Activity Feed
- Posted Re: How to extract the timestamp from csv file? on Dashboards & Visualizations. 01-27-2022 02:04 AM
- Posted How to extract the timestamp from csv file? on Dashboards & Visualizations. 01-26-2022 09:54 PM
- Posted Re: How to make the dashboard to display latest result by default on Splunk Search. 01-10-2022 10:58 PM
- Karma Re: How to make the dashboard to display latest result by default for gcusello. 01-10-2022 10:58 PM
- Posted How to make the dashboard to display latest result by default on Splunk Search. 01-10-2022 12:16 AM
- Posted Display trellis based on rows on Splunk Search. 12-21-2021 08:03 PM
- Posted Splunk did not read uploaded file into Splunk GUI until the end on Splunk Enterprise. 12-21-2021 12:56 AM
- Posted Splunk cannot read .log file on Splunk Search. 12-15-2021 10:39 PM
- Karma Re: Table format raw data for ITWhisperer. 12-11-2021 07:08 AM
- Posted Re: How to find maximum value on Splunk Enterprise. 12-09-2021 05:15 PM
- Posted Re: How to find maximum value on Splunk Enterprise. 12-08-2021 04:53 PM
- Posted Re: How to find maximum value on Splunk Enterprise. 12-07-2021 10:57 PM
- Posted How to find maximum value on Splunk Enterprise. 12-07-2021 07:45 PM
- Posted Configure CRC salt on Splunk Enterprise. 12-02-2021 07:26 PM
- Posted Indexing on Splunk Enterprise. 11-30-2021 11:09 PM
- Posted Re: Single Value Display text with colour on Splunk Enterprise. 11-28-2021 06:54 PM
- Posted Re: Visualization for single value on Splunk Enterprise. 11-28-2021 06:16 PM
- Posted Re: Visualization for single value on Splunk Enterprise. 11-26-2021 12:54 AM
- Posted Visualization for single value on Splunk Enterprise. 11-25-2021 10:35 PM
- Posted Single Value Display text with colour on Splunk Enterprise. 11-24-2021 06:47 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-27-2022
02:04 AM
Why did the 1/12/22 still come out as the result? Thank you
... View more
01-26-2022
09:54 PM
It configure the timestamp to be the date when I upload the file. I want the timestamp to be like the highlighted one. How can I do that?
... View more
Labels
- Labels:
-
Other
01-10-2022
10:58 PM
@gcusello Thank you for the solution
... View more
01-10-2022
12:16 AM
I have made my search query for all time because I have created dropdown for month date and year. But I want the search result to always display the latest result. How can I do that? I pass the date month and year to the search query. But f or the default, I want the dashboard to always display the latest result
... View more
Labels
- Labels:
-
timechart
12-21-2021
08:03 PM
This serach result will always return 3 rows. I want display all row but in trellis. For the first row, it is the memory utilization for CIC-1 For the second row, it is the memory utilization for CIC-2 For the third row, it is the memory utilization for CIC-3 How can I do the trellis to display based on rows? Do I need to add new column "Name" and insert CIC-1, CIC-2, CIC-3 to respective rows?
... View more
Labels
- Labels:
-
table
12-21-2021
12:56 AM
I have a text file that has 8824 lines. I have configured MAX_EVENT= 1000. Then, Splunk only read the file until line 7599. Why Splunk did not read my file till the end of file? Is there anything that I need to configure? It is a health check file. This is my BREAK_ONLY_BEFORE = CIC: Node IP Address|Service Status:|\-{10}|\={12}|Summary:|Memory Details on
... View more
Labels
- Labels:
-
configuration
12-15-2021
10:39 PM
I have health check file with extension .log. When I uploaded it to Splunk, it came out like this. The real file is like this Does anyone know what is the problem?
... View more
Labels
- Labels:
-
Other
12-09-2021
05:15 PM
fs-3 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 16G 4.0K 16G 1% /dev
tmpfs 16G 16K 16G 1% /dev/shm
tmpfs 16G 1.6G 15G 10% /run
tmpfs 16G 0 16G 0% /sys/fs/cgroup
/dev/mapper/rhgs-root 23G 8.3G 15G 37% /
/dev/vda1 1014M 91M 924M 9% /boot @ITWhisperer @bowesmana
... View more
12-07-2021
10:57 PM
12-07-2021
07:45 PM
I want to display the maixmum percentage and the mounted but I do not know the command. because the file is not in csv. It is a txt file and I use multikv to extract the field.
... View more
Labels
- Labels:
-
configuration
12-02-2021
07:26 PM
I want to configure CRC Salt but I am quite not sure how write it on inputs.conf. The directory on splunk is like this: /home/csaops/csasec/NFV/KPG_MIO_HC_Logs_2021-11-10-10.txt How do I configure this configuration?
... View more
Labels
- Labels:
-
configuration
11-30-2021
11:09 PM
I have indexed a file on Splunk but when I start searching, the file cannot be found. Do you know why it happened? For my last problem, it has been solved. Currently I am having a problem where the indexed file cannot be found. As you can see, I have indexed the /home/csaops/csasec/*.txt But when I searched for it, no result Do you guys know why this happened? It is not a binary data. It is a health check data
... View more
Labels
- Labels:
-
troubleshooting
11-28-2021
06:54 PM
When I want to enable trellis, it became like this. How can I enable trellis but only want the status which is OK in green?
... View more
11-28-2021
06:16 PM
source="KPG_MIO_HC_Logs_2021-11-14-10.txt" host="vm-splunk01" index="maxis_csasec_index" sourcetype="NFVInfrastructureMonitoring" "om-2 | CHANGED | rc=0 >>" OR "om-2 | FAILED | rc=0 >>" | search total used free shared buffers cached | multikv | eval percentage=round(used/total*100) | where percentage NOT NULL | table percentage This is the search query
... View more
11-26-2021
12:54 AM
Thank you so much! It works. I have 1 more question which is how can I remove the percentage which is the name of the field of the trellis.
... View more
11-25-2021
10:35 PM
I want to make the panel and the font smaller in size. So that I can put more panel in one line with the font visible. Does anyone know how to do this?
... View more
Labels
- Labels:
-
using Splunk Enterprise
11-24-2021
06:47 PM
How to make the words colourful? What needs to be added at the source? <option name="drilldown">none</option>
... View more
Labels
- Labels:
-
configuration
11-23-2021
04:50 PM
Why it said the command not found?
... View more
11-23-2021
06:16 AM
Do you know where is the props.conf? I have tried to find it but I failed to find it.
... View more
11-22-2021
05:40 PM
Can I configure BREAK_ONLY_BEFORE with this regex: ##################################################################|(pg-2 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(ss7-2 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(ss7-1 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(da-1 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(da-2 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(fs-3 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(fs-2 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(fs-1 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(om-1 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(pg-1 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(om-2 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(mms-1 \| [a-zA-Z0-9._%-]* \| rc=0 >>)|(mms-2 \| [a-zA-Z0-9._%-]* \| rc=0 >>) and SHOULD_LINEMERGE to true? My problem is , when I configure this, Splunk automatically added the regex that I have specified in BREAK_ONLY_BEFORE as LINE_BREAKER. So the result is not what I want. I want to keep the regex specified in the event. I do not want the LINE_BREAKER because it will remove the regex specified. Does anyone know what I should do for this?
... View more
Labels
- Labels:
-
sourcetype
11-15-2021
06:01 AM
I want to extract the Country and the Node. When I use the rex in regex101, it works fine. But when I put it on Splunk search, it did not extract the Country and the Node. Do you guys know where is my mistake? This is my search query. index="maxis_csaroam_index" source="/home/csaops/csaroam/*_MOS.csv"
| dedup Description
| table Description
| rex field=Description "(?<Country>[\w]+)(?<Node>[\w\- ]*\n)"
... View more
Labels
- Labels:
-
troubleshooting
11-14-2021
06:01 PM
I have a filename like this -11112021_MOS.csv -12112021_MOS.csv -13112021_MOS.csv I want to create drop down based on the date. How can I do that?
... View more
Labels
- Labels:
-
source
11-10-2021
06:15 PM
Yes it represents one event in Splunk. The raw data Monit 5.26.0 uptime: 320d 5h 28m
Program 'mio_tomcat'
status OK
monitoring status Monitored
monitoring mode active
on reboot start
last exit value 0
last output MIO_TOMCAT is running (pid:3994)
data collected Tue, 12 Oct 2021 10:02:30
Monit 5.26.0 uptime: 320d 5h 28m
Program 'mio_tomcat'
status OK
monitoring status Monitored
monitoring mode active
on reboot start
last exit value 0
last output MIO_TOMCAT is running (pid:2486)
data collected Tue, 12 Oct 2021 10:02:22 The spacing is the same for all events. The columns do line up for all events.
... View more
11-09-2021
11:24 PM
I want to extract the field that are on the left which are status, monitoirng status, monitoring mode and so on. Multikv command can be used when the header is at the first row. What command should I use in Splunk search if the header is at the first column?
... View more
Labels
- Labels:
-
field extraction
