Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About sonila
sonila
Path Finder
Member since:
02-10-2017
06-05-2020
Community Statistics
| Posts | 27 |
| Solutions | 1 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 02-10-2017 |
Activity Feed
- Karma Re: How to edit my alert search to convert Available Memory value from bytes to a percentage? for niketn. 06-05-2020 12:48 AM
- Karma Re: How to edit my alert search to convert Available Memory value from bytes to a percentage? for niketn. 06-05-2020 12:48 AM
- Posted Re: how to edit my search on Splunk Search. 07-12-2017 01:45 PM
- Posted Re: how to edit my search on Splunk Search. 07-12-2017 01:06 PM
- Posted Re: how to edit my search on Splunk Search. 07-12-2017 12:59 PM
- Posted Re: how to edit my search on Splunk Search. 07-12-2017 12:50 PM
- Posted how to edit my search on Splunk Search. 07-12-2017 12:34 PM
- Tagged how to edit my search on Splunk Search. 07-12-2017 12:34 PM
- Tagged how to edit my search on Splunk Search. 07-12-2017 12:34 PM
- Posted Re: The App Does Not Launch on All Apps and Add-ons. 07-11-2017 01:40 AM
- Posted Re: Historical result of a scheduled report on Reporting. 07-09-2017 04:29 AM
- Posted Historical result of a scheduled report on Reporting. 07-07-2017 02:01 AM
- Tagged Historical result of a scheduled report on Reporting. 07-07-2017 02:01 AM
- Tagged Historical result of a scheduled report on Reporting. 07-07-2017 02:01 AM
- Posted Re: Save and store results of reports for later use on Reporting. 07-06-2017 01:53 AM
- Posted Re: SOLVED - SQL Hosts dashboard in App for Microsoft SQL Server on All Apps and Add-ons. 07-03-2017 03:32 AM
- Posted Create link in an alert on Alerting. 06-23-2017 02:42 AM
- Tagged Create link in an alert on Alerting. 06-23-2017 02:42 AM
- Tagged Create link in an alert on Alerting. 06-23-2017 02:42 AM
- Posted how to solve the error message: an error ocured while fetching data in a splunk dashboard using post-process search? on Dashboards & Visualizations. 05-29-2017 11:14 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
06-30-2024
11:27 PM
Hi @Rakeshar4u , I've included a link to the dashboard in the body of the alert email, but it appears as plain text rather than a clickable hyperlink. I also tried using <href>, but it still shows as plain text. Here's my alert configuration: My Splunk version is 9.2.1. Any insights would be appreciated.
... View more
07-09-2017
04:39 AM
Say you only kept 1 month of history (that's how long the expiration was). The time frame would only ever need to be one month, though you could just put all time, if you wanted. You could use the |history command or a |rest Command to get a list of sid and then the |map command with the |loadjob command to loop through all of the sid that were pulled in and bring the data back for all of them.
... View more
05-29-2017
12:30 PM
You need to make sure that the TTL ("Time To Live") of your scheduled search is at least as long as the periodicity of the search. If your search runs every day than the search's TTL should be at least 60*60*24 or greater. If not, you will get this error. You can check TTL like this:
|rest/servicesNS/-/-/saved/searches
| fields dispatch.ttl title eai:acl.app description search disabled triggered_alert_count actions action.script.filename alert.severity cron_schedule
https://www.splunk.com/blog/2012/09/12/how-long-does-my-search-live-default-search-ttl/
... View more
05-13-2017
02:37 AM
Yes this is the solution
... View more
05-12-2017
03:40 PM
The only thing that I can think of is that your events are expiring between when the alert hits and when you double-check. This should tell you what the oldest event still in the index is. It should be weeks, if not months old but maybe it is hours or days old.
|metadata type=sourcetypes | search sourcetype=log4net
... View more
04-24-2017
11:28 AM
@sonia , i have converted my comment to answer. Please accept if this helped.
... View more
02-10-2017
05:17 AM
See Getting Data In at http://docs.splunk.com/Documentation/Splunk/6.5.2/Data/WhatSplunkcanmonitor
... View more
12-26-2017
01:08 PM
Ideally, everything would be set to the same time zone but not necessary so long as you tell Splunk what timezone each host, source, or sourcetype is in. You can adjust the time zone settings for that host/source/sourcetype by putting a props.conf on the HF to tell Splunk what timezone that sourcetype is in:
[bluecoat_G]
TZ = UTC
... View more
