×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
bala1185
Engager
Member since: ‎07-23-2020
‎08-13-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-23-2020
View All

How can i list the the results of saved reports si...

by in Splunk Search
‎07-25-2020 08:23 AM
‎07-25-2020 08:23 AM
I have created the reports based on the errors in the OS. Saved Reports: Report_Name  --  Description Network   --  Report for Network Errors Storage  --  Report for Storage Errors OS  -- Report for OS Errors I would like to list the Report_Name that are existing in my host. For Example, my hostA has only OS and Storage Errors. The dashboard dropdown should list only OS and Storagewhen i select hostA from the other dropdown and then print the results of the saved report(s) if we select in multiselect. i could able to list all the saved reports with rest command, but could not able to list only the corresponding reports. Suggestions would be appreciated. ... View more

Re: data extraction from Nested JSON data and prin...

by in Splunk Search
‎07-24-2020 04:12 AM
‎07-24-2020 04:12 AM
thanks for looking into it. it is printing multivalues in each rows, if each nic has multiple switches. i got help from someone and got it worked below.           i got it worked well with the below: | makeresults | eval _raw="{\"hostname\": \"xxxxx\",\"inventory\": \"#####\",\"fqdn\": \"xxxxx.xxxx.xxx.xxx.xxx\",\"ip\": \"#.#.#.#\",\"platform\": \"XXXXX\",\"version\": \"XXXXX\",\"environment\": \"XXXX\",\"status\": \"XXXXX\",\"subStatus\": \"XXXXX\",\"contactSupporTeam\": \"xxxx\",\"model\": \"XXXXX\",\"product\": \"SERVER\",\"serial\": \"dfd34324\",\"app\": [{\"appName\": \"XXXXX\",\"appAcronym\": \"XXX\",\"appStatus\": \"xxxxx\",\"appOwner\": \"xxxxxx\"}],\"pkg\": [{\"pkgName\": \"xxxxx\",\"pkgVersion\": \"1.2.3\"}, {\"pkgName\": \"yyyyy\",\"pkgVersion\": \"2.3.4\"}, {\"pkgName\": \"zzzzz\",\"pkgVersion\": \"3.4.5\"}],\"nic\": [{\"nicName\": \"eth4\",\"nicSwitch\": [{\"nicSwitchName\": \"xxxxxxx\",\"nicSwitchSerial\": \"dfgdg45435fgg\",\"nicSwitchManufacturer\": \"XXXX\",\"nicSwitchModel\": \"XXX22\",\"nicSwitchVlan\": \"Vlan###\",\"nicSwitchChannel\": \"port-channel3\",\"nicSwitchPort\": \"Ethernet107/1/7\"}, {\"nicSwitchName\": \"xxxxxxxx\",\"nicSwitchSerial\": \"dfsf23432ef\",\"nicSwitchManufacturer\": \"XXXX\",\"nicSwitchModel\": \"XXXX\",\"nicSwitchChannel\": \"port-channel3\",\"nicSwitchPort\": \"Ethernet107/1/8\",\"nicSwitchVlan\": \"Vlan###\"}],\"nicDnsName\": \"\",\"nicType\": null,\"nicStatus\": \"up\",\"nicSpeed\": \"10000\",\"nicFirmware\": \"\",\"nicMac\": \"XX##XXX###XX\",\"nicDuplex\": \"FULL\",\"nicIP\": \"undefined\",\"nicNetmask\": \"\"}, {\"nicName\": \"eth5\",\"nicSwitch\": [{\"nicSwitchName\": \"xxxxxx\",\"nicSwitchSerial\": \"dsfsdf3432sdf\",\"nicSwitchManufacturer\": \"XXXX\",\"nicSwitchModel\": \"XXXXX\",\"nicSwitchChannel\": \"port-channel3\",\"nicSwitchVlan\": \"Vlan###\",\"nicSwitchPort\": \"Ethernet107/1/8\"}, {\"nicSwitchName\": \"xxxxxx\",\"nicSwitchSerial\": \"fdf345345\",\"nicSwitchManufacturer\": \"XXXXX\",\"nicSwitchModel\": \"XXXXX\",\"nicSwitchChannel\": \"port-channel3\",\"nicSwitchPort\": \"Ethernet107/1/7\",\"nicSwitchVlan\": \"Vlan###\"}],\"nicDnsName\": \"\",\"nicType\": null,\"nicStatus\": \"up\",\"nicSpeed\": \"\",\"nicFirmware\": \"\",\"nicMac\": \"XXX###XXX\",\"nicDuplex\": \"\",\"nicIP\": \"undefined\",\"nicNetmask\": \"\"}, {\"nicName\": \"eth6\",\"nicSwitch\": [],\"nicDnsName\": \"\",\"nicType\": null,\"nicStatus\": \"\",\"nicSpeed\": \"\",\"nicFirmware\": \"\",\"nicMac\": \"\",\"nicDuplex\": \"\",\"nicIP\": \"#.#.#.#\",\"nicNetmask\": \"#.#.#.#\"}]}" | spath nic{} output=nic | stats count by nic | rename nic as _raw | extract | spath nicSwitch{} output=nic | stats count by nicName,nic | rename nic as _raw | extract | fields nicName nic* | fields - _raw   Now,  i would like to fetch the OS log with below query index="linux-os" source="tcp:1234" log_source="varlog-messages" "Link is Down" | rex field=_raw "(?<NICDevice>[\w]{3,7})(: NIC|: Link)" |table hostname, message, NICDeice the o/p will be like below : 1 abcd Jul 24 05:46:53 abcd kernel: [ 26.340634] ixgbe 0000:0b:00.0: eth0: NIC Link is Down eth0 2 efgh Jul 24 04:20:04 efgh kernel: ixgbe 0000:0b:00.1 ens2f1: NIC Link is Down ens2f1 3 ijkl Jul 24 01:02:31 ijkl kernel: vmxnet3 0000:03:00.0 eth0: NIC Link is Down eth0 4 ijkl Jul 24 01:02:27 ijkl kernel: vmxnet3 0000:03:00.0 eth0: NIC Link is Down eth0   i would like to fetch hostname and NICDevice from this output and correlate this hostname and NICDevice with the initial query that you have given and fetch the details of nicSwitch* and also other details like app, location, etc... seems join is taking too much time and also found that, if a server has the NICDevice reported as down and if that NICDevice is not existing as nicName in the initial index.. the other details like, app, location details also not fetching. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-13-2020 04:48 AM