Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About tomapatan
tomapatan
Path Finder
Member since:
09-27-2022
a week ago
Community Statistics
| Posts | 46 |
| Solutions | 4 |
| Karma Given | 4 |
| Karma Received | 1 |
| Member Since | 09-27-2022 |
Activity Feed
- Posted Re: timestamp format for incoming sourcetype on Getting Data In. 08-17-2023 05:29 AM
- Posted Re: timestamp format for incoming sourcetype on Getting Data In. 08-17-2023 05:23 AM
- Posted What is the timestamp format for incoming sourcetype? on Getting Data In. 08-17-2023 01:40 AM
- Karma Re: New Time Format has Z on the end. Did you mean %Z for timezone recognition?? for TWiseOne. 08-17-2023 01:06 AM
- Posted Re: How to redirect dashboard to alternative URL on Splunk Search. 07-05-2023 07:41 AM
- Posted How to redirect dashboard to alternative URL on Splunk Search. 07-04-2023 07:38 AM
- Posted Re: DB connect missing events on Getting Data In. 06-29-2023 07:18 AM
- Posted Re: DB connect missing events on Getting Data In. 06-26-2023 04:49 AM
- Tagged Re: DB connect missing events on Getting Data In. 06-26-2023 04:49 AM
- Posted DB connect missing events on Getting Data In. 06-22-2023 08:06 AM
- Posted Re: Schedule cron job for base report on Alerting. 06-05-2023 07:54 AM
- Karma Re: How to convert seconds to [h]:mm:ss? for mayurr98. 06-02-2023 05:32 AM
- Posted Re: Schedule cron job for base report on Alerting. 06-02-2023 04:51 AM
- Posted How to schedule cron job for base report to run every 5 minutes outside specific hours? on Alerting. 06-02-2023 03:50 AM
- Got Karma for Re: How to export reports using the REST API?. 04-20-2023 09:07 AM
- Posted Re: How to export reports using the REST API? on Reporting. 04-20-2023 02:40 AM
- Karma Re: How to export reports using the REST API? for woodcock. 04-20-2023 02:14 AM
- Posted Re: How to export reports using the REST API? on Reporting. 04-20-2023 02:13 AM
- Tagged Re: How to export reports using the REST API? on Reporting. 04-20-2023 02:13 AM
- Posted Re: How to export reports using the REST API? on Reporting. 04-20-2023 02:06 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-17-2023
05:29 AM
Good point, The timestamps are quite old. What are the defaults for MAX_DAYS_AGO and MAX_DAYS_HENCE as I cannot see them being defined in the sourcetype settings ? Should I go ahead and define them ? Some of the data is older than 2000 days. Many thanks.
... View more
08-17-2023
05:23 AM
Hi, I`ve added a sample event and sourcetype configurations, hope this is enough information.
... View more
08-17-2023
01:40 AM
Hi Everyone,
Data coming in from an API is using the _indextime as the _time field because the timestamp format that is being sent is not recognised by Splunk.
An example of the timestamp would look like this:
2016-06-21T01:18:51-07:00
OR
2018-02-16T06:34:31-08:00
As you can see, an offset of -7 or -8 hours is being added to the time field.
The timestamp format we`re currently using for the sourcetype is:
%Y-%m-%dT%H:%M:%S%:z
This is no longer working after the sender made some changes to the timestamp, but I`m not entirely sure how to represent the new format.
Using Splunk Cloud.
Any help would be greatly appreciated.
Toma.
... View more
- Tags:
- sourcetype
- timestamp
Labels
- Labels:
-
sourcetype
07-05-2023
07:41 AM
Hi, We use a hybrid environment, so I could clone the dashboard and put it onto the SOC SH as a temporary workaround until the issue with the lookup editor affecting the main SH gets resolved by Splunk (we have a case open with them). Do you have any suggestions on how to setup a URL redirect from the existing dashboard to the temporary one ? Using Splunk v9. Many thanks.
... View more
07-04-2023
07:38 AM
Hi, We`ve got a dashboard sitting on a problematic SH and would like to clone and move it to another working SH. Is there a way to redirect the users to the newly created cloned dashboard ? Many thanks, Toma
... View more
Labels
- Labels:
-
other
06-29-2023
07:18 AM
Update: DBConnect is sending the logs to both our Cloud and On Prem instances - some events are missing from the Cloud indexer, although they are present on the local indexer. We`ve raised a support ticket with Splunk to investigate.
... View more
06-26-2023
04:49 AM
Hello, Can`t seem to find anything in the _internal index and the DB Connect Health dashboard doesn`t appear to be working. - I`m currently looking into this. "How are you verifying that you have missing records?" - I use the "delta" command to compute the difference between the current value of the rising column field and the previous value. The gaps are only present in the Splunk index and I can see all the rows incrementing as expected in the DB connection. - I also compared the total number of events with the total number of records in the database over a given period of a day and the results are inconsistent: most days they are correct, but every few days there is a discrepancy.
... View more
- Tags:
- hi
06-22-2023
08:06 AM
Hello, We ingest data from a database using rising columns, however a small amount of events are missing from the index, although I can see them in DBConnect. The field that we use as a rising column is set as an identity column so I`m expecting that each new value is generated based on the current seed & increment. Query timeout is set to 30 seconds, max rows to retrieve is 0 (maximum), fetch size is 300 and frequency is 60 seconds - from what I`ve observed this should be sufficient for our requirements. Any assistance would be greatly appreciated. Many thanks.
... View more
- Tags:
- dbconnect
Labels
- Labels:
-
other
06-05-2023
07:54 AM
Hi, The operational requirement is to run the report every minute, but I`m thinking to propose to run it every 5 mins outside of busy operational times. We do have enough resources to run the queries, but would still like to optimise the search and frequency as much as possible. Currently I`m using the report as a base search for my dashboard, but I`m not entirely sure how to call both of the reports, as suggested ? Many thanks.
... View more
06-02-2023
04:51 AM
Is it possible to add multiple cron schedules to a single base report ?
... View more
06-02-2023
03:50 AM
Hi,
I have a dashboard that runs off the back of a report that is scheduled to run every minute. I need to amend the report schedule to run every minute between the specified hours AND every 5 minutes outside those hours to save on resources.
My current cron expression looks like this:
*/1 * * * *
To run every minute between the specified hours, I could write something like this.
*/1 3-8,12-20 * * *
The question I have is how to add a clause to schedule the search to run every 5 minutes outside those hours?
Many thanks.
... View more
Labels
- Labels:
-
cron
04-20-2023
02:40 AM
How would I get this working for reports with a longer name format, for example: [REPORT] This is a test report I`ve tried to URL encode the characters without success: %5BREPORT%5D%20This%20is%20a%20test%20report
... View more
Hi Gregg, This is amazing, thanks for sharing, wish I could mark more than one answer as a solution. joao_amorim answer was addressing my basic question, but I can see how I can expand on the REST API topic using your solution. Many thanks, Toma
... View more
- Tags:
- other
04-20-2023
02:06 AM
Please ignore my previous answer, the report was set to private and this does in fact work. I had to add the "-o" (output) flag and specify where the file should go to as I didn`t know what the default location was.
... View more
04-20-2023
01:12 AM
Unfortunately it doesn`t work. I`m getting Error in 'savedsearch' command: Unable to find saved search named 'Test' Although the report definitely exists and is scheduled to run.
... View more
04-18-2023
06:26 AM
Hi Rich, I guess my question is what is the correct endpoint and what is the correct syntax for exporting the report as a CSV file ? I`ve looked at the "REST API Reference Manual", but couldn't really find my answer. Many thanks.
... View more
04-18-2023
06:13 AM
Sorry to bring up such an old topic, but would really appreciate if you could share an example.
... View more
- Tags:
- other
04-18-2023
05:49 AM
Hi,
I`m looking to export a scheduled report using the REST API but I`m struggling with the syntax.
I was able to run a new search inside "curl" and export it, but can`t seem to be able to do the same for saved reports.
Would be grateful if someone could help with the syntax for exporting the following report as a CSV file:
curl -k -H "Authorization: Bearer myValidToken" https://myValidDomain.splunkcloud.com:8089/servicesNS/userName/app/saved/searches/%20Test%20/history
... View more
Labels
- Labels:
-
other
Worked like a charm, much appreciated.
... View more
Hi Everyone, I`m learning about the Splunk REST API and I`m experiencing some temperamental behaviour, for example I can fetch results using the query listed below from some reports, but it fails for others, example below: curl -k -H "Authorization: Splunk myValidToken" https://myValidDomainName.splunkcloud.com:8089/services/saved/searches/%5BLOOKUP%5D%20Active%20Directory%20Devices%20No2/acl Response: <?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Could not find object id=[LOOKUP] Active Directory Devices No2</msg>
</messages>
</response> The report name is correct. Have you got any suggestions for me ? Many thanks, Toma
... View more
Labels
- Labels:
-
other
