Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About dordavid
dordavid
Explorer
Member since:
08-16-2020
12-01-2020
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 2 |
| Member Since | 08-16-2020 |
Activity Feed
- Posted Re: splunk event identifier on Splunk Search. 11-18-2020 05:11 AM
- Posted Re: splunk event identifier on Splunk Search. 11-18-2020 04:45 AM
- Posted splunk event identifier on Splunk Search. 11-18-2020 04:32 AM
- Got Karma for Re: How to search a field which contain text from another field?. 11-17-2020 04:07 AM
- Got Karma for How to search a field which contain text from another field?. 11-17-2020 04:04 AM
- Posted Re: How to search a field which contain text from another field? on Splunk Search. 11-17-2020 03:59 AM
- Posted How to search a field which contain text from another field? on Splunk Search. 11-17-2020 03:16 AM
- Posted Limit Max line in every row in a table (like in list) on Splunk Search. 11-11-2020 01:54 AM
- Posted Configure UF - To Clustered index on Getting Data In. 08-16-2020 01:50 PM
- Karma Re: configure universal forwarder with cluster master for gcusello. 08-16-2020 09:53 AM
- Posted Re: configure universal forwarder with cluster master on Getting Data In. 08-16-2020 04:17 AM
- Posted configure universal forwarder with cluster master on Getting Data In. 08-16-2020 04:05 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 |
11-18-2020
05:11 AM
@gcusello usually my message field is very long - sometimes 150 rows length, so i used substr function on my message field, so actually my my message seems like: eval message=substr(message, 1, 1000) - (only first 1000 chars) i want to click on the message value and display an hidden panel will show a table with the chosen raw. i try to do: message=$row.message$ but sometimes i got errors like: "unbalanced quotes" - [because of the substr]. so i think to use _cd of event to do the search
... View more
11-18-2020
04:45 AM
hey @gcusello i want to create one big table: index=a | table name last name message i want to drill down to another hidden table: when i will click on the message value -> an hidden panel will be seen with a table that show the only the chosen raw. i want to drill down with a query like: index=a identifier=???? | table name last name message
... View more
11-18-2020
04:32 AM
hey there 🙂 i'm trying to make a table with the next fields: name, last name and message: index a | table name last name message i want to add the identifier of event to my table - (the identifier which splunk generate (c_id?) ) how can i done that?
... View more
11-17-2020
03:59 AM
1 Karma
i will give u an example: i have a two fields: 1) message 2) str - lets assume that str contains the string "high cpu". - i want to search all the logs which their message field contain the value of str: all the logs which their message field contain "high cpu". -i want to do it dynamically - something like that: index = a | search message= {str}* // all logs with message field which contain the content of str field
... View more
11-17-2020
03:16 AM
1 Karma
Hey, i want to search a field and get all the results which contain a value from another field. For example: I have 2 fields: message and str. I want to get all the logs which their message field contain the value of str field. how can i do that?
... View more
11-11-2020
01:54 AM
hey, i got a search like: index = a | table timestamp, id , name, age, message i want to display only the first 10 rows of the field message with an option to show the complete message field (i dont want to use substr - beacuse it's change the field content) thanks
... View more
08-16-2020
01:50 PM
Hello everyone, background: I want to create new Splunk environment. i'm still in a learning process - i'm new to splunk. My environment today includes: - 3 indexers - 3 search heads - 1 cluster master that also serves as a License master - 1 Universal forwarder ** [ All servers are Linux servers ] ** ___________________________________________________________________________ I want to build my Splunk environment in a "Cluster configuration mode": I want to send data from the universal forwarder to the Cluster master, and from there to my indexers. My main target is to collect logs from different application servers [by sending me syslog or http] in order to monitor their status: I want to create a unique index for each app: for example, the logs that are sent from an app called app1 will go into an index called "index_app1" ___________________________________________________________________________ I would like to get help with those following questions: 1. How can i check if the cluster master know the universal forwarder? How do I check it? 2. I want to understand how I configure in the "Inputs.conf file" of a my universal forwarder: I want to allow each app to send logs to uf in different port [in tcp or in udp]: for example: - Application A will send logs to my universal-forwarder in port 4928 , application B will send logs to my universal-forwarder in port 4929 3. How can I send the messages to the cluster master and to recognize what the correct index which the messages belong: All messages that which sent from application A will be under index_app1 All messages that which sent from application B will be under index_app2 Thank you for help!
... View more
Labels
08-16-2020
04:17 AM
i entered to the cluster master GUI and into: [setting ->forwarder management] i didn't see any forwarder and i don't understand how to fix it
... View more
08-16-2020
04:05 AM
Hey, i have 3 indexes and 3 Search heads. i also have a cluster master server. i'm trying to connect my universal-forwarder in order to send logs from remote servers to the indexers (through the cluster master) how can i to configure the connection between the UF and the clusterMaster? Thanks u for helping!
... View more
Labels
- Labels:
-
indexer
-
inputs.conf
-
universal forwarder
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-01-2020
04:10 PM
|
