indexing on 1st of every month
For ex : Feb 1st it stopped indexing & it retrieved on 2nd, and on March 1st stopped and indexing again on 3rd march.
Look like splunk recognizing logs as MM/DD though DD/MM in the log
I tried to add "%d/%m/%Y %H:%M:%S" in props.conf but still no luck
timestamp="09/04/2015 10:06:30", XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, transactionstart="09/04/2015 10:06:30", transactionend="09/04/2015 10:06:30",
Can some one suggest me what should I do?
... View more
03-23-2015
04:13 AM
I wanted to add a text (What action need to be taken) for each splunk alerts, Can somebody help me to do?
... View more
- Tags:
- alerts
- text-files
03-18-2015
05:52 AM
.. | chart avg(value) as value by Server | eval "3 Red"=if(value>=90,value, 0) | eval "2 Amber"=if(value<90 AND value>=80, value , 0) | eval "1 Green"=if(value <80, value ,0) | fields - value
Then I have used "charting.fieldColors" in dashboard XML
... View more
03-17-2015
07:47 AM
I have a table with values & host names. I wanted to take avg of all values by host and to create a bar chart, If the average value exceeding the limit, the bar should be green else it should be red, and also on mouse-over on the bar avg value should be displayed.
Query : sourcetype=XXXXX | chart avg(value) by Server
For ex
Host Value
Server1 20
Server2 22
Server1 19
Server2 26
I wanted average values of server1, and if it crosses 80, bar for server should be red else green, same for server2 as well.
Kindly help.
... View more
02-23-2015
10:07 AM
1 Karma
Sorted out the issue
Need to edit the state from enabled to disabled at
SERVERNAMEcProgram FilesSplunkUniversalForwarderetcappsSplunk_TA_windowslocalapp.conf
Your app.conf after making above changes should have the below stanza:
[install]
state = disabled
Once done, restart Splunk
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
Karma given to
