Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About deepakgarg1373
deepakgarg1373
Loves-to-Learn Lots
Member since:
06-16-2022
04-04-2023
Community Statistics
| Posts | 14 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 06-16-2022 |
Activity Feed
- Posted Re: set of dashboards with in a dashboard on Dashboards & Visualizations. 04-04-2023 02:43 AM
- Posted Re: Splunk search via webhook on Reporting. 07-13-2022 05:50 AM
- Posted When I send the splunk search result data via webhook I am only getting only the first row, any alternative? on Reporting. 07-13-2022 03:57 AM
- Tagged When I send the splunk search result data via webhook I am only getting only the first row, any alternative? on Reporting. 07-13-2022 03:57 AM
- Posted Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-22-2022 07:35 AM
- Posted Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-22-2022 07:08 AM
- Posted Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-22-2022 06:55 AM
- Posted Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-22-2022 06:54 AM
- Tagged Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-22-2022 06:54 AM
- Posted Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-19-2022 11:43 PM
- Tagged Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-19-2022 11:43 PM
- Posted Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-17-2022 02:15 AM
- Posted Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-17-2022 02:08 AM
- Posted Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-17-2022 01:50 AM
- Posted Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-16-2022 11:55 PM
- Posted Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-16-2022 11:54 PM
- Tagged Re: Splunk not ignoring field with NOT in subsearch on Splunk Search. 06-16-2022 11:54 PM
- Posted Why is Splunk not ignoring field with NOT in subsearch? on Splunk Search. 06-16-2022 07:14 AM
Topics I've Started
04-04-2023
02:43 AM
it opens the dashboard in another tab, can we open it in the same dashboard instead?
... View more
07-13-2022
03:57 AM
When I send the splunk search result data via webhook I am only getting only the first row. Is there any alternative to this?
... View more
- Tags:
- webhook
Labels
- Labels:
-
scheduled search
06-22-2022
07:35 AM
i have updated the query - will let it run for one day and will let you know if all good. THanks a LOT 🙂 @ITWhisperer
... View more
06-22-2022
06:55 AM
@ITWhisperer please help me.
... View more
06-22-2022
06:54 AM
another issue is - it will check for message and appname together - what if the same message is there in other app and it is still throwing an alert when that message is not relevent as that has come in other app already and can be ignored?
... View more
- Tags:
- subsearch
06-19-2022
11:43 PM
hello..i let the new query run for the weekend every 15 mins ...looks like my original query is giving me diff results and not getting the same 'message' using the updated query. when checked manually, the original query result seem to be genuine. so not sure why the updated query didnt capture the new error 'message'
... View more
- Tags:
- subsearch
06-17-2022
02:15 AM
ah simple table worked ..thanks a lot @ITWhisperer
... View more
06-17-2022
02:08 AM
Awesome, looks to be working 🙂 how can i remove 'days' and 'today' from the result but still get the filtered output?
... View more
06-17-2022
01:50 AM
there was one typo in my original query earliest=-15m latest=now index=wiweb host="*" LOG_LEVEL=ERROR OR LOG_LEVEL=FATAL OR logLevel=ERROR OR level=error | rex field=MESSAGE "(?<message>.{35})" | search NOT [ search earliest=-3d@d latest=-d@d index=wiweb host="*" LOG_LEVEL=ERROR OR LOG_LEVEL=FATAL OR logLevel=ERROR OR level=error | rex field=MESSAGE "(?<message>.{35})" | dedup message | fields message ] | stats count by message appname | search count>50 | sort appname , -count still your query holds true, right?
... View more
06-16-2022
11:55 PM
is there any other way i can use the same logic to exclude results with 100% success?
... View more
06-16-2022
11:54 PM
info : The limit has been reached for log messages in info.csv. 103 messages have not been written to info.csv. Refer to search.log for these messages or limits.conf to configure this limit.
... View more
- Tags:
- subsearch
06-16-2022
07:14 AM
this is my query
earliest=-15m latest=now index=** host="*" LOG_LEVEL=ERROR OR LOG_LEVEL=FATAL OR logLevel=ERROR OR level=error | rex field=MESSAGE "(?<message>.{35})" | search NOT [ search earliest=-3d@d latest=-d@d index=wiweb host="*" LOG_LEVEL=ERROR OR LOG_LEVEL=FATAL OR logLevel=ERROR OR level=error | rex field=MESSAGE "(?<message>.{35})" | dedup message | fields message ] | stats count by message appname | search count>50 | sort appname , -count
ALmost all the recurring 'message' is getting ignored but few of them still come in the result even if those are there in last 2 days (which should have been ignored which is what subsearch is doing) is there anything else i can do to run this query with 100% success?
... View more
Labels
- Labels:
-
subsearch
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-04-2023
04:04 PM
|
