×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
premrajvs
Explorer
Member since: ‎11-08-2022
‎03-10-2025
Community Statistics
Posts 8
Solutions 2
Karma Given 4
Karma Received 1
Member Since ‎11-08-2022
Activity Feed
View All

Splunk MLTK : Error in 'sample' command: The speci...

by in All Apps and Add-ons
‎01-16-2025 07:13 PM
‎01-16-2025 07:13 PM
I am trying to execute the sample command in Splunk MLTK. For some reason, I am getting an error everytime I run a stats command after the sample command.  index=_internal | sample partitions=3 seed=42 | stats count by action, partition_number Search error Error in 'sample' command: The specified field name for the partition already exists: partition_number   I tried providing different field name and it is still the same error. If I remove stats command and try running the same search multiple times, it works without any issues. What could be the reason ?   ... View more

Re: sPath command Missing random few values from J...

by in Splunk Search
‎08-26-2024 07:26 AM
‎08-26-2024 07:26 AM
Thank you for all the inputs. Here is the final query index=Github_Webhook source="http:github-dev-token" eventtype="GitHub::Push" sourcetype="json_ae_git-webhook" | rename repository.name as RepoName | spath path=commits{} output=commitscollection | mvexpand commitscollection | fields _time RepoName commitscollection | spath input=commitscollection | table RepoName id added{} modified{} removed{} author.name author.email message | spath path=commits{} output=commitscollection --> Thanks to all the responders. This helps in getting the commits from array Next challenge is, if you pull the data for all the other fields in the same approach, each of those values cannot be mapped with each other. To address this, we should use mvexpand to split them into separate array events Once the array is split into separate events, now, we will use the same logic to split the data into events. Hope this helps. ... View more

Re: How to use Splunk REST API to create/update a ...

by in Splunk Cloud Platform
‎08-06-2024 09:40 AM
‎08-06-2024 09:40 AM
Trying the same here, getting an error while having the proper permissions: {"messages":[{"type":"ERROR","text":"Current user doesn't have permission to add index test"}]} ... View more

Re: Can Heavy Forwarder monitor a Folder and forwa...

by SplunkTrust in Getting Data In
‎02-05-2024 06:29 AM
‎02-05-2024 06:29 AM
Hi @premrajvs , you can input these files on an HF in the same way of on UF and also by GUI (it's easiest). Then youcan forward them to the indexers. Why do you want to install an UF on the same server? Ciao. Giuseppe ... View more

Re: Is there a way for Splunk to Call Third Party ...

by SplunkTrust in Getting Data In
‎11-10-2022 04:34 PM
‎11-10-2022 04:34 PM
Yes, you can use curl as part of SPL with this app https://splunkbase.splunk.com/app/4146   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-10-2025 11:43 AM
Karma from
View All
Karma given to
View All