About omera

omera · ‎04-25-2022

Hi Thomas, can you give a detailed explanation on how you changed the format for events? It would be superb if you gave us the splunk docs link. We are experiencing the same issue.

omera · ‎03-29-2022

Hi somesoni2. I'm adding the field to the search by going over the field that Splunk has found and pressing add to search. So Splunk adds it from the results it has generated. But after it adds it to the search it doesn't show the events.

omera · ‎03-29-2022

When we are doing searches on Splunk we are encountering a strange issue. For example, when I add sc4s_fromhostip=... to the search I can't see all the events, sometimes I can't see any results. Normally there are events. When I check with stats (... | stats count by sc4s_fromhostip) I can see the number of events. When I put a wildcard * to the end (sc4s_fromhostip=...*) then the number of events increases but still it doesn't show all of them. If I do an eval and make a copy of the sc4s_fromhostip field it works properly and I can see all the results. Like ... | eval a=sc4s_fromhostip | a=… * This happens on all the search heads in the cluster and outside the cluster. * If I change the user it still continues. Did anyone encounter a similar issue before?

omera · ‎10-25-2021

Hi I am getting the same error @sivaksk147 gets (Unable to initialize modular input "server" defined in the app "splunk_app_db_connect": Introspecting scheme=server: script running failed (exited with code 1)). After the db connect app installation if I try to start the app splunk crashes and I need to start it again. I'm a mac user. Is there any solution. Thanks

Posts	4
Solutions	0
Karma Given	5
Karma Received	0
Member Since	‎10-25-2021

Online Status	Offline
Date Last Visited	‎08-26-2022 11:02 AM

Why is Splunk Search Not Working Properly?

Re: Query with wildcard works, but not with actual...

Re: Splunk Search Not Working Properly

Why is Splunk Search Not Working Properly?

Re: Unable to initialize modular input "server" de...