Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About mathiasy123
mathiasy123
Path Finder
Member since:
06-26-2020
10-05-2020
Community Statistics
| Posts | 70 |
| Solutions | 2 |
| Karma Given | 8 |
| Karma Received | 1 |
| Member Since | 06-26-2020 |
Activity Feed
- Posted Splunk Missing Indexed Content Files From FTP Server on Getting Data In. 09-10-2020 08:52 PM
- Got Karma for Time Picker Splunk Not Working on Dashboard. 08-26-2020 10:38 AM
- Posted Re: Dashboard Visualization For Combined Search Alert on Dashboards & Visualizations. 08-23-2020 07:39 PM
- Tagged Re: Dashboard Visualization For Combined Search Alert on Dashboards & Visualizations. 08-23-2020 07:39 PM
- Posted Re: Dashboard Visualization For Combined Search Alert on Dashboards & Visualizations. 08-04-2020 07:25 PM
- Posted Is it possible to combine the saved search (alert) in one visualization dashboard? on Dashboards & Visualizations. 08-03-2020 02:58 AM
- Posted Re: Time Picker Splunk Not Working on Dashboard on Dashboards & Visualizations. 07-23-2020 07:26 PM
- Karma Re: Time Picker Splunk Not Working on Dashboard for rnowitzki. 07-23-2020 07:26 PM
- Posted Time Picker Splunk Not Working on Dashboard on Dashboards & Visualizations. 07-23-2020 03:14 AM
- Posted Add Saved Alert In Dashboard on Alerting. 07-10-2020 01:04 AM
- Posted Re: How to send multiple e-mail alerl on Alerting. 07-08-2020 07:57 PM
- Posted Re: How to send multiple e-mail alerl on Alerting. 07-08-2020 07:21 PM
- Karma Re: Search Data 1 Minute Ago for to4kawa. 07-08-2020 07:18 PM
- Posted How to send multiple e-mail alerl on Alerting. 07-08-2020 03:23 AM
- Posted Re: Search Data 1 Minute Ago on Splunk Search. 07-08-2020 03:20 AM
- Posted Re: Search Data 1 Minute Ago on Splunk Search. 07-07-2020 02:48 AM
- Tagged Re: Search Data 1 Minute Ago on Splunk Search. 07-07-2020 02:48 AM
- Posted Re: Search Data 1 Minute Ago on Splunk Search. 07-07-2020 12:35 AM
- Posted Re: Monitor directory and files on Getting Data In. 07-06-2020 02:59 AM
- Tagged Re: Monitor directory and files on Getting Data In. 07-06-2020 02:59 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
09-10-2020
08:52 PM
Greetings, I have a problem with my Splunk index. My Splunk indexed data from a file log in FTP Server using FTP Pull Add-On. But the problem is, there is missing file content that my Splunk index did not index. For example: file_name.log has some 6 content (6 rows data) But my Splunk did not index all of 6 content on that file, resulting only 5 content (5 rows data) indexed. So, in my Splunk, there are 5 events produced. My question is: 1. How to track my Splunk index, when indexing the data with all details, like the file content, the time-indexed, and etc? 2. How to fix my Splunk index miss some of the file content when the index happens? Thanks in advanced
... View more
Labels
- Labels:
-
field extraction
-
host
-
index
-
indexer
-
monitor
-
other
-
source
-
sourcetype
08-23-2020
07:39 PM
Hi @richgalloway , I tried, but it returned nothing
... View more
- Tags:
- hi
08-04-2020
07:25 PM
Hi @richgalloway , Should I type that command on the new search or in the saved search?
... View more
08-03-2020
02:58 AM
Greetings,
I have saved search (alerts) like this:
I know that each of these saved alert which is alert can be visualized dependently. Is it possible to combine these saved search (alert) in one visualization and one search?
For example:
1. I want to make a search that contains count from all triggered alert (all saved search), the table or statistic should look like this
Field | triggered count |
Saved Search 1 (Alert 1) | 3 |
Saved Search 2 (Alert 2) | 4 |
and so on.
2. From that search, I want to visualize it, like a pie chart, so it will like this:
Saved Search 1 = 20%
Saved Search 2 = 30%
and so on.
Thanks in advanced
... View more
07-23-2020
07:26 PM
Hi @rnowitzki It worked! I have to set the token too Thanks!
... View more
07-23-2020
03:14 AM
1 Karma
Greetings, I try to add a time filter using time input in Splunk dashboard website, look like this: The default is "All time", and this is my search on the visualization: But when I set the time picker to "Today" the visualization not updating or not refreshing the search for today's data. What I expect is whatever I set the time picker input, the search will run according to the time picker that I set it. How can I solve this? Thanks in advance
... View more
07-10-2020
01:04 AM
Greetings, How to add all of my alerts: Into my dashboard? : Thanks in advance!
... View more
Labels
- Labels:
-
alert action
-
alert condition
-
other
07-08-2020
07:57 PM
@renjith_nair Ah! I see, so the email settings is for the sender instead of the recipient. Thank you!
... View more
07-08-2020
07:21 PM
Hi, @renjith_nair Is it gonna successfully send to all of that email? Because the problem is only one email can be configured in Server Settings->Email Settings right?
... View more
07-08-2020
03:23 AM
Greetings, How to send a multiple alert email? Ex: I want to send the triggered alert to email A, email B, email C, and so on.. Is it possible to do it, without using the cc? Thanks in Advance
... View more
Labels
- Labels:
-
alert action
-
alert condition
-
email
-
other
07-08-2020
03:20 AM
@to4kawa Hi, I finally found my mistake, it seems my _time was wrong, so the search returns an empty result, big thanks!
... View more
07-06-2020
02:59 AM
@DavidHourani Hello, I did what you suggested about the monitoring directory in web GUI, but I had some warning: "Data preview will be skipped, it is not supported for directories." I have 2 files log in D:\Semester 7\Magang\Proyek\Proyek FDS that I want to monitor Thanks in advanced
... View more
- Tags:
- monitoring directory
07-05-2020
07:57 PM
@bowesmana Okay, thanks for the deep explanation! Big thanks to you!
... View more
07-05-2020
07:44 PM
@bowesmana Ah! I see now, so basically the _time is looking for if they're any timestamp in my log file, if the timestamp exists in log file then it would be the _time value, am I correct? How about if the case is there are 2 timestamps in one log file? let say I have transactionDate field with format YY-mm-dd HH:MM:SS and logDate field with format dd-mm-yy HH:MM:SS which is a timestamp, what the _time value would be?
... View more
07-05-2020
04:50 AM
@bowesmana Okay, so the alert is using the _time right? But I still have some understanding issue: 1.) If I stored my data, let say Tuesday, 2 June 2020 09:00:00 then the _time should be 02/06/2020 09:00:00? 2.) In this case, my expectation is that Splunk alert wants to check the search based on transactionDate instead of _time, why? because there is a chance where the _time can differ from transactionDate (my focus in on transactionDate).
... View more
07-03-2020
02:52 AM
I have data that has _time from 18:00:20-18:00:52 and I set my current time to 18:01 so it should search the 18:00 time, why is it not working (display an empty result)? It should display the data from 18:00:20-18:00:52. this is my search:
... View more
07-03-2020
12:02 AM
Hi, @bowesmana Yes, my transaction date and default _time Splunk can be differ, that's why I want to set transaction date as a _time default in Splunk. Okay, so this is my new search: Is it right? Should I define the time range in here?: Another problem, when I remove the where filter, why the data from yesterday displayed too? It should be only data at 13:00 or 01:00 PM. Does the time range use the default _time old values instead of replaced _time with transactionDate?
... View more
- Tags:
- hi
07-02-2020
09:43 PM
Greeting, I want to search for data every 1 hour ago window, let say today at 11:00 AM, so the search will look at data from 10:00 AM until 11:00 AM. I tried it on the search and it did not return anything, but I have data at 10:05 AM, 10:10 AM, 10:15 AM. What I want is: I want to find the user ID that has more than 5 transactions hourly, that's why I tried to use bin _time span=1h, to count how many transactions in the range 1 hour. The alert will run an hourly and search the data one hour ago from the current hour, for the example now is 11:00 AM, the alert will check the data 1 hour ago which is 10:00 AM, and so on. If there is a user ID that has more than 5 transactions, it will alert it. So my problems are: A. configure the search for a time window (check every 1 hour ago from the current hour) B. configure the alert this is my search and time range configuration: this is my alert:
... View more
Labels
07-02-2020
07:25 AM
@gcusello Alright, I'll let you know if the problem occurs again!
... View more
07-02-2020
06:35 AM
Hi, @gcusello Cool!, big thanks to you!
... View more
- Tags:
- @
07-02-2020
05:40 AM
Okay, so what I understand is scheduled alert doesn't have time to start the alert, right? The search I fixed: The cron schedule I fixed: Is it good to go already?
... View more
