Hi Everyone, I have created the below query in Splunk to fetch the Error messages index=abc ns=blazegateway-c2 CASE(ERROR)|rex field=_raw "(?<!LogLevel=)ERROR(?<Error_Message>.*)"|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")| cluster showcount=t t=0.3|table app_name, Error_Message ,cluster_count,_time, environment, pod_name,ns |dedup Error_Message| rename app_name as APP_NAME, _time as Time, environment as Environment, pod_name as Pod_Name, cluster_count as Count I observe that for particular Error message like below: [reactor-http-epoll-4,cd5411f55ef5b309d8c4bc3f558e8af2,269476b43c74118e,01] reactor.core.publisher.Operators - Operator called default onErrorDropped Count is coming as 42.Although the Event with this Error Messages are 13 only. I want to know is this the problem with cluster_count . How the cluster is working in splunk. Is my query taking cluster_count instead of actual counts. Can someone guide me on this. ... View more

Hi Everyone , I have two applications and I have created dashboards forteh apps: index=epaas_epaas2_idx ns=blazegateway app_name=blazecrsgateway* I need to get the below info: Total YTD Volume for PSF Push API Total Volume to GRS YTD Can someone guide me how we can get the above two information with index,ns and app name. ... View more

Hi Team,   Can  someone guide me how can I extract the logs from the below raw data: 1)Need to Extract the id  5d302144-3cab-387d-8e8c-2532a32b78fe 2) Need to Extract the Starting Time and the Stopping Time 2021-09-01 22:08:48 , 329 INFO [ main ] o.a.n.controller.StandardProcessorNode Starting SalesforceBulkAPIJobStatusProcessorV1 [ id=5d302144-3cab-387d-8e8c-2532a32b78fe] 2021-08-20 12:53:23 , 476 INFO [ main ] o.a.n.controller.StandardProcessorNode Stopping processor: SalesforceBatchJobStatusProcessor [ id=11c59e11-4bc5-3bbb-9fea-3c12407f3aa2]   Can someone please guide me on this  ... View more

Hi Team, Can someone tell me the difference between -1d@d and -1d.. ... View more

Hi Everyone, I need to create one variable using Eval my variable name is  - JOB_EXEC_TIME how can I create a variable using eval. And then I need to pass it in below query: timechart sum(JOB_EXEC_TIME) as TotalExecTime by JOB_NM Can someone guide me How can I do this in splunk. ... View more

Hi Everyone, I am using Timechart on two same queries but their sorting is different.But still the same values are coming for both the queries. Can someone guide me why. Below are my queries: index=abc source="/splunkLogs/JOB_NIFI_STATS_FOR_PLATINUM.csv"| eval fields=split(_raw,",") |eval Environment=mvindex(fields,10)|eval NIFI_PG_ID=mvindex(fields,9) |eval JOB_EXEC_TIME=mvindex(fields,5)|eval RunDate2=mvindex(fields,8)|eval JOB_STATUS=mvindex(fields,2)|eval JOB_NM=mvindex(fields,0)|where Environment="E3"|eval Run_Date=strptime(RunDate2,"%Y%m%d") |fieldformat Run_Date=strftime(Run_Date,"%d/%b/%Y")|timechart sum(JOB_EXEC_TIME) as TotalExecTime by JOB_NM |eval TotalExecTime=round(TotalExecTime,2)|sort -TotalExecTime    index=abc source="/splunkLogs/JOB_NIFI_STATS_FOR_PLATINUM.csv"| eval fields=split(_raw,",") |eval Environment=mvindex(fields,10)|eval NIFI_PG_ID=mvindex(fields,9) |eval JOB_EXEC_TIME=mvindex(fields,5)|eval RunDate2=mvindex(fields,8)|eval JOB_STATUS=mvindex(fields,2)|eval JOB_NM=mvindex(fields,0)|where Environment="E3"|eval Run_Date=strptime(RunDate2,"%Y%m%d") |fieldformat Run_Date=strftime(Run_Date,"%d/%b/%Y")|timechart sum(JOB_EXEC_TIME) as TotalExecTime by JOB_NM |eval TotalExecTime=round(TotalExecTime,2)|sort TotalExecTime  Can someone guide me where I am wrong. ... View more