Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About akashsawant
akashsawant
Explorer
Member since:
01-14-2022
09-01-2023
Community Statistics
| Posts | 7 |
| Solutions | 1 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 01-14-2022 |
Activity Feed
- Posted Re: deployment server not updating inputs.conf on clients on Getting Data In. 09-01-2023 01:07 PM
- Posted Re: How to create live alert result into report to fetch historic data on Alerting. 06-01-2022 08:06 AM
- Posted Re: How to create live alert result into report to fetch historic data on Alerting. 06-01-2022 06:38 AM
- Posted How to create live alert result into report to fetch historic data on Alerting. 05-31-2022 01:14 PM
- Tagged How to create live alert result into report to fetch historic data on Alerting. 05-31-2022 01:14 PM
- Tagged How to create live alert result into report to fetch historic data on Alerting. 05-31-2022 01:14 PM
- Tagged How to create live alert result into report to fetch historic data on Alerting. 05-31-2022 01:14 PM
- Posted Re: How to create alert when no set message for X minutes from particular source type on host on Alerting. 01-18-2022 05:37 AM
- Karma Re: How to create alert when no set message for X minutes from particular source type on host for isoutamo. 01-14-2022 07:28 AM
- Posted How to create alert when no set message for X minutes from particular source type on host on Alerting. 01-14-2022 02:16 AM
- Tagged How to create alert when no set message for X minutes from particular source type on host on Alerting. 01-14-2022 02:16 AM
- Tagged How to create alert when no set message for X minutes from particular source type on host on Alerting. 01-14-2022 02:16 AM
- Tagged How to create alert when no set message for X minutes from particular source type on host on Alerting. 01-14-2022 02:16 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
09-01-2023
01:07 PM
@pc1 Can you please advise the solution if you manage to resolve this issue. Thanks!
... View more
06-01-2022
08:06 AM
never mind @venky1544 , My bad i forgot to define KV store lookup. Now I can able to throw my search result in Akash-KV.
... View more
06-01-2022
06:38 AM
Thanks @venky1544 I created lookup but when I trying to throw in that lookup getting weird errors, DO you have any idea on this please ? | mstats avg(_value) AS CommittedMemoryInBytes WHERE index=xyz AND metric_name=Memory.Committed_Bytes by host
| join host [search index=abc sourcetype=WHM source=operatingsystem TotalPhysicalMemoryKB=*]
| eval PercentCommittedMemory = round( (CommittedMemoryInBytes*pow(2,-30)) / (TotalPhysicalMemoryKB*pow(2,-20) )*100,2)
| where PercentCommittedMemory > 115
| table host,PercentCommittedMemory,CommittedMemoryInBytes,TotalPhysicalMemoryKB
| outputlookup Akash-KV
... View more
05-31-2022
01:14 PM
Present scenario: We have alert " high memory " detect systems if memory hits the set threshold ( if Committed Memory usage is over 115% ) - Running on schedule every hour at 15 minutes past hour Requirement : This alert give us kind of live result but We need historic data in terms of report so that we can do review at the end of month to understand Host "Alpha" caught into this alert for x times in month , Host "beta" caught into this alert for y times ...so on. Basically need to find particular host how frequently and how many times having high memory. | mstats avg(_value) AS CommittedMemoryInBytes WHERE index=xyz AND metric_name=Memory.Committed_Bytes by host
| join host [search index=abc sourcetype=WHM source=operatingsystem TotalPhysicalMemoryKB=*]
| eval PercentCommittedMemory = round( (CommittedMemoryInBytes*pow(2,-30)) / (TotalPhysicalMemoryKB*pow(2,-20) )*100,2)
| where PercentCommittedMemory > 115
| table host,PercentCommittedMemory,CommittedMemoryInBytes,TotalPhysicalMemoryKB Any help will be appreciated.
... View more
Labels
- Labels:
-
alert action
01-18-2022
05:37 AM
Thanks @isoutamo for your time and suggestion. I made it work using following search: index= ABC source="xyz.ps1" host = WWW-* Message="Beginning of xyz.ps1 Execution" | dedup host | eval age=now()-_time | where age > 3600 | table _time host age Note: 3600 means 60 minutes ( 60 x 60 )
... View more
01-14-2022
02:16 AM
Hello, We have a PowerShell script job ( xyz.ps1 ) run on all hosts every 10 minutes and when it starts write message in to EV Application log as "Beginning of xyz.ps1 Execution " , We found sometime that xyz.ps1 gets stuck into weird state and we didnt see message in last 60 minutes for some hosts. I was able to create alert where i get list of hosts which shows that message. But I am exactly looking for : I want to set an alert in splunk which will report host name where we dont see "Beginning of xyz.ps1 Execution" message in last 60 minutes , So that I'll get to know these hosts where script didnt execute well. search: index= ABC source="xyz.ps1" host = WWW-* "Beginning of xyz.ps1 Execution" | table _time host | dedup host | eval age=now()-_time | where age > 60 Is above search is correct ? Thanks for your suggestions
... View more
Labels
- Labels:
-
alert action
-
alert condition
