×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
markturner14
Explorer
Member since: ‎08-25-2020
‎07-29-2025
Community Statistics
Posts 9
Solutions 0
Karma Given 4
Karma Received 1
Member Since ‎08-25-2020
Activity Feed
View All

Re: Remove missing forwarders, that have been perm...

by in Splunk Cloud Platform
‎07-29-2025 08:26 AM
‎07-29-2025 08:26 AM
Many thanks for the replies guys. That was what i was missing. ... View more

Remove missing forwarders, that have been permanen...

by in Splunk Cloud Platform
‎07-28-2025 04:39 AM
‎07-28-2025 04:39 AM
Hi All, I`m looking to remove missing forwarders, where the servers have been permanently removed, reported by CMC. I cannot see anyway of doing this.  Is this something that i have to raise a support case for? many thanks Mark ... View more
Labels

Re: Joining to sourcetypes together from same inde...

by in All Apps and Add-ons
‎03-21-2023 08:39 AM
‎03-21-2023 08:39 AM
Hi Giuseppe,  thanks for the quick response. This is related to VMware and and the tasks and events data - so the value in the info.task.moid and task.moid will match - but will be different for each task/event So i was hoping i could join the two fields from the different sourcetypes based on the same unique values that return from those two fields in those two sourcetypes. It is not essential for what I`m doing - I`m just looking to enrich the data a little more/ thanks ... View more

How to join two sourcetypes together from same ind...

by in All Apps and Add-ons
‎03-21-2023 07:22 AM
‎03-21-2023 07:22 AM
Hi All, I`m looking to combine the two  searches below.  I have been messing around with it, but I don`t do this alot! - but I thought rather than put in my ramblings I would ask the basic need of the question. I basically want the 'state', 'startTime' and 'completeTime' from the second search to be added to the first search # search 1 index=vmware-taskevent sourcetype=vmware_inframon:events fullFormattedMessage="Task:*" | stats by info.entityName fullFormattedMessage info.entity.type info.queueTime userName vm.name computeResource.name createdTime info.task.moid | sort createdTime | table info.entityName fullFormattedMessage info.entity.type info.queueTime userName vm.name computeResource.name createdTime info.task.moid # search 2 index=vmware-taskevent sourcetype="vmware_inframon:tasks" | stats by entityName name queueTime startTime completeTime entity.type state reason.userName task.moid | table entityName name queueTime startTime completeTime entity.type state reason.userName task.moid There are common results from fields but not common field names.  Ie sourcetype=vmware_inframon:events has 'info.task.moid' and sourcetype="vmware_inframon:tasks" has 'task.moid' and the results from this field matches. This is the same for info.entityName and entityName ... View more
Labels

Re: Splunk 8.2 default Python3 not workin with Fil...

by in Getting Data In
‎12-13-2021 01:07 AM
‎12-13-2021 01:07 AM
Many thanks @richgalloway,  yes that works. ta ... View more

Splunk 8.2 default Python3 not workin with File/Di...

by in Getting Data In
‎12-10-2021 08:41 AM
‎12-10-2021 08:41 AM
Hi @Anonymous  / @Anonymous  I have recently started using your "File/Directory Information Input" app. I believe that it does not work with splunk python3 - which is the default version in splunk8.  Is this something that you still work on and maintain? I have been able to get it working if I set splunk system/server.conf to "python.version = python2".  It would be better though if I could set this within the app and not splunk system wide. In general it has been working for me when I use within a UF that has the latest version of python2,  so 2.7.5-89 works in Linux. It does have some issues around the 'file_filter` when filtering, this again seemed to work closer to as expected for me when python2 was patched to latest minor release version of 2.7.5-89 But when it works it is great and does exactly what I want, so thank you very much regards ... View more
Labels

Re: Regex help for a newby please

by in Getting Data In
‎11-26-2020 01:38 PM
‎11-26-2020 01:38 PM
Perfect,  thanks @richgalloway  and all for the fast supportive responses. Works as expected  ... View more

Regex help for a newby please

by in Getting Data In
‎11-26-2020 11:41 AM
1 Karma
‎11-26-2020 11:41 AM
1 Karma
Hi All,  looking for some assistance on what a regex would look like when every new line starts with an open bracket e.g. ( I am a complete novice with regex so asking how this would be achieved.  I kinda understand the error - just not how to resolve. my error is (from btool.log) btool-support - Bad regex value: '([\r\n]+)\s*('', of param: props.conf / [<sourcetype] / LINE_BREAKER; why: missing closing parenthesis   Many thanks ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-29-2025 08:24 AM
Karma from
View All
Karma given to