Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About rishav-ukg
rishav-ukg
Loves-to-Learn Lots
Member since:
12-07-2024
a month ago
Community Statistics
| Posts | 5 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 12-07-2024 |
Activity Feed
- Posted Re: Join Two Query With Different Raw Message But Common Thread ID on Getting Data In. 12-31-2024 05:47 AM
- Tagged Re: Join Two Query With Different Raw Message But Common Thread ID on Getting Data In. 12-31-2024 05:47 AM
- Tagged Re: Join Two Query With Different Raw Message But Common Thread ID on Getting Data In. 12-31-2024 05:47 AM
- Tagged Re: Join Two Query With Different Raw Message But Common Thread ID on Getting Data In. 12-31-2024 05:47 AM
- Posted Join Two Query With Different Raw Message But Common Thread ID on Getting Data In. 12-31-2024 12:04 AM
- Tagged Join Two Query With Different Raw Message But Common Thread ID on Getting Data In. 12-31-2024 12:04 AM
- Tagged Join Two Query With Different Raw Message But Common Thread ID on Getting Data In. 12-31-2024 12:04 AM
- Tagged Join Two Query With Different Raw Message But Common Thread ID on Getting Data In. 12-31-2024 12:04 AM
- Posted Re: How to create authentication token and then use it to call Splunk Cloud REST API endpoints? on Splunk Cloud Platform. 12-08-2024 06:33 AM
- Posted How to create authentication token and then use it to call Splunk Cloud REST API endpoints? on Splunk Cloud Platform. 12-07-2024 09:10 AM
- Tagged Re: Setting up the ACS API for accessing the Splunk Cloud REST API? on Splunk Cloud Platform. 12-07-2024 08:38 AM
- Posted Re: Setting up the ACS API for accessing the Splunk Cloud REST API? on Splunk Cloud Platform. 12-07-2024 08:31 AM
Topics I've Started
12-31-2024
05:47 AM
Thank you for your response. I'll take an example to explain it better let's say we have two events entries in splunk as below 1. ****1111222*abcabcabac*ERROR*<time> Logging server exception... Error code: 6039 Error description: An internal message proxy HTTP error occurred when the request was being processed Parameter: 504 Gateway Time-out 2. ****1111222*xyzxyz*0078*ERROR*<time> ExecuteFactoryJob: Caught soap exception. Java factory ID: 3910059732_3_0_223344 Request failed after tries = 1 So now these two are different events entries in splunk which can be fetched by query1 and query2 separately. Now first I checked for 504 Gateway timeout with error code 6039 and took the thread_id (111122 in above example) by using rex and now using this thread_id I look for 2nd event entries as shown in above example and if it is found then return 1 single event back as result containing both events in raw message. It's like inner join. if either event is not present then it should not be returned. I tried using join as well but it didn't work. Tried your query it is giving result some of which contains a single event and some contains both events grouped (which is expected). All the result events individually should contain raw_message of both examples For above example result should be 1 single event like below: ****1111222*abcabcabac*ERROR*<time> Logging server exception... Error code: 6039 Error description: An internal message proxy HTTP error occurred when the request was being processed Parameter: 504 Gateway Time-out ****1111222*xyzxyz*0078*ERROR*<time> ExecuteFactoryJob: Caught soap exception. Java factory ID: 3910059732_3_0_223344 Request failed after tries = 1 @isoutamo @ITWhisperer
... View more
12-31-2024
12:04 AM
Below are 2 queries which returns different events but have a common field thread_id which can be taken by using below rex. raw message logs are different for both queries. I want events list with raw message logs from both query but only if each raw message has this common thread_id I have tried multiple things like join, append, map and github copilot as well but not getting the desired results. Can somebody please help on how to achieve this. rex field=_raw "\*{4}(?<thread_id>\d+)\*" index="*sample-app*" ("*504 Gateway Time-out*" AND "*Error code: 6039*") index="*sample-app*" "*ExecuteFactoryJob: Caught soap exception*" index="*wfd-rpt-app*" ("*504 Gateway Time-out*" AND "*Error code: 6039*")
| rex field=_raw "\*{4}(?<thread_id>\d+)\*"
| append [ search index="*wfd-rpt-app*" "*ExecuteFactoryJob: Caught soap exception*" | rex field=_raw "\*{4}(?<thread_id>\d+)\*" ]
| stats values(_raw) as raw_messages by _time, thread_id
| table _time, thread_id, raw_messages I tried above query but it is returning some results which is correct which contains raw message from both the queries, but some results are there which contains thread id and only the 504 gateway message even though the thread_id has both type of message when I checked separately. I'm new to splunk, any help is really appreciated.
... View more
12-08-2024
06:33 AM
@richgalloway On each Splunk cloud REST API call from java service I want to create authentication token in the java service itself and use it for the splunk cloud search api. So I need how to create authentication token like which endpoint I need to call for this and what all parameters are required to create auth JWT token, if you have a curl and you can share that would be very helpful.
... View more
12-07-2024
09:10 AM
Hi, From java service I want to call Splunk Cloud REST API endpoints. I need help in how to create authentication token for splunk cloud and then pass that token while calling search endpoints to execute the query and get the results back. When logging into my <org-name>.splunkcloud.com in browser it is done via SSO. Can anybody please provide sample curl which I can use, I went through documentation, but I didn't get much, I'm new to this, any help is highly appreciated. #splunkcloud @splunkclouduser @splunkcloudnoob Thanks.
... View more
Labels
- Labels:
-
development
-
using Splunk Cloud
12-07-2024
08:31 AM
Hi @tomapatan, I need to call Splunk Cloud REST API endpoints from java service to get back the results of a search query. Could you please provide the curl to create authentication token and any one REST API endpoint using that token to get data.
... View more
- Tags:
- Splunk Cloud
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
a month ago
|
