Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About mlovasco
mlovasco
Explorer
Member since:
07-16-2020
08-23-2023
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 07-16-2020 |
Activity Feed
- Posted Re: Parsing pipe delimiter with props.conf and transforms.conf not working on Getting Data In. 11-19-2021 08:39 AM
- Karma Re: Parsing pipe delimiter with props.conf and transforms.conf not working for richgalloway. 11-19-2021 08:39 AM
- Posted Re: Parsing pipe delimiter with props.conf and transforms.conf not working on Getting Data In. 11-19-2021 07:57 AM
- Posted Re: Parsing pipe delimiter with props.conf and transforms.conf not working on Getting Data In. 11-19-2021 07:32 AM
- Posted Re: Parsing pipe delimiter with props.conf and transforms.conf not working on Getting Data In. 11-19-2021 07:32 AM
- Tagged Re: Parsing pipe delimiter with props.conf and transforms.conf not working on Getting Data In. 11-19-2021 07:32 AM
- Posted Parsing pipe delimiter with props.conf and transforms.conf not working on Getting Data In. 11-19-2021 06:53 AM
- Posted Re: Differentiate JSON event with multiple fields with the same name on Splunk Search. 03-26-2021 05:59 AM
- Karma Re: Differentiate JSON event with multiple fields with the same name for manjunathmeti. 03-26-2021 05:58 AM
- Posted Differentiate JSON event with multiple fields with the same name on Splunk Search. 03-25-2021 06:36 PM
Topics I've Started
11-19-2021
08:39 AM
Got it... will reroute my thinking.. thanks!
... View more
11-19-2021
07:57 AM
Hosts where these logs are located...
... View more
11-19-2021
07:32 AM
Yes, testing with verbose mode... none of my fields are appearing. Should also mention that I'm Cloud, but my app is on a deployment server and being successfully deployed to appropriate clients.
... View more
- Tags:
- field extraction
11-19-2021
07:32 AM
Yes, testing with verbose mode... none of my fields are appearing. Should also mention that I'm Cloud, but my app is on a deployment server and being successfully deployed to appropriate clients.
... View more
11-19-2021
06:53 AM
Hi - trying to parse 2 similar sourcetypes with props.conf and transforms.conf but they are not working. Help would be appreciated! Thanks! Example events: sourcetype=avaya:epm:mpplogs
@2021-11-19 09:41:54,070|PAVB_03335|INFO|VB|650636|Session=aipor-mpp001lv-2021323144040-7|Got VoiceXML exception: noinput in 9b99c62c5d35f81d18e547137018bef9663c3bc7a33f60a3f25aa4d55d36e14f|aipor-mpp001lv####
sourcetype=avaya:epm:vpmslogs
@2021-11-19 09:51:10,411 EST||FINE|AppIntfService|VoicePortal|ajp-nio-127.0.0.1-3009-exec-41|Method=PackageInfo::GetBuildVersion()| attempt to locate file on classpath. File = VPAppIntfService.aar|||||||aipva-epm001lv|4000064385#### props.conf [avaya:epm:mpplogs]
REPORT-pipe-separated-fields-mpp = pipe-separated-fields-mpp
[avaya:epm:vpmslogs]
REPORT-pipe-separated-fields-vpms = pipe-separated-fields-vpms transforms.conf [pipe-separated-fields-mpp]
DELIMS = "|"
FIELDS = "eventTimestamp","eventName","eventLevel","triggerComponent","eventId","eventText","eventDescription","serverName"
[pipe-separated-fields-vpms]
DELIMS = "|"
FIELDS = "eventTimestamp","eventName","eventLevel","triggerComponent","eventMonitor","eventDescription" (I've tried with and without quotes)
... View more
Labels
03-26-2021
05:59 AM
Works perfectly, thanks!
... View more
03-25-2021
06:36 PM
Hello - I have JSON events that have multiple items nested inside them. Each item has fields with the same name. I'm trying to report with stats and timechart on specifically "lastvalue_raw" for each "sensor" however when trying a few different things my query still chooses the first "lastvalue_raw" for any of the sensors. The JSON event could have any number of nested items within it depending on the type of sensor. Below is an example event: {
"prtg-version": "21.1.65.1767",
"treesize": 2,
"sensor": [
{
"device": "Colo Palo Alto FW1",
"device_raw": "Colo Palo Alto FW1",
"objid": 8219,
"objid_raw": 8219,
"sensor": "Comcast (1Gbit/s - Circuit ID)",
"sensor_raw": "Comcast (1Gbit/s - Circuit ID)",
"status": "Unusual",
"status_raw": 10,
"lastvalue": "37 Mbit/s",
"lastvalue_raw": 4637266.8945
},
{
"device": "Colo Palo Alto FW1",
"device_raw": "Colo Palo Alto FW1",
"objid": 33904,
"objid_raw": 33904,
"sensor": "Verizon Business (1Gbit/s - Circuit ID)",
"sensor_raw": "Verizon Business (1Gbit/s - Circuit ID)",
"status": "Up",
"status_raw": 3,
"lastvalue": "163 Mbit/s",
"lastvalue_raw": 20343218.0333
}
]
} And here is an example of a query I have tried to separate them: index=prtg_test sourcetype=_json
| spath
| rename "sensor{}.lastvalue_raw" AS lastvalue, "sensor{}.sensor" AS sensor
| timechart span=1m latest(lastvalue) by sensor Any help is greatly appreciated!
... View more
Labels
- Labels:
-
fields
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-23-2023
10:25 AM
|
