Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About alvesri
alvesri
Engager
Member since:
11-29-2022
04-08-2024
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 11-29-2022 |
Activity Feed
- Posted Re: Datepicker with Submit button on Splunk Enterprise. 04-08-2024 03:14 AM
- Posted Datepicker with Submit button on Splunk Enterprise. 04-01-2024 02:06 AM
- Posted Re: Having a space as the thousands separator, and be able to order when you click on the column on Splunk Enterprise. 03-25-2024 03:27 AM
- Posted Re: Having a space as the thousands separator, and be able to order when you click on the column on Splunk Enterprise. 03-25-2024 02:38 AM
- Posted Having a space as the thousands separator, and be able to order when you click on the column on Splunk Enterprise. 03-22-2024 10:31 AM
- Posted sendMail "From= " on Splunk Enterprise. 03-13-2024 02:30 AM
- Posted Re: Javascript after upgrade Splunk 9.0.6 on Splunk Enterprise. 09-27-2023 06:37 AM
- Posted Javascript after upgrade Splunk 9.0.6 on Splunk Enterprise. 09-27-2023 04:20 AM
- Posted Re: Slow performance in summary creation on Splunk Search. 11-29-2022 04:08 AM
- Posted Can I speed up this slow performance in summary creation? on Splunk Search. 11-29-2022 02:53 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-08-2024
03:14 AM
Hi, thanks for the reply, But meanwhile I found another solution, I will try this solution next to see if it works.
... View more
04-01-2024
02:06 AM
Hi guys, I don't know if you already done this, but could you please help ? I'm trying to create a new and simple datepicker where you just choose a date and next click in a button "Submit button" and show me the results. I already created the datepicker but it dosen't do anything. I'm trying, and tried to follow one similar example here but it isn't the same.
... View more
Labels
- Labels:
-
splunk-assist
03-25-2024
03:27 AM
Hi guys, I did this ant it worked in replacing the comma, thank you. The N/A is in case i'ts empty. | eval value= if(value!="N/A", replace(tostring(value,"commas"),","," "),value) But the thing is, I can't order it correctly.
... View more
03-25-2024
02:38 AM
Hi thank you for the reply, I tried that, and it works replacing the comma with a space, but the issue it's next when i click on the column to sort in a descending order, and the numbers are not sorted correctly, because some of them are string and others are numbers, and I tried the conversion "tonumber()"
... View more
03-22-2024
10:31 AM
Hi guys can you please help me ? I'm trying to use a space as thousands separator and I can't, the max that I could it's a comma with this:
eval value= if(value!="N/A",printf("%'d",value),value)
Result = 123,456 so I guess I can change it with a replace maybe, But then we have problem number 2 , When I try to sort the by value in the arrow of the column, the sort it isn't correct, and the bigger numbers are considerate as strings. Can you guys help me solve this please ? Tell me if you need more things
... View more
Labels
- Labels:
-
using Splunk Enterprise
03-13-2024
02:30 AM
Hi guys, Thank you in advance, Is it possible to use a value of the search result as a parameter in the |sendmail from=" ? " In the | sendmail to="we can use results.mail_to" but in case of | sendmail from="results.mail_from" don't work. We already disable the security options for this.
like for example
i
ndex="main"
| eval mail_from = "username@mail.com"
| eval mail_to = "username@mail.com"
| eval subject = "subject"
| table username age country city
| sendemail to=$result.mail_to$ from= $result_mail_from$ subject=$results.subject$ message="This is an example message" sendresults=true inline=true format=table sendcsv=true
... View more
Labels
- Labels:
-
using Splunk Enterprise
09-27-2023
06:37 AM
First of all @kamlesh_vaghela Thank you so much for trying to help, But we can't enter in: mySearchResults.on("data", function () {
resultArray = mySearchResults.data().rows;
// Iterate Result set
$.each(resultArray, function (index, value) {
console.log(index, value)
console.log(index, value[0])
console.log(index, value[1])
console.log(index, value[2])
})
}); We can get the action and the results of this Data. Thanks again
... View more
09-27-2023
04:20 AM
Hello Guys, I have weird problem with Javascript after the latest upgrade(8.2.8 to 9.0.6). Javascript Code var queryResults = smAlerteGetter.data("results");
console.log("Search done", queryResults);
console.log("pimba - ---- " + JSON.stringify(queryResults));
// when we have the result
queryResults.on("data", function()
{
console.log("Data received"); We should received the events and should see the log "Data received". The query goes well and we can see in the Activity Jobs that we received our events. However we have other splunk apps with similar scripts that have the correct behavior. Do we miss something in our app or configurations related to Javascript ? Please help!
... View more
Labels
11-29-2022
04:08 AM
Hello PickelRick, Thank you for the fast reply, Here it is the results, of the subsearch alone, and the subsearch with the main search, Do you think we can improve the summary creation? If yes, can you help us please ? SubSearch Alone Mains Search with subsearch Best regards, Ricardo Fonseca
... View more
11-29-2022
02:53 AM
Hello guys, Can you help us with this case, thank you in advance.
We received 300k events in 24 hours, we have to process on peak, about 15k in real-time, and this job takes 140 sec to process, is it possible to make it take less time ? The application it's already developed, the output should stay the same.
Savedsearches.conf:
[Preatreament - Opération Summary]
action.email.show_password = 1
action.logevent = 1
action.logevent.param.event = _time=$result._time$|ABC123456Emetrice=$result.ABC123456Emetrice$|ABC123456Receptrice=$result.ABC123456Receptrice$|ABCaeiou=$result.ABCaeiou$|ABCdonneurbbbb=$result.ABCdonneurbbbb$|AAAAaeiou=$result.AAAAaeiou$|AAAADonneurbbbb=$result.AAAADonneurbbbb$|application=$result.application$|canal=$result.canal$|codeE=$result.codeE$|count=$result.count$|csv=$result.csv$|dateEmissionrrrr=$result.dateEmissionrrrr$|dateReglement=$result.dateReglement$|date_hour=$result.date_hour$|date_mday=$result.date_mday$|date_minute=$result.date_minute$|date_month=$result.date_month$|date_second=$result.date_second$|date_wday=$result.date_wday$|date_year=$result.date_year$|date_zone=$result.date_zone$|deviseOrigine=$result.deviseOrigine$|deviseReglement=$result.deviseReglement$|encryptedAAAAaeiou=$result.encryptedAAAAaeiou$|encryptedAAAADonneurbbbb=$result.encryptedAAAADonneurbbbb$|etat=$result.etat$|eventtype=$result.eventtype$|heureEmissionrrrr=$result.heureEmissionrrrr$|host=$result.host$|identifiantrrrr=$result.identifiantrrrr$|index=$result.index$|info_max_time=$result.info_max_time$|info_min_time=$result.info_min_time$|info_search_time=$result.info_search_time$|lastUpdate=$result.lastUpdate$|libelleRejet=$result.libelleRejet$|linecount=$result.linecount$|montantOrigine=$result.montantOrigine$|montantTransfere=$result.montantTransfere$|motifRejet=$result.motifRejet$|nomaeiou=$result.nomaeiou$|nomDonneurbbbb=$result.nomDonneurbbbb$|orig_index=$result.orig_index$|orig_sourcetype=$result.orig_sourcetype$|phase=$result.phase$|punct=$result.punct$|refEstampillage=$result.refEstampillage$|refFichier=$result.refFichier$|refbbbbClient=$result.refbbbbClient$|refTransaction=$result.refTransaction$|search_name=$result.search_name$|search_now=$result.search_now$|sens=$result.sens$|source=$result.source$|sourcetype=$result.sourcetype$|splunk_server=$result.splunk_server$|splunk_server_group=$result.splunk_server_group$|startDate=$result.startDate$|summaryDate=$result.summaryDate$|timeendpos=$result.timeendpos$|timestamp=$result.timestamp$|timestartpos=$result.timestartpos$|typeOperation=$result.typeOperation$|summaryDate_ms=$result.summaryDate_ms$|UUUUUETR=$result.UUUUUETR$|messageDefinitionIdentifier=$result.messageDefinitionIdentifier$|ssssssInstructionId=$result.ssssssInstructionId$|endToEndIdentification=$result.endToEndIdentification$|
action.logevent.param.index = bam_xpto_summary
action.logevent.param.sourcetype = Opération_summary
action.lookup = 0
action.lookup.append = 1
action.lookup.filename = test.csv
alert.digest_mode = 0
alert.severity = 1
alert.suppress = 0
alert.track = 0
counttype = number of events
cron_schedule = */1 * * * *
dispatch.earliest_time = -6h
dispatch.latest_time = now
enableSched = 1
quantity = 0
relation = greater than
search = (index="bam_xpto" AND sourcetype="Opération") OR (index="bam_xpto_summary" sourcetype="Opération_summary" earliest=-15d latest=now)\
| search [ search index="bam_xpto" AND sourcetype="Opération" \
| streamstats count as id \
| eval splitter=round(id/500) \
| stats values(refEstampillage) as refEstampillage by splitter\
| fields refEstampillage]\
| sort 0 - _time indexTime str(sens)\
| fillnull application phase etat canal motifRejet libelleRejet identifiantrrrr dateReglement ABCdonneurbbbb nomDonneurbbbb ABCaeiou nomaeiou codeEtablissement refFichier messageDefinitionIdentifier UUUUUETR ssssssInstructionId endToEndIdentification value=" " \
| eval codeEtablissement=if(codeEtablissement=="", "N/R",codeEtablissement),\
identifiantrrrr=if(identifiantrrrr=="", "N/R",identifiantrrrr),\
dateReglement=if(dateReglement=="", "N/R",dateReglement),\
ABCdonneurbbbb=if(ABCdonneurbbbb=="", "N/R",ABCdonneurbbbb), \
nomDonneurbbbb=if(nomDonneurbbbb=="", "N/R",nomDonneurbbbb),\
ABCaeiou=if(ABCaeiou=="", "N/R",ABCaeiou),\
nomaeiou=if(nomaeiou=="", "N/R",nomaeiou),\
libelleRejet=if(libelleRejet=="", "N/R",libelleRejet),\
refFichier=if(refFichier=="", "N/R",refFichier),\
application=if(application=="", "N/R",application),\
canal=if(canal=="", "N/R",canal),\
motifRejet=if(motifRejet=="", "N/R",motifRejet),\
count=if(sourcetype="Opération", 1, count),\
startDate=if(isnull(startDate), _time, startDate),\
typeOperation = if(NOT (messageDefinitionIdentifier==" " AND endToEndIdentification== " " AND ssssssInstructionId == " " AND UUUUUETR== " ") , messageDefinitionIdentifier, typeOperation), \
refTransaction = if(NOT (messageDefinitionIdentifier==" " AND endToEndIdentification== " " AND ssssssInstructionId == " " AND UUUUUETR== " ") , ssssssInstructionId, refTransaction),\
relatedRef = if(NOT (messageDefinitionIdentifier==" " AND endToEndIdentification== " " AND ssssssInstructionId == " " AND UUUUUETR== " ") , endToEndIdentification, relatedRef)\
| foreach * \
[eval <<FIELD>>=replace(<<FIELD>>, "\"","'"), <<FIELD>>=replace(<<FIELD>>, "\\\\"," "), <<FIELD>>=replace(<<FIELD>>, ",",".")]\
| eval nomDonneurbbbb=replace(nomDonneurbbbb,"[^\p{L}\s]",""), nomaeiou=replace(nomaeiou,"[^\p{L}\s]","") \
| eval nomDonneurbbbb=replace(nomDonneurbbbb,"\s{2,99}"," "), nomaeiou=replace(nomaeiou,"\s{2,99}"," ") \
| stats latest(_time) as _time, latest(Actions_xpto) as Actions_xpto, list(sens) as sens, list(phase) as phase, list(etat) as etat, list(identifiantrrrr) as identifiantrrrr, list(dateReglement) as dateReglement, list(ABCdonneurbbbb) as ABCdonneurbbbb, list(nomDonneurbbbb) as nomDonneurbbbb, list(ABCaeiou) as ABCaeiou, list(nomaeiou) as nomaeiou, list(codeEtablissement) as codeEtablissement, list(index) as index, list(count) as count, list(typeOperation) as typeOperation, list(libelleRejet) as libelleRejet , list(application) as application,latest(dateEmissionrrrr) as dateEmissionrrrr, list(canal) as canal, earliest(deviseOrigine) as deviseOrigine, earliest(deviseReglement) as deviseReglement, earliest(refbbbbClient) as refbbbbClient, list(refFichier) as refFichier, earliest(montantOrigine) as montantOrigine, earliest(montantTransfere) as montantTransfere, last(AAAADonneurbbbb) as AAAADonneurbbbb, last(AAAAaeiou) as AAAAaeiou, list(motifRejet) as motifRejet, list(refTransaction) as refTransaction, earliest(encryptedAAAAaeiou) as encryptedAAAAaeiou, earliest(encryptedAAAADonneurbbbb) as encryptedAAAADonneurbbbb, first(heureEmissionrrrr) as heureEmissionrrrr, first(sourcetype) as sourcetype, last(ABC123456Receptrice) as ABC123456Receptrice, last(ABC123456Emetrice) as ABC123456Emetrice,latest(summaryDate) as summaryDate, list(startDate) as startDate, list(endToEndIdentification) as endToEndIdentification, list(messageDefinitionIdentifier) as messageDefinitionIdentifier, list(UUUUUETR) as UUUUUETR, list(ssssssInstructionId) as ssssssInstructionId, count(eval(sourcetype="Opération")) as nbOperation, min(startDate) as minStartDate by refEstampillage\
| eval lastSummaryIndex=mvfind(index, "bam_xpto_summary"), lastSummaryIndex=if(isnull(lastSummaryIndex), -1, lastSummaryIndex)\
| foreach * \
[eval <<FIELD>>=mvindex(<<FIELD>>,0, lastSummaryIndex)]\
| eval etat=mvjoin(etat,","), phase=mvjoin(phase,","), identifiantrrrr=mvjoin(identifiantrrrr,","), dateReglement=mvjoin(dateReglement,","), ABCdonneurbbbb=mvjoin(ABCdonneurbbbb,","), nomDonneurbbbb=mvjoin(nomDonneurbbbb,","), ABCaeiou=mvjoin(ABCaeiou,","), nomaeiou=mvjoin(nomaeiou,","), codeEtablissement=mvjoin(codeEtablissement,","),application=mvjoin(application,","),canal=mvjoin(canal,","),motifRejet=mvjoin(motifRejet,","),libelleRejet =mvjoin(libelleRejet ,","),dateReglement=mvjoin(dateReglement,","),refFichier=mvjoin(refFichier,","), sens=mvjoin(sens,","), startDate=mvjoin(startDate,","), count=mvjoin(count,","), oldSummary=summaryDate, endToEndIdentification = mvjoin (endToEndIdentification, ","), messageDefinitionIdentifier = mvjoin (messageDefinitionIdentifier, ","), UUUUUETR = mvjoin(UUUUUETR, ","), ssssssInstructionId = mvjoin(ssssssInstructionId, ","), typeOperation = mvjoin(typeOperation, ","), refTransaction = mvjoin(refTransaction, ",")\
| where _time >= summaryDate OR isnull(summaryDate)\
| majoperation\
| eval count=if(nbOperation > count, nbOperation, count)\
| eval startDate=if(minStartDate<startDate,minStartDate, startDate) \
| where !(mvcount(index)==1 AND index="bam_xpto_summary") \
| fillnull codeEtablissement value="N/R"\
| fillnull refFichier value="Aucun"\
| eval summaryDate=_time, lastUpdate=now(), codeE=codeEtablissement, summaryDate_ms=mvindex(split(_time,"."),1)\
| fields - codeEtablissement index
limits.conf
max_per_result_alerts = 500
Inspector
Thank you again, waiting anxiously for your answer,
Best regards,
Ricardo Alves
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-08-2024
06:35 AM
|
