Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About rangineniarunku
rangineniarunku
Explorer
Member since:
03-23-2017
06-05-2020
Community Statistics
| Posts | 21 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 1 |
| Member Since | 03-23-2017 |
Activity Feed
- Karma Re: How to use the field in search query EXTRACTED using REX command for DalJeanis. 06-05-2020 12:49 AM
- Karma Re: Setting outputs.conf for gcusello. 06-05-2020 12:48 AM
- Karma Re: How do we setup "WinEventLog://HardwareEvents" and "WinEventLog://Setup" in splunk_nix_windows inputs.conf for adonio. 06-05-2020 12:48 AM
- Got Karma for How to fix wrong timestamping issues?. 06-05-2020 12:48 AM
- Karma Re: Change App and Object Ownership for rgcurry. 06-05-2020 12:46 AM
- Karma Re: where can I change system variable from $SPLUNK_DB for ziegfried. 06-05-2020 12:46 AM
- Posted Filter out the alerts form the huge list to the DL its configured to. on Alerting. 11-06-2017 12:55 PM
- Tagged Filter out the alerts form the huge list to the DL its configured to. on Alerting. 11-06-2017 12:55 PM
- Posted Re: How to use the field in search query EXTRACTED using REX command on Splunk Search. 09-20-2017 02:10 PM
- Posted How to use the field in search query EXTRACTED using REX command on Splunk Search. 09-20-2017 12:11 PM
- Tagged How to use the field in search query EXTRACTED using REX command on Splunk Search. 09-20-2017 12:11 PM
- Tagged How to use the field in search query EXTRACTED using REX command on Splunk Search. 09-20-2017 12:11 PM
- Posted Re: Unable to get results for Splunk search after adding a field from the "interesting fields" list--why? on Splunk Search. 08-10-2017 02:15 PM
- Posted Unable to get results for Splunk search after adding a field from the "interesting fields" list--why? on Splunk Search. 08-10-2017 01:32 PM
- Tagged Unable to get results for Splunk search after adding a field from the "interesting fields" list--why? on Splunk Search. 08-10-2017 01:32 PM
- Posted Re: Unable to initialize modular input "jmx" defined inside the app "Splunk_TA_jmx": Introspecting scheme=jmx: script running failed (exited with code 2). on All Apps and Add-ons. 08-07-2017 03:54 PM
- Posted Unable to initialize modular input "jmx" defined inside the app "Splunk_TA_jmx": Introspecting scheme=jmx: script running failed (exited with code 2). on All Apps and Add-ons. 08-07-2017 03:15 PM
- Tagged Unable to initialize modular input "jmx" defined inside the app "Splunk_TA_jmx": Introspecting scheme=jmx: script running failed (exited with code 2). on All Apps and Add-ons. 08-07-2017 03:15 PM
- Tagged Unable to initialize modular input "jmx" defined inside the app "Splunk_TA_jmx": Introspecting scheme=jmx: script running failed (exited with code 2). on All Apps and Add-ons. 08-07-2017 03:15 PM
- Posted Re: Splunk Migration to other instance on Splunk Dev. 07-27-2017 08:41 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-06-2017
12:55 PM
Is there any way I can filter out the list of alerts from the huge list for the one which are configured to particular DL?
I mean the one whose results are sent to particular DL. Appreciate any of your suggestions.
... View more
09-20-2017
02:10 PM
It worked!!!
... View more
09-20-2017
12:11 PM
I have a field named "content" with multiple values to it as follows
content=value.deva
content=value.devb
" =value.devc ......
I have written a rex expression in my search query .........| rex field=Name ".(?.*)" to extract the Environment from the field content . Now I want to get the values in my result only for Environment=deva, how can I use the field Environment in my query?
I tried this way but it did not work ".........| rex field=content ".(?.)" | Environment=deva "
Can someone help me with this?
... View more
- Tags:
- rex
- splunk-enterprise
08-10-2017
02:15 PM
The problem with that particular field is it is not returning any values once I select it to the search query, but it is assigned with few values from the logs. I am not caring whether it is in selected fields or Interesting fields set. Is there any way I can set the extraction properly so that I can get the results once I select it?
... View more
08-10-2017
01:32 PM
I am unable to get any values for my search when I add a field from the interesting fields list. It is happening only for one field and that particular field does have results.
ex:
Consider I have a following field value pair in my event "name = xyz".
"index=abc name xyz", "index=abc name"," index=abc xyz"
gives me the results for this search, but not for index=abc name=xyz or index=abc name="xyz".
Can anyone help me with this and let me know how to resolve this issue?
... View more
08-07-2017
03:54 PM
I tried install on standalone instance which acts as both indexer and searchhead. tried doing a fresh installation and got the following error in SplunkWeb.
... View more
08-07-2017
03:15 PM
Anyone aware of this error, I am trying to install JMX Addon on instance and getting this error. my java path is programfiles/java.
... View more
07-27-2017
08:41 AM
Have gone through the doc but it was not clear about the index Back up procedure. I tried the following way!
Stopped Splunk on both machines
Created the new indexes in new splunk machines and copied the warm buckets into it the to the index location
restarted the Splunk on new machine.
But still I cannot see any data flowing in new machine. Is there anything I missed?
... View more
07-19-2017
10:07 AM
I need to backup all the splunk data/dashboards/input/etc ..before I migrate to a new instance with the same version. Can you help me by providing the list of folders which I need to backup to restore my whole old data.
... View more
07-14-2017
10:05 PM
I want to upload a file that needs to be indexed and make sure it available in all the indexers as we are using clustered environment.
... View more
07-14-2017
02:13 PM
We are using clustered environment with multiple indexers and single Search head. I want to upload a file which needs to be indexed in all the indexers. Where should I upload it SearchHead or Cluster Master to reflect in all the indexers?
... View more
07-12-2017
06:37 PM
I can see that few events for some of the sources are indexing with wrong timestamp(both month and date are swapping), what I mean is events of Jul7th are indexing into Feb 2nd and happens only for few days and again sets back to correct time stamp and vice versa.
Is there any chance we can fix it and get the wrongly indexed events into correct timestamp back again.
My events and props.conf(at indexer) is as follows.
02/07/2017 09:14:40 |....|........
[sourcetype]
disabled=false
TIME_FORMAT=%d/%m/%Y %H:%M:%S
Can anyone help me with this?
... View more
07-11-2017
12:25 PM
I have newly added an script and inputs.conf file is already present but modified it !!!!!!!!!!
... View more
07-11-2017
11:53 AM
Do we need to restart Deployment server if we make any changes in Splunk\etc\apps\local\inputs.conf(xyz) and \Splunk\bin(scripts)?
... View more
- Tags:
- splunk-enterprise
06-16-2017
05:29 AM
I have deployed SplunK_TA_Windows and setup monitoring for Applicatiom, System ,Security, HardwareEvents and Setup winevents.I am missing logs from Setup and HardwareEvents ,below is the way I setup the Monitorings,
[WinEventLog:HardwareEvents]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
index=xyz
[WinEventLog:HardwareEvents]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
index=xyz
Any help how to troubleshoot it and get data indexed into splunk???
... View more
- Tags:
- splunk-enterprise
06-15-2017
06:29 PM
I tried to deploy the splunk_TA_Windows app from deployment server to the Host with splunk forwarder after the changes in inputs.conf, where I am able to see events indexed from "[WinEventLog://Security]", "[WinEventLog://Application]"and "[WinEventLog://System]" but not from "setup" and "HardwareEvents".
Do we need to make any other changes in Splunk_TA_windows app on Deployment server in order to get the missing logs to be indexed on splunk.
I did not find any script related to"HardwareEvents" or "Setup" at Splunk_TA_windows/samples where as we have for application,security and system
Can anyone help me with this??.
... View more
06-15-2017
02:30 PM
Can someone provide me the complete monitoring's stanzas for the "WinEventLog://HardwareEvents" and "WinEventLog://Setup" in inputs.conf for Splunk_TA_windows add-on.
I doubt whether it is same as that we do it for Applications,Security and System?
... View more
- Tags:
- splunk-enterprise
05-23-2017
03:02 PM
How can splunk indexer avoid from receiving data, if a hacker is sending corrupt data from his local system through univ forwarder to Splunk Indexer by knowing indexer port and name of our envirenment????
Do we have any permissions to Univ forwarder or settings to avoid receiving data from unknown forwarders to our Indexer?
... View more
- Tags:
- splunk-enterprise
03-31-2017
08:07 AM
I have a doubt here..I want to index data to both sandbox and production. What changes do I need to make here.
[tcpout]
defaultGroup = production
[tcpout:sandbox]
server=ABC:PORT
[tcpout:production]
server=XYZ:PORT
autoLB = true
useACK = false
... View more
- Tags:
- splunk-enterprise
03-24-2017
03:02 PM
1 Karma
I missed some of the events for my search query, when I try to evaluate the time diff between event time and index time, Index time is early than event time. How can I resolve the timing issue? Where should I navigate and check??
index=Bullseye sourcetype=BullseyeAppLogs source="\\\\BP1XTXII492\\BULLSEYE.logs.devc$\\1817*.log" | eval indextime=strftime(_indextime,"%Y-%m-%d %H:%M:%S") | eval diff= _indextime-_time | table _time, indextime, diff
output:
_time↕ indextime↕ diff↕
2017-03-22 18:56:13 2017-03-22 19:01:48 335
2017-03-22 18:55:45 2017-03-22 19:01:48 363
2017-03-22 18:44:03 2017-03-24 18:28:29 171866
2017-03-22 18:43:27 2017-03-24 18:28:29 171902
2017-03-22 18:42:41 2017-03-22 18:44:57 136
2017-03-22 18:42:26 2017-03-22 18:44:57 151
2017-03-22 18:34:35 2017-03-22 18:35:09 34
2017-03-22 18:33:55 2017-03-22 18:35:09 74
2017-03-22 18:33:48 2017-03-24 18:28:02 172454
2017-03-22 18:33:14 2017-03-24 18:28:02 172488
2017-03-22 18:31:09 2017-03-24 18:28:24 172635
2017-03-22 18:30:46 2017-03-24 18:27:15 172589
2017-03-22 18:30:42 2017-03-24 18:28:24 172662
2017-03-22 18:30:35 2017-03-24 18:27:10 172595
2017-03-22 18:29:48 2017-03-24 18:27:15 172647
2017-03-22 18:29:02 2017-03-24 18:27:10 172688
2017-03-22 18:19:43 2017-03-24 18:28:21 173318
2017-03-22 18:19:11 2017-03-24 18:28:21 173350
2017-03-22 18:16:57 2017-03-22 18:18:02 65
2017-03-22 18:16:24 2017-03-22 18:18:02 98
... View more
03-23-2017
02:16 PM
I have noticed that the latest event in the my index in the PROD instance of Splunk has no events after 9:01: AM this morning, 3/23. The same index in the Sandbox is indexing properly and events are showing almost real-time.
Could you please let know how to check the error and what is causing this issue? Also are there any systems in place to alert us if data is not indexing correctly, or do we need to set up Splunk alerts for each index to get notified of these types of issues?
... View more
