×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Dalidavinci_Wor
Explorer
Member since: ‎04-22-2022
‎04-22-2022
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎04-22-2022
Activity Feed
View All

Re: Powermax: Why does search bring in log entries...

by in Alerting
‎04-22-2022 11:23 AM
‎04-22-2022 11:23 AM
I am getting better results from the below query, but I would think there is a better way of excluding all except recent 1 day ndex="storage_vmax" sourcetype="dellemc:vmax:rest" type=ARRAY severity = * | search (severity!=NORMAL AND severity!=INFORMATION) created_date!="*-*-2021 *:*:*.*" | stats count by _time,source,created_date,reporting_level,severity,asset_id,array_id,type, state,description ... View more

Re: Powermax: Why does search bring in log entries...

by in Alerting
‎04-22-2022 11:16 AM
‎04-22-2022 11:16 AM
So does this  still go back to  changing the below? " data's sourcetype in the props.conf" Or can I run a query where created date or created_date is less than 2 days?  Presntly I have the below: index="storage_vmax" sourcetype="dellemc:vmax:rest" type=ARRAY severity = FATAL |search (severity!=NORMAL AND severity!=INFORMATION) | stats count by _time,source,created_date,reporting_level,severity,asset_id,array_id,type, state,description ... View more

Re: Powermax: Why does search bring in log entries...

by in Alerting
‎04-22-2022 10:41 AM
1 Karma
‎04-22-2022 10:41 AM
1 Karma
I will take this up with SPLUNK Admin to check for  " data's sourcetype in the props.conf"   Thanks! ... View more

Re: Powermax: Why does search bring in log entries...

by in Alerting
‎04-22-2022 10:30 AM
‎04-22-2022 10:30 AM
Hi, Yes, I am running this in the following timestamp " Complete 2,058 events (4/21/22 12:00:00.000 AM to 4/22/22 1:28:17.000 PM)" and it still shows data from last year   created_date source reporting_level severity asset_id array_id type state description count 2022-04-21 02:00:00 Jul-18-2021 20:37:33.000 ... View more

Powermax: Why does search bring in log entries fro...

by in Alerting
‎04-22-2022 09:46 AM
‎04-22-2022 09:46 AM
We have data coming in and we are still searching for a best practice on what alerts to monitor, however, my question is on the query below:  index="storage_vmax" sourcetype="dellemc:vmax:rest" type=ARRAY severity = FATAL |search (severity!=NORMAL AND severity!=INFORMATION) | stats count by _time,created_date,source,reporting_level,severity,asset_id,array_id,type, state,description Where I would like to bring in only what was created in the last 24 hours.. The problem with the existing query is that it is bring in created log entries from a year ago which are stale. If we are going to have SNOW open tickets we do not want it to so on stale data only new. Thanks, Dali   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-22-2022 03:50 PM
Karma from
View All