Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About akarivaratharaj
akarivaratharaj
Communicator
Member since:
07-11-2017
05-23-2024
Community Statistics
| Posts | 184 |
| Solutions | 1 |
| Karma Given | 21 |
| Karma Received | 3 |
| Member Since | 07-11-2017 |
Activity Feed
- Posted Re: Unexpected results with field values - Splunk Enterprise on Getting Data In. 05-23-2024 04:24 AM
- Posted Re: Unexpected results with field values - Splunk Enterprise on Getting Data In. 05-23-2024 04:02 AM
- Posted Re: Unexpected results with field values - Splunk Enterprise on Getting Data In. 05-23-2024 03:53 AM
- Posted Re: Unexpected results with field values - Splunk Enterprise on Getting Data In. 05-23-2024 03:41 AM
- Posted Unexpected results with field values - Splunk Enterprise on Getting Data In. 05-23-2024 02:10 AM
- Posted Re: why the DB Connect input fetch the same data twice in a single run? on Splunk Enterprise. 05-08-2024 03:17 AM
- Posted Re: why the DB Connect input fetch the same data twice in a single run? on Splunk Enterprise. 05-06-2024 04:24 AM
- Posted Re: why the DB Connect input fetch the same data twice in a single run? on Splunk Enterprise. 05-05-2024 10:08 PM
- Posted why the DB Connect input fetch the same data twice in a single run? on Splunk Enterprise. 05-03-2024 04:24 AM
- Posted How to extract a field value which have combination of number and special characters? on Splunk Search. 01-17-2024 12:26 AM
- Posted Re: How to get the history of modifications made to a lookup file? on All Apps and Add-ons. 12-18-2023 03:29 AM
- Posted Re: How to get the history of modifications made to a lookup file? on All Apps and Add-ons. 12-12-2023 10:09 PM
- Posted How to get the history of modifications made to a lookup file? on All Apps and Add-ons. 12-12-2023 02:25 AM
- Posted Re: How to forward the data from AWS S3 to Splunk Enterprise? on Splunk Enterprise. 11-22-2023 02:11 AM
- Posted Re: How to forward the data from AWS S3 to Splunk Enterprise? on Splunk Enterprise. 11-22-2023 02:09 AM
- Posted How to forward the data from AWS S3 to Splunk Enterprise? on Splunk Enterprise. 11-21-2023 11:43 PM
- Karma Re: What are the limitations with Splunk Enterprise version 9.0.4 for FelixLeh. 11-14-2023 10:18 PM
- Karma Re: Unsual behavior with search events for isoutamo. 11-14-2023 10:18 PM
- Posted What are the limitations with Splunk Enterprise version 9.0.4 on Splunk Enterprise. 11-07-2023 11:51 PM
- Posted Re: Unsual behavior with search events on Splunk Enterprise. 11-07-2023 02:10 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
05-23-2024
04:24 AM
I have observed one more thing with these failed events. In the event section, usually at the end of each event, the default fields like host, sourcetype, etc., will be appended and displayed. Similarly, in addition to those default fields, I could see the Request_ID field is also displayed in that section after each event. In that place I could see the format of Request_ID is in unexpected form. Please check the below screenshot (After the field CT=1, the section of default fields is shown)
... View more
05-23-2024
04:02 AM
Actually I have shared picture of the raw event of the failed ones only (just masked the confidential fields). They look similar to the other events which work.
... View more
05-23-2024
03:53 AM
I am using just the table command index=main host=* sourcetype=* source=* | table _time, Request_id, Future_id
... View more
05-23-2024
03:41 AM
If I run a search query, there is no issue with raw events. From the Events tab, everything looks in perfect format and can't say that there is a Data quality issue in the events. Only when this is visualised from statistics tab I could see this. Also this is happening only with some events in the results set. I have attached the screenshot of the normal results and the results with Data Quality issue. Expected results with Request Id and other fields. But what it is displaying (Refer the highlighted rows) Here is the event of one of the request ids where the key value pair is as expected format
... View more
05-23-2024
02:10 AM
With some of the events, we are facing the unexpected format of the query results. Actually in the raw event there is no issue at all, and each field is showing their own values. But when it is queried and displayed in the statistics section as results, the values of few fields are displaying incorrectly. Usually the search results show key-values. But with some events, the search results are showing as "fieldname1=fieldname1=value" and in some cases "fieldname1=fieldname3=value". Example1: Request_id=Request_id=12345 (Expected to be -> "Request_id=12345") Example2: Parent_id=message_id=456 (Expected to be -> "Parent_id=321") Example3: Parent_id=category=unknown (Expected to be -> "Parent_id=321") Is this related with parser or something else? We are unable to find what could be the issue lying over here. Could anyone please help us on fixing this issue at the earliest?
... View more
Labels
- Labels:
-
heavy forwarder
05-08-2024
03:17 AM
Can I get any other suggestion on trouble shooting this issue?
... View more
05-06-2024
04:24 AM
I have created my input in DB Connect app directly from the UI of Splunk Enterprise. As I don't have permission for operations related task, I am unable to check that. I have observed that my another input also index the data events twice. Not sure if these duplication issue is because of the fetch size which we give it in the input schedule (By the way I have left them blank to apply with default settings)
... View more
05-05-2024
10:08 PM
Could anyone please help me to troubleshoot this issue? I need this to be fixed as soon as possible.
... View more
05-03-2024
04:24 AM
I have an input created in DB Connect app to few the necessary rows from a DB2 table. The job is scheduled to run on daily basis and to fetch only the previous day's data. I have left the "Max rows to retrieve" and "Fetch size" to default settings. Whenever my job runs, by default it is logging the same records twice. I am not sure what is causing this issue. I have attached screenshot of the entries belong to a primary key field where two events are indexed for each record. Could anyone help me in troubleshooting the issue?
... View more
- Tags:
- data duplication
Labels
- Labels:
-
using Splunk Enterprise
01-17-2024
12:26 AM
I have a field which have values only with numbers and also with combination of number and special characters as values. I would like to filter the field values where both number and special characters are in it. Example: Log 1 -> field1="238_345$345" Log 2 -> field1="+739-8883 Log 3 -> field1="542.789#298" Already I have tried in writing regex query but there is no expression to filter out the combination of digits & special characters. (No expression to filter all the special character). How can I filter and display the field value which have the combination of number and special characters? Could anyone help me on this?
... View more
Labels
- Labels:
-
field extraction
-
regex
12-18-2023
03:29 AM
I am looking this information to check the history of the modification made to a lookup file. If anyone can help me on this, it will be much appreciated!
... View more
12-12-2023
10:09 PM
Could anyone help me on this please?
... View more
12-12-2023
02:25 AM
I have gone through a few questions which are related to lookup file changes. I tried to use the same query to get the internal logs regarding my lookup file changes but I am unable to fetch any logs. I would like to know where can I find the information about the changes made to my lookup file. The information is more related to the user who modified and the respective time. I tried to search in _audit index, but I am unable to find the exact logs (may be the way of my searching is wrong) Could anyone please help me in finding the history of modification/changes made to any lookup file?
... View more
- Tags:
- lookup
Labels
- Labels:
-
search
11-22-2023
02:11 AM
I am curious to know about a couple of things related to fetching S3 logs. Is there any limitation in the number of inputs which we create in the AWS add-on? Is there any limitation on indexes on which we log the S3 data?
... View more
11-22-2023
02:09 AM
Yes, there was some error with endpoint. I have checked the error via below query index=_internal sourcetype=aws:s3:log ERROR
... View more
11-21-2023
11:43 PM
I have installed a free version of Splunk Enterprise 9.1 in my local system. I would need few logs files from my S3 bucket to be sent to Splunk. I have setup up the Splunk Add-on for AWS. In the app, under configuration, created an account with access ID and secret access key. Then created an input by specifying the account name, bucket name and indexing details. After creating the input, when I search my index and sourcetype, I could not find the logs from S3. I have waited for more than half an hour, then tried again but no luck. As this is the first time I am trying the setup with AWS add-on, I am not sure whether the issue is happening. Could anyone please help me on this?
... View more
- Tags:
- s3
Labels
- Labels:
-
configuration
-
using Splunk Enterprise
11-07-2023
11:51 PM
We have recently upgraded our Splunk Enterprise to the version 9.0.4. We observed that some of the behaviour in the system are different. For example, when we run a search with timechart/stats command and without mentioning the index field, the results are same but under the Events part, it shows empty events for the respective timestamp. Below is the sample query and respective results. host=abc sourcetype=xyz |timechart count This was not occurring earlier. Though we don't mention the index field, the results use to populate with the respective event logs. Not sure whether this is the expected behavior or it's a bug. Is this something which we can fix from the end user side? Please anyone help me on this. I would also like to know the limitations or restrictions which are introduced with this Splunk version.
... View more
Labels
- Labels:
-
upgrade
-
using Splunk Enterprise
11-07-2023
02:10 AM
If the search indexes are based on roles, then the search query should behave in same way with or without any commands (like statistical command, chart commands or any other functions). In my case, I am getting the empty logs whenever I run any of the below queries host=abc sourcetype=xyz |stats count
(or)
host=abc sourcetype=xyz |timechart count whereas, with the below query (without mentioning index) I am able to see the log events successfully. host=abc sourcetype=xyz
... View more
11-07-2023
01:46 AM
Could any help or suggest me on this? Why am I getting blank events in the verbose mode when I run the search query without index field?
... View more
11-02-2023
06:17 AM
Yes I have cross verified and all of the OS versions are supported for the Splunk version 9.0, as mentioned - here
... View more
11-02-2023
04:29 AM
We have distributed environment. The Splunk version is same. The OS version of indexer, search heads are same but for deployment server it is different.
... View more
11-02-2023
03:41 AM
With the same query, if I try to view the events from verbose mode, I get something like blank events. Please. refer the attached screenshot. But this was not occurring earlier. We used to see the respective log events for the host and sourcetype which are mentioned in the query (though index is not included.)
... View more
11-02-2023
03:14 AM
We have recently upgraded to Splunk Enterprise 9.0. When I try to run a search query without adding the index field into it, the event count are showing wrong. Also if I try to see the respective event logs, from Verbose mode they are weird and this is not usual format of logs. In other case, if index is mentioned in the query, everything is working fine and asusual. This issue occurs only when the search query have stats or chart commands to visualise the data. Below is the sample search query which I used host=abc sourcetype=xyz |stats count I am not sure whether it is a bug in Splunk 9.0 or any other issue from config side (like limitations in search head). Could anyone please help me on this.
... View more
Labels
- Labels:
-
using Splunk Enterprise
08-30-2023
03:20 AM
Thankyou! The code with case statement is working for me. To consider the value '2' also, I can use value <= 02
... View more
08-30-2023
02:34 AM
I have my table panel with the column field as Month-year and this is a dynamic fields populated from my panel query. One more column is a text field and it is a static field. (This does not need to be color coded.) I want to color code the cell values in all the dynamic field, based on the below condition if the cell value is less than 2 - the cell should be coded in green if the cell value is more than 2 - the cell should be coded in red. Other cells with text values - the cell should not be color coded. I tried to use multiple conditions with color palatte expression but that does not work <format type="color">
<colorPalette type="expression">if(isnull(value), "#c1fa9b", if(value<02, "#c1fa9b", "#ff9c9c"), if(value>02, "#ff9c9c", "#c1fa9b"))</colorPalette>
</format> I did the two conditions similar, just to filter the fields with text values. So that all the numeric fields with values less than 2 will be displayed as green and the greater than 2 will be displayed as red. I am aware of writing JS scripts for this but would like to make this with SimpleXML. Could anyone please help me on this?
... View more
- Tags:
- Color coding
Labels
- Labels:
-
table
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-23-2024
07:13 AM
|
