Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About dmuley
dmuley
Explorer
Member since:
06-10-2022
04-06-2023
Community Statistics
| Posts | 15 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 0 |
| Member Since | 06-10-2022 |
Activity Feed
- Posted Kubernetes - application logs on Getting Data In. 04-06-2023 07:52 AM
- Posted Re: How to fetch REQUEST and RESPONSE events based on clientIP mentioned in third event of HEADER? on Splunk Search. 06-30-2022 11:01 AM
- Posted How to fetch REQUEST and RESPONSE events based on clientIP mentioned in third event of HEADER? on Splunk Search. 06-30-2022 07:41 AM
- Posted Re: remove specific xml element with attribute (only start tag) on Splunk Enterprise Security. 06-15-2022 11:33 PM
- Karma Re: remove specific xml element with attribute (only start tag) for ITWhisperer. 06-15-2022 11:33 PM
- Posted Re: remove specific xml element with attribute (only start tag) on Splunk Enterprise Security. 06-15-2022 11:23 PM
- Posted Re: need help to remove xml tag with attribute on Splunk Search. 06-15-2022 10:27 PM
- Karma Re: Splunk search based on eventType dynamic table value for ITWhisperer. 06-15-2022 10:15 PM
- Posted need help to remove xml tag with attribute on Splunk Search. 06-15-2022 09:50 PM
- Posted How to remove specific xml element with attribute (only start tag)? on Splunk Enterprise Security. 06-15-2022 08:42 PM
- Posted Re: Splunk search based on eventType dynamic table value on Splunk Search. 06-15-2022 03:25 AM
- Posted Re: Splunk search based on eventType dynamic table value on Splunk Search. 06-13-2022 12:24 AM
- Karma Re: Splunk search based on eventType dynamic table value for ITWhisperer. 06-13-2022 12:23 AM
- Posted Re: Splunk search based on eventType dynamic table value on Splunk Search. 06-12-2022 11:29 PM
- Posted Re: Splunk search based on eventType dynamic table value on Splunk Search. 06-12-2022 10:09 PM
- Posted Re: Splunk search based on eventType dynamic table value on Splunk Search. 06-12-2022 09:53 PM
- Posted Re: Splunk search based on eventType dynamic table value on Splunk Search. 06-12-2022 09:41 PM
- Karma Re: Splunk search based on eventType dynamic table value for ITWhisperer. 06-12-2022 09:36 PM
- Posted Help with Splunk search based on eventType dynamic table value on Splunk Search. 06-11-2022 11:33 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-06-2023
07:52 AM
Hello Team, I am new to Kubernetes and splunk, I have a requirement to push logs that are generated from my spring boot app running under k8s pods to splunk, How can I forward the logs that are generating under pod ? I can access the logs by using the command kubectl logs <pod-name>
... View more
Labels
- Labels:
-
universal forwarder
06-30-2022
11:01 AM
@VatsalJagani thanks you it works till stats but search command (lastline) is not giving any output unfortunately even though data is present.
... View more
06-30-2022
07:41 AM
2022-06-12 21:51:42.274 threadId=L4C9D6WIYK2K eventType="RESPONSE" data="<TestRQ>sometestdata</TestRQ>" 2022-06-12 21:51:41.274 threadId=L4C9D6WIYK2K eventType="REQUEST" data="<TestRQ>sometestdata</TestRQ>" 2022-06-12 21:51:40.274 threadId=L4C9D6WIYK2K eventType="HEADER" data="clientIP=101.121.22.11"
Hello Team,
I have the series of events as shown above and if you see one of the event having eventType="HEADER" I have clientIP in data field .
I need to fetch REQUEST and RESPONSE events based on clientIP mentioned in third event of HEADER. Common UNIQUEID between all 3 events is threadID , How can I achieve this in splunk query ?
new to splunk i am just good in basic searches.
index= test eventType="HEADER" clientIP=101.121.22.11------>> and pass on the threadID to fetch the eventType="REQUEST" eventType="RESPONSE"
@ITWhisperer
... View more
06-15-2022
11:33 PM
Yes you are such a kind person. thanks a lot @ITWhisperer
... View more
06-15-2022
11:23 PM
@ITWhisperer Sorry but this is specific element and its placement is not necessarily to start of the data field. So in short I need to remove anything that starts with <InfoNox_Interface and ends with >. below string should be replaced with nothing. <InfoNox_Interface xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
... View more
06-15-2022
10:27 PM
this is not first element (but specific element) always and since we dont have access to rops.conf need solution to get pure data while querying @richgalloway
... View more
06-15-2022
09:50 PM
I have the event that looks like below 2022-06-15 19:59:57.489 threadId=L4GFP2275S1K class="ActiveSession" mname="NA" callId="NA" eventType="InMsg" data="<InfoNox_Interface xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><TestRQ><Merchant_ID>testmid</Merchant_ID></TestRQ>" and I would like to remove below xml element with attribute from data fields , How can I do that ? <InfoNox_Interface xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> Results I want is 2022-06-15 19:59:57.489 threadId=L4GFP2275S1K class="ActiveSession" mname="NA" callId="NA" eventType="InMsg" data="<TestRQ><Merchant_ID>testmid</Merchant_ID></TestRQ>"
... View more
Labels
- Labels:
-
eval
06-15-2022
08:42 PM
I have the event that looks like below
2022-06-15 19:59:57.489 threadId=L4GFP2275S1K class="ActiveSession" mname="NA" callId="NA" eventType="InMsg" data="<InfoNox_Interface xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><TestRQ><Merchant_ID>testmid</Merchant_ID></TestRQ>"
and I would like to remove below xml element with attribute from data fields , How can I do that ?
<InfoNox_Interface xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Results I want is
2022-06-15 19:59:57.489 threadId=L4GFP2275S1K class="ActiveSession" mname="NA" callId="NA" eventType="InMsg" data="<TestRQ><Merchant_ID>testmid</Merchant_ID></TestRQ>"
@ITWhisperer
... View more
Labels
- Labels:
-
correlation search
06-15-2022
03:25 AM
@ITWhisperer Please can you help to get root name of xml under data node and add it in table with count of occurences per thread ? 2022-06-12 21:51:42.274 threadId=L4C9D6WIYK2K class="HttpConnector" mname="Adapter_Connector" callId="F2JAMR29ZCE5" eventType="REQUEST" data="<TestRQ><Device_Info><Device_Type>GATEWAY</Device_Type><conf Name="test1"/><conf Name="test2">NONE</conf><conf Name="test3">Y</conf></Device_Info><Request_Version>3.0</Request_Version><EMV><TAG isEncrypted="false" sierra="Y" tagDescription="KernalVersionNumber" tagLength="0F" tagName="DF79">DF790F36</TAG></EMV></TestRQ>" I need to get data count TestRQ 1 20 OtherRQ 10 etc
... View more
06-13-2022
12:24 AM
Perfect it works. thank you much @ITWhisperer
... View more
06-12-2022
11:29 PM
index="test" eventType="*" | eval length=len(threadId) | where length = 12 | eval {eventType}=data | stats values(*) as * by threadId | table threadId REQUEST RESPONSE When I am using above query it only displays xml till conf tag's name attribute and removes all contents after that. <TestRQ><Device_Info><Device_Type>GATEWAY</Device_Type><conf Name= I am expecting to recieve full xml in tables column. @ITWhisperer
... View more
06-12-2022
10:09 PM
<TestRQ><Device_Info><Device_Type>GATEWAY</Device_Type><conf Name="test1"/><conf Name="test2">NONE</conf><conf Name="test3">Y</conf></Device_Info><Request_Version>3.0</Request_Version><EMV><TAG isEncrypted="false" sierra="Y" tagDescription="KernalVersionNumber" tagLength="0F" tagName="DF79">DF790F36</TAG></EMV></TestRQ> This is how one of the data field looks like in our 1 event and I want extract all fields that are in data . @ITWhisperer 2022-06-12 21:51:42.274 threadId=L4C9D6WIYK2K class="HttpConnector" mname="Adapter_Connector" callId="F2JAMR29ZCE5" eventType="REQUEST" data="<TestRQ><Device_Info><Device_Type>GATEWAY</Device_Type><conf Name="test1"/><conf Name="test2">NONE</conf><conf Name="test3">Y</conf></Device_Info><Request_Version>3.0</Request_Version><EMV><TAG isEncrypted="false" sierra="Y" tagDescription="KernalVersionNumber" tagLength="0F" tagName="DF79">DF790F36</TAG></EMV></TestRQ>"
... View more
06-12-2022
09:53 PM
frankly not sure. dealing with splunk admin from company tooks longer than fixing by our self. Is there any way to extract key value from xml ? @ITWhisperer I really appreciate your help on this.
... View more
06-12-2022
09:41 PM
@ITWhisperer this works thank you. also do you mind in sharing how can I remove double quotes from xml String having attribute ? <root1res> <a test="testdata">hi</a> </root1res> Currently after pulling info I m just receiving upto <a test= I already tried | eval data1=replace(data,"\"","") but its not working
... View more
06-11-2022
11:33 PM
Hello Team, I am new to splunk and have requirement to create table based on raw data
This is how the data looks in splunk
Date threadId=ABC123 eventType=”InMsg” data=”<rootrq><a>hi</a></rootrq>”
Date threadId=ABC123 eventType=”thirdPartyReq” data=”<root1req><a>hi</a></root1req>”
Date threadId=ABC123 eventType=” thirdPartyRes” data=”<root1res><a>hi</a></root1res>”
Date threadId=ABC123 eventType=”OutMsg” data=”<rootrs><a>hi</a></rootrs>”
and wanted to create table like below. Please can some one help? threadId is common for all four records.
index=test |
date
threadId
InMsg
OutMsg
thirdPartyreq
thirdprtyRes
date
ABC123
<rootrq><a>hi</a></rootrq>
<rootrs><a>hi</a></rootrs>
<root1req><a>hi</a></root1req>
<root1res><a>hi</a></root1res>
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-06-2023
11:23 AM
|
