Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About sccheah82
sccheah82
Explorer
Member since:
12-01-2022
08-08-2023
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 12-01-2022 |
Activity Feed
- Karma Re: How to execute otelcol as regular user for PickleRick. 04-14-2023 12:54 AM
- Posted How to execute otelcol as regular user? on Splunk Enterprise. 04-13-2023 07:04 PM
- Posted Is there any splunk insertion limitation? on Getting Data In. 03-09-2023 12:20 AM
- Posted How can I overwrite _time upon inserting data into Splunk? on All Apps and Add-ons. 03-01-2023 05:58 PM
- Posted Re: Can I use tstats on dbxquery and saved search? on All Apps and Add-ons. 03-01-2023 01:39 PM
- Posted Re: Can I use tstats on dbxquery and saved search? on All Apps and Add-ons. 03-01-2023 01:29 PM
- Posted Can I use tstats on dbxquery and saved search? on All Apps and Add-ons. 03-01-2023 09:15 AM
- Posted Re: Why are new splunk user accounts failing due to US export compliance requirements? on Splunk Enterprise. 02-08-2023 07:02 PM
- Karma Re: Can Splunk observability be used on non cloud application? for PaulPanther. 02-08-2023 05:24 PM
- Posted Can Splunk observability be used on non cloud application? on Installation. 02-07-2023 08:39 PM
- Tagged Can Splunk observability be used on non cloud application? on Installation. 02-07-2023 08:39 PM
- Posted Re: Web interface does not seem to be avaible splunk enterprise on Installation. 02-02-2023 04:27 PM
- Tagged Re: Web interface does not seem to be avaible splunk enterprise on Installation. 02-02-2023 04:27 PM
- Posted May I have sample code to query Splunk data using Splunk React, please? on Getting Data In. 12-01-2022 10:30 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-13-2023
07:04 PM
How can we execute opentelemetry command as a regular user, please?
The given command requires root access.
https://opentelemetry.io/docs/collector/getting-started/
sudo yum updatesudo yum -y install wget systemctlwget https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download/v0.75.0/otelcol_0.75.0_linux_amd64.rpmsudo rpm -ivh otelcol_0.75.0_linux_amd64.rpm sudo systemctl start otelcol
... View more
Labels
- Labels:
-
metrics
03-09-2023
12:20 AM
Our customer is running a script that is performing around 80k times of individual data insertion into Splunk.
We are in the process of advising our customer to do bulk insertion by compiling the data from 80k of foreach loop then call one single Splunk insertion command.
We want to understand if there is any Splunk limitation in Splunk insertion operation:
a. What is the limit of data size for single Splunk insertion upload?
b. What is the maximum of number of insertion per user a day which causes the connection to be terminated?
c. What causes the connection to be terminated (Sometimes success while sometimes failed) when inserting the data?
... View more
Labels
- Labels:
-
development
03-01-2023
05:58 PM
I have data dated "2-14-2022".
When I insert the data into Splunk today, the _time becomes "3-2-2023".
How can I overwrite _time to preserve the value as "2-14-2022" even though I insert the data at "3-2-2023", without creating an additional field to store the snapshot of datetime?
The reason I would like to do that is because
(1) I can leverage on the Splunk Time Range selector to limit my search query, instead of creating the time range selector myself.
(2) I observed the query turnaround time is faster if we limit the data by earliest=1677686400 latest=1677980130 (2.2 seconds query turnaround time) than using start_date & end_date that are associated to the custom input fields that I created (*194 seconds query turnaround time).
... View more
Labels
- Labels:
-
search
03-01-2023
01:39 PM
We have an external database. The database is emptied & re-populate daily. The content is 80% similiar as the previous database. There is no uniq index field saying the 1st 80% are old data & the last 20% of data are new incoming data. The total records are 6 million. We use Splunk DB Connect to bring in the data. Over time, the total records become 50 million. 8x more data. The simple search like index="XXX" is taking longer than dbxquery and saved search. We observed using stats can improve the stat command for index="XXX". But, we still need to further improve the query turnaround time. Hence we are thinking of substituting the index="XXX" with dbxquery or saved_search to further boost the stats query. We tried with 3 syntaxes attached. Observed "no result found" when substituting index="XXX" with dbxquery & saved_searched. Can we learn the right syntax to put tstats & dbxquery or saved_searched together, please?
... View more
03-01-2023
01:29 PM
## This one work | tstats count where (index="XXX" ) groupby date_time | where date_time like "2022%" | fields date_time | dedup date_time # This one not working | tstats count where (loadjob savedsearch="XXX:YYY") groupby date_time | where date_time like "2022%" | fields date_time | dedup date_time # This one not working | tstats count where (dbxquery XXX) groupby date_time | where date_time like "2022%" | fields date_time | dedup date_time
... View more
03-01-2023
09:15 AM
Can I use tstats on dbxquery and saved search?
... View more
Labels
- Labels:
-
search
02-08-2023
07:02 PM
I faced the same problem too. I am from Malaysia. The number is not in service to me. May I get assistance, please?
... View more
02-07-2023
08:39 PM
Can Splunk observability be used on non cloud application?
... View more
- Tags:
- Splunk Observability
Labels
- Labels:
-
other
02-02-2023
04:27 PM
I am not allowed to run as root. I have to run using my username. It is only root can start splunk server?
... View more
- Tags:
- what
12-01-2022
10:30 PM
we are using Splunk React.
may I have a sample Splunk React code that queries Splunk data, please?
... View more
Labels
- Labels:
-
data
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-08-2023
02:46 AM
|
