Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About cdaviet
cdaviet
Explorer
Member since:
09-23-2021
08-11-2023
Community Statistics
| Posts | 8 |
| Solutions | 1 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 09-23-2021 |
Activity Feed
- Posted Re: How to change segmenters to make my data working with PREFIX directive in tstats? on Getting Data In. 08-11-2023 12:25 AM
- Karma Re: How to change segmenters to make my data working with PREFIX directive in tstats? for burwell. 08-11-2023 12:25 AM
- Tagged Re: How to change segmenters to make my data working with PREFIX directive in tstats? on Getting Data In. 08-11-2023 12:25 AM
- Posted How to change segmenters to make my data working with PREFIX directive in tstats? on Getting Data In. 08-10-2023 02:53 AM
- Tagged How to change segmenters to make my data working with PREFIX directive in tstats? on Getting Data In. 08-10-2023 02:53 AM
- Tagged How to change segmenters to make my data working with PREFIX directive in tstats? on Getting Data In. 08-10-2023 02:53 AM
- Tagged How to change segmenters to make my data working with PREFIX directive in tstats? on Getting Data In. 08-10-2023 02:53 AM
- Tagged How to change segmenters to make my data working with PREFIX directive in tstats? on Getting Data In. 08-10-2023 02:53 AM
- Posted How to change background color of navbar ? (Splunk 8.2) on Dashboards & Visualizations. 03-08-2022 05:37 AM
- Posted Re: How to compute next cron iteration from _raw event? on Splunk Search. 02-14-2022 11:42 PM
- Posted Re: How to compute next cron iteration from _raw event on Splunk Search. 02-14-2022 11:42 PM
- Posted Re: How to compute next cron iteration from _raw event on Splunk Search. 02-14-2022 01:33 AM
- Posted How to compute next cron iteration from _raw event? on Splunk Search. 02-14-2022 01:15 AM
- Karma Syslog forwarding/routing with Heavy Forwarder is sending more logs than excepted for davietch. 09-23-2021 06:26 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
08-11-2023
12:25 AM
Hi burwell, thanks for taking the time to answer. I actually ran a test on Splunk Enterprise (was doing it on our SplunkCloud production env) and it works! So it looks like SplunkCloud does not allow to change this kind of parameters... That's sad. Anyway, thanks!
... View more
- Tags:
- hi
08-10-2023
02:53 AM
Hi, I'm trying to use the PREFIX directive in TSTATS (here : https://docs.splunk.com/Documentation/Splunk/9.1.0/SearchReference/Tstats#Use_PREFIX.28.29_to_aggregate_or_group_by_raw_tokens_in_indexed_data). In the docs, it says that it can work with data that does not contain major breakers such as spaces. My data contains spaces so I decided to try to change the major breakers this way: props.conf: [test_sourcetype]
SEGMENTATION = test_segments segmenters.conf: [test_segments]
MAJOR = \t
MINOR = / : = @ . - $ # % \\ _ [ ] < > ( ) { } | ! ; , ' " * \n \r \s & ? + %21 %26 %2526 %3B %7C %20 %2B %3D -- %2520 %5D %5B %3A %0A %2C %28 %29 This way, only the tab (\t) is considered as a major breaker. I applied this, restarted and tried to ingest a line of log with the sourcetype "test_sourcetype". Unfortunately, it seems the segmenters.conf does not work because it keeps breaking with a space for example. I also tried to remove all MINOR and keep only MAJOR, but no luck: MAJOR = \t MINOR = Have I made a mistake? Is it possible to do what I want? I think so because in this .conf presentation (https://conf.splunk.com/files/2020/slides/PLA1089C.pdf) they mention it briefly (page 37). Should I also use SEGMENTATION-<segment selection> = <segmenter> in props.conf ? The docs says it is for SplunkWeb but I am considering all options... Thanks
... View more
Labels
- Labels:
-
indexer
03-08-2022
05:37 AM
Hello, First, I already read this post : https://community.splunk.com/t5/Dashboards-Visualizations/Background-color-in-navbar-is-gone-in-7-1-and-7-2/td-p/359770 And tried its solution. It works sometimes but not all the times. My guess is that the div isn't always there for some reason. I opened the developer console in Chrome, and it seems that the objet's name is ".view---pages-enterprise---8-2-2-1---1zrJY". As you can see, there is the splunk version inside it. And it changes with dark mode: ".view---pages-dark---8-2-2-1---2d_9P" Do you have also this behavior and how can I successfully change the background color of the navbar accross Splunk upgrades? Thanks 🙂
... View more
Labels
- Labels:
-
CSS
02-14-2022
11:42 PM
I tried it but I've got errors using the command
... View more
02-14-2022
01:33 AM
No, the cron expression is in the _raw event. I don't have the interval.
... View more
02-14-2022
01:15 AM
Hi,
I have a last run epoch time and a cron schedule (i.e. : "*/5 * * * *") in an _raw event and I'd like to parse these information to output the next run.
Do you have any idea how to do this?
I found this addon :https://splunkbase.splunk.com/app/4078/ but it does not allow me to use a custom "last run time" and always takes the earliest time of my search as an input.
Thanks 🙂
... View more
- Tags:
- splunk-search
Labels
- Labels:
-
eval
