Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About djluke
djluke
Path Finder
Member since:
03-11-2013
04-06-2023
Community Statistics
| Posts | 22 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 4 |
| Member Since | 03-11-2013 |
Activity Feed
- Posted Re: Splunk Forwarder preferred path on Splunk Search. 04-06-2023 03:29 AM
- Posted Splunk Forwarder preferred path on Splunk Search. 04-06-2023 02:53 AM
- Tagged Splunk Forwarder preferred path on Splunk Search. 04-06-2023 02:53 AM
- Tagged Splunk Forwarder preferred path on Splunk Search. 04-06-2023 02:53 AM
- Tagged Splunk Forwarder preferred path on Splunk Search. 04-06-2023 02:53 AM
- Posted How to collect Windows metrics and logs with the data collection script in ITSI? on Getting Data In. 09-15-2022 01:18 AM
- Tagged How to collect Windows metrics and logs with the data collection script in ITSI? on Getting Data In. 09-15-2022 01:18 AM
- Tagged How to collect Windows metrics and logs with the data collection script in ITSI? on Getting Data In. 09-15-2022 01:18 AM
- Posted Are there Best Practices for Vmware and Unix Add-on on ITSI? on Splunk IT Service Intelligence. 09-05-2022 05:28 AM
- Tagged Are there Best Practices for Vmware and Unix Add-on on ITSI? on Splunk IT Service Intelligence. 09-05-2022 05:28 AM
- Tagged Are there Best Practices for Vmware and Unix Add-on on ITSI? on Splunk IT Service Intelligence. 09-05-2022 05:28 AM
- Tagged Are there Best Practices for Vmware and Unix Add-on on ITSI? on Splunk IT Service Intelligence. 09-05-2022 05:28 AM
- Got Karma for Re: How to use eval to convert everything to same unit before indexing as metrics?. 07-17-2022 03:05 PM
- Posted Re: How to use eval to convert everything to same unit before indexing as metrics? on Splunk Search. 07-12-2022 11:29 PM
- Posted Re: How to use eval to convert everything to same unit before indexing as metrics? on Splunk Search. 06-21-2022 07:23 AM
- Posted How to use eval to convert everything to same unit before indexing as metrics? on Splunk Search. 06-15-2022 03:17 AM
- Tagged How to use eval to convert everything to same unit before indexing as metrics? on Splunk Search. 06-15-2022 03:17 AM
- Tagged How to use eval to convert everything to same unit before indexing as metrics? on Splunk Search. 06-15-2022 03:17 AM
- Tagged How to use eval to convert everything to same unit before indexing as metrics? on Splunk Search. 06-15-2022 03:17 AM
- Posted Re: ITSI : why doesn't KPI show up in service analyzer ? on Splunk IT Service Intelligence. 12-17-2021 01:14 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 2 | |||
| 1 |
04-06-2023
03:29 AM
Thanks for quick answer. I was hoping we could handle it directly via Splunk configuration. Would it be the same even if I have a Heavy forwarder instead of UF?
... View more
04-06-2023
02:53 AM
Hi Splunkers, does anyone have an idea how to configure a preferred path on a Splunk Forwarder? I have 2 datacenters with many UF sending data in balanced mode to local indexers. I would like to configure UF to automatically send data to indexers in the other DC only in case local ones are unavailable (maintenance / crash / ...) Thanks in advance Any suggestion will be very appreciated
... View more
Labels
- Labels:
-
other
09-15-2022
01:18 AM
Hi Splunkers, I'm trying to use ITSI to monitor my Windows intrastructure. I used the data collection script (generated by ITSI) to automatically install and configure the splunk forwarder on a test windows 2019 server. I see the data stream coming from the test server to indexer. The entity is correctly created but both the Sample service and base searches created with the "Data Integrations -> Monitoring MS Windows" doesn't work. For what I understood until now there is a mismatch between the sourcetype assinged by forwarder and the one used in base searches. sourcetype=perfmonMK:LogicalDisk (in base search) vs sourcetype=PerfmonMetrics:LogicalDisk (in indexed data) Is there someone else with the same issue? Could be a bug? Any tips to fix ?
... View more
Labels
- Labels:
-
sourcetype
-
universal forwarder
-
Windows
09-05-2022
05:28 AM
Hi Splunkers, I've installed both Add-on for VMware metrics collector and Add-on for Unix and Linux. I noticed that the same host collected by the two add-on is managed in different ways. Is there a best pratice to follow in order to merge data or at least to tell ITSI we're talking about the same host?
I've already tried to merge entities but without finding an acceptable solution. Can someone help me on this topic?
... View more
Labels
- Labels:
-
configuration
-
other
-
using ITSI
07-12-2022
11:29 PM
1 Karma
Hi, thanks for your suggestion. It took me a little bit but at the end I got the right point. Just a little tip for anybody will fall into the same issue: it seems that you can use just one INGEST_EVAL per stanza. To add more fields you have to split rules with comma as you'd do in spl.
... View more
06-21-2022
07:23 AM
Hi, thanks for your reply. I tried with INGEST_EVAL but it doesn't work (at least as expected) I used it like INGEST_EVAL = Total = case(Total_Unit="G",Total*1024,Total_Unit="M",Total,Total_Unit="K",Total/1024) Maybe I'm doing something wrong Could you please provide an example based on data in the first message? Thanks
... View more
06-15-2022
03:17 AM
Hello splunkers, I need your help to find a solution for the following issue. I have a log file as a source that I'm indexing as metrics Sample Event 2022/06/15 10:15:22 Total: 1G Used: 65332K Free: 960.2M I'm able to index values in a metric index but I would like to convert everything to the same unit before doing this. I tried with eval but it doesn't work props.conf DATETIME_CONFIG =
LINE_BREAKER = ([\r\n]+)
NO_BINARY_CHECK = true
category = Custom
pulldown_type = 1
TRANSFORMS-extract_test = fields_extract_test
EVAL-Total = Total*100
METRIC-SCHEMA-TRANSFORMS = metric-schema:extract_metrics_test transforms.conf [fields_extract_test]
REGEX = .*Total: (.*?)([A-Z]) Used: (.*?)([A-Z]) Free: (.*?)([A-Z])
FORMAT = Total::$1 Total_Unit::$2 Used::$3 Used_Unit::$4 Free::$5 Free_Unit::$6
WRITE_META = true
[metric-schema:extract_metrics_test]
METRIC-SCHEMA-MEASURES = _ALLNUMS_
METRIC-SCHEMA-WHITELIST-DIMS = Total,Total_Unit,Used,Used_Unit,Free,Free_Unit How to do this? Thanks in advance
... View more
Labels
- Labels:
-
eval
12-17-2021
01:14 AM
Hi, I've just upgraded to the 4.11.1 and I'm facing the same issue. I've checked for SA-IndexCreation app on SH and it's present. Do you have other tips or suggested checks to solve the issue? Thanks
... View more
05-11-2021
03:12 AM
Hi Splunkers, I'm here again asking for help with the alert manager app. I'm trying the "auto-resolve" feature combined with "append incident with the same title". I would like that all incidents with new appended events to be automatically closed at time "last_event + ttl" What I'm seeing now is an automatic closure at time "open time + ttl" even if there are new events for the same incident. Here below a simple example: Auto-close = enabled Append new incidents = enabled Search = my search TTL = 11m Incident creation time = 13:00:00 Appended events time = 13:05:00 , 13:10:00 Auto close time = 13:00:00 + 11m = 13:11:00 Desidered auto close time = 13:10:00 + 11m = 13:21:00 Thanks in advance for your support.
... View more
Labels
- Labels:
-
configuration
-
other
-
troubleshooting
01-13-2021
01:32 AM
Hi guys, I'm quite new about alert manager app. I'm trying to configure a notification for auto-assigned incidents, but it seems it doesn't work. On incident posture dashboard new incidents are correctly assigned to the configured user but no messages arrive from the server. If I try to change status to resolve or closed I get an email. What I'm doing wrong? Thanks for your help
... View more
Labels
- Labels:
-
other
04-06-2020
03:13 AM
Hi,
did you solve the problem?
... View more
07-18-2019
01:02 AM
Thanks Jaime,
also the idea for the "COMMENT" in search string is cool!
... View more
07-15-2019
01:17 AM
Hi Gregg,
thanks for the idea. I've installed cribl in the test environment.
Could you help me with some tip to get what i need?
Tnx
... View more
07-15-2019
01:12 AM
Hi,
I tried with the exclusions but sometimes it works and sometimes not, depending by the fields that are coming. At the end I would say that the json structure is too complex to be filtered with a regex. In some cases there is a comma before a closure, or a brace/square bracket to add/remove in order to obtain the correct format.
Thanks again for your help
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-06-2023
07:07 AM
|
