About asncari

asncari · ‎03-13-2024

Hi Im trying to follow this tutorial https://splunkui.splunk.com/Create/ComponentTutorial and i have a problem when i start the demo. The steps that im following are: Navigate to an empty directory of your choice and invoke Create: mkdir -p ~/Code/MyTodoList && cd ~/Code/MyTodoList npx @splunk/create (I choose A monorepo with a React Component) Run setup and start the component in demo mode yarn run setup cd packages/react-todo-list yarn run start:demo This bring me back the following errors: ERROR in ../../node_modules/@splunk/splunk-utils/url.js 11:19-41 Module not found: Error: Can't resolve 'querystring' in 'c😕SPLUNK\Code\MyTodoList\node_modules\@splunk\splunk-utils' BREAKING CHANGE: webpack < 5 used to include polyfills for node.js core modules by default. This is no longer the case. Verify if you need this module and configure a polyfill for it. If you want to include a polyfill, you need to: - add a fallback 'resolve.fallback: { "querystring": require.resolve("querystring-es3") }' - install 'querystring-es3' If you don't want to include a polyfill, you can use an empty module like this: resolve.fallback: { "querystring": false } ow can i handle this? Thx in advance. node -v v20.11.1 npm -v 10.2.4 yarn -v 1.22.22 I did that: npm install querystring-es3 And this is the fallback on webpack.config.js: const path = require('path'); const { merge: webpackMerge } = require('webpack-merge'); const baseComponentConfig = require('@splunk/webpack-configs/component.config').default; module.exports = webpackMerge(baseComponentConfig, { resolve: { fallback: { "querystring": require.resolve("querystring-es3") } }, entry: { ReactTodoList: path.join(__dirname, 'src/ReactTodoList.jsx'), }, output: { path: path.join(__dirname), } }); But the error is the same.

asncari · ‎02-01-2024

Hi, @gcusello Without the props file it is how we originally had it and that is why I added it. I am going to open a case with Broadcom support because this doesn't make sense. If we can solve it, I will write it here so that it can be of use to other people.

asncari · ‎02-01-2024

Hi Giuseppe, We have configured the props.conf with the sourcetype and the behavior is the same. Thx Giuseppe.

asncari · ‎02-01-2024

I'll test it and tell you. Thx Giuseppe

asncari · ‎02-01-2024

Good afternoon, I have a very strange problem. I have a log with these 2 events: 01/02/2024 13:06:16 - SOLISP1 IP: 10.229.87.80 USER-AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 01/02/2024 13:00:54 - GGCARO3 IP: 10.229.87.80 USER-AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 The date format in the event is dd/mm/yyyy Well, splunk indexes one of them in January and another in February. We have tried editing the props file as follows: [default] TIME_PREFIX = ^ TIME_FORMAT = %d/%m/%Y %H:%M:%S Anyone know what might be happening?

asncari · ‎01-09-2024

I've tried this, but without de "as _time" Now works perfect. Thank you very much!!!!!

asncari · ‎01-09-2024

Hi, I have a log with several transactions, each one have some events. All event in one transaction share the same ID. The other events contains some information each one, for example, execution time, transact type, url. login url, etc.... This fields can be in one or several of the events. I want to obtain the total transactions of each type in spanned time, for example each 5m. I need to group the events of each trasaction for extract the info for it. index=prueba source="*blablabla*" | eval Date=strftime(_time,"%Y/%m/%d") | eval Time=strftime(_time,"%H:%M:%S") | eval Fecha=strftime(_time,"%Y/%m/%d %H:%M:%S") | rex "^.+transactType:\s(?P<transactType>(.\w+)+)" | stats values(Fecha) as Fecha, values(transactType) as transactType by ID This is Ok, if i want count transactType then i do: index=prueba source="*blablabla*" | eval Date=strftime(_time,"%Y/%m/%d") | eval Time=strftime(_time,"%H:%M:%S") | eval Fecha=strftime(_time,"%Y/%m/%d %H:%M:%S") | rex "^.+transactType:\s(?P<transactType>(.\w+)+)" | stats values(Fecha) as Fecha, values(transactType) as transactType by ID |stats count by transactType The problem is if i want to obtain that in a span time: I cant do this because there is some events with the transactType field in one transaction: index=prueba source="*blablabla*" | eval Date=strftime(_time,"%Y/%m/%d") | eval Time=strftime(_time,"%H:%M:%S") | eval Fecha=strftime(_time,"%Y/%m/%d %H:%M:%S") | rex "^.+transactType:\s(?P<transactType>(.\w+)+)" | timechart span=5m count by transactType And following query dont give me any result: index=prueba source="*blablabla*" | eval Date=strftime(_time,"%Y/%m/%d") | eval Time=strftime(_time,"%H:%M:%S") | eval Fecha=strftime(_time,"%Y/%m/%d %H:%M:%S") | rex "^.+transactType:\s(?P<transactType>(.\w+)+)" | stats values(Fecha) as Fecha, values(transactType) as transactType by ID | timechart span=5m count by transactType Im tried too (but i dont get results): index=prueba source="*blablabla*" | eval Date=strftime(_time,"%Y/%m/%d") | eval Time=strftime(_time,"%H:%M:%S") | eval Fecha=strftime(_time,"%Y/%m/%d %H:%M:%S") | rex "^.+transactType:\s(?P<transactType>(.\w+)+)" | bucket Fecha span=5m | stats values(Fecha) as Fecha, values(transactType) as transactType by ID |stats count by transactType Or: index=prueba source="*blablabla*" | eval Date=strftime(_time,"%Y/%m/%d") | eval Time=strftime(_time,"%H:%M:%S") | eval Fecha=strftime(_time,"%Y/%m/%d %H:%M:%S") | rex "^.+transactType:\s(?P<transactType>(.\w+)+)" | stats values(Fecha) as Fecha, values(transactType) as transactType by ID | bucket Fecha span=5m |stats count by transactType How can i obtain what i want?

Posts	7
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎01-09-2024

Online Status	Offline
Date Last Visited	‎03-13-2024 10:25 AM

Splunk ui react

_time error

search stats

Splunk ui react

Re: _time error

Re: _time error

Re: _time error

_time error

Re: search stats

search stats

Join the Conversation