Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About HaakonRuud
HaakonRuud
Explorer
Member since:
01-18-2023
a month ago
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 01-18-2023 |
Activity Feed
- Got Karma for Re: Metrics search average and max. 02-11-2025 05:32 PM
- Posted Re: Metrics search average and max on Splunk Search. 02-10-2025 12:14 AM
- Karma Re: Metrics search average and max for tscroggins. 02-10-2025 12:13 AM
- Posted Metrics search average and max on Splunk Search. 02-07-2025 03:32 AM
- Tagged Metrics search average and max on Splunk Search. 02-07-2025 03:32 AM
- Posted Re: I cannot renew my developer license on Deployment Architecture. 06-21-2024 01:47 AM
- Posted Re: I cannot renew my developer license on Deployment Architecture. 06-20-2024 10:49 PM
- Posted Re: Powershell Stops Working- How to resolve this error? on All Apps and Add-ons. 02-20-2024 03:43 AM
- Posted Re: Outputs.conf not found on Getting Data In. 02-01-2023 06:09 AM
- Posted Re: Outputs.conf not found on Getting Data In. 02-01-2023 05:01 AM
- Posted Why are outputs.conf not found? on Getting Data In. 02-01-2023 04:07 AM
- Posted Active sessions overview: How to figure out if a user have an active session based on session id and user name? on Getting Data In. 01-18-2023 05:31 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
02-10-2025
12:14 AM
1 Karma
Thank you so much for the explanation. This make so much sense when you describe it (and something I should be able to think of my self).
... View more
02-07-2025
03:32 AM
Hi guys! I've been struggeling for a while understanding metrics. When making a line chart for both average and max value the trend is exact the same. This is the query: | mstats avg("% Processor Time") as Avg, max("% Processor Time") as Max Where index="metric_index" AND collection=CPU AND host="host" span=1m | fields _time, Avg, Max But if I do avg and max of the value in the same time range I get two different values. Query used: | mstats avg("% Processor Time") as Avg, max("% Processor Time") as Max Where index="metric_index" AND "collection"="CPU" AND "host"="host" Earlier I had this data ingested as events and then I had different trend for avg and max.. The inputs.conf file looks like this (using the Splunk_TA_windows app): ## CPU [perfmon://CPU] counters = % Processor Time disabled = 0 samplingInterval = 2000 stats = average; min; max instances = _Total interval = 60 mode = single object = Processor useEnglishOnly=true formatString = %.2f index = metric_index Are someone able to explain why this happens? Thanks in advance
... View more
- Tags:
- mstats
Labels
- Labels:
-
chart
06-21-2024
01:47 AM
Finally! I just got the license.
... View more
06-20-2024
10:49 PM
I also have the same issue. Tried to email devinfo@splunk.com 10 days ago and still no reply.
... View more
02-20-2024
03:43 AM
Hi @damo66a Did you figure out this issue? I also have issues that powershell scripts doesn't seems to be triggered after a while (after working for days and weeks). Restart of the splunk service helps, but after some time it stops again. I can't find any error messages either. Regards
... View more
02-01-2023
06:09 AM
Hi After running "splunk btool outputs list --debug" it finds all the outputs.conf files except the one that's in the app I created. I've checked the folder and files and it has exactly the same read permitions as the $Splunk_Home\etc\system folder. Do you have any sugestions what this means? Thank you so far!
... View more
02-01-2023
05:01 AM
I've checked that there is only outputs.conf files in $Splunk_Home\etc\apps\SplunkUniversalForwarder\default, $Splunk_Home\ets\system\default and in $Splunk_Home\etc\apps\app_name\local
... View more
02-01-2023
04:07 AM
I've made an app and put the app in "$Splunk_Home\etc\apps\app_name\local" where I have the outputs.conf file. Since there is no outputs.conf file in "$Splunk_Home\etc\system\local" I get an error message in the log stating: "LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf". If I move the outputs.conf file from my app to "$Splunk_Home\etc\system\local" it will work. I've have already an old setup that I inherited where this is working. It seems like the file in my app is not read for some reason. I've checked that the user have read access to files in my app. Unfortunatly I don't have documentation from the old setup so I can't see how this was implemented. Are someone able to point me in the right direction? I've tried searching for this issue, but couldn't find anything related to this issue. Thanks in advance
... View more
Labels
- Labels:
-
universal forwarder
01-18-2023
05:31 AM
I've been struggeling for a while and hopefully someone here can help me. Need to figure out if a user have an active session based on session id and user name. Active session is defined as only event 21 received OR event 25 received has newer timestamp than event 24 received. Not active session is defined if only event 21 AND event 24 is received OR event 24 received has newer timestamp than event 25 received. Search starts something like this: index=main source=events EventCode IN (21,24,25) | fields _time, User, EventCode, Session_ID, host Thanks in advance
... View more
Labels
- Labels:
-
data
-
field extraction
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
a month ago
|
