Activity Feed
- Posted Re: Parse XML data into fields while indexing on Getting Data In. 01-29-2024 05:49 AM
- Posted Re: Parse XML data into fields while indexing on Getting Data In. 01-29-2024 05:44 AM
- Posted Parse XML data into fields while indexing on Getting Data In. 01-24-2024 07:19 AM
- Posted Is there an option for curve smoothing or filtering in splunk line chart? on Splunk Cloud Platform. 03-30-2023 06:27 AM
- Posted App creation in Splunk Cloud to create dashboards? on Splunk Cloud Platform. 03-24-2023 03:20 AM
- Posted Re: SPLUNK DB Connect is throwing time out error on All Apps and Add-ons. 12-08-2022 08:05 PM
- Posted Splunk DB connect to Redshift database - showing error on All Apps and Add-ons. 12-08-2022 08:01 PM
- Posted How to escape ":" character from json string sent to splunk through uf? on Getting Data In. 10-04-2022 10:38 PM
- Karma Re: The system cannot find the file specified in splunkd log of splunk universal forwarder for gcusello. 09-30-2022 01:08 AM
- Posted Re: The system cannot find the file specified in splunkd log of splunk universal forwarder on Getting Data In. 09-30-2022 12:10 AM
- Posted Re: The system cannot find the file specified in splunkd log of splunk universal forwarder on Getting Data In. 09-27-2022 09:30 PM
- Posted How to solve this error: The system cannot find the file specified in splunkd log of splunk universal forwarder on Getting Data In. 09-27-2022 02:10 AM
- Posted Renaming the macro on Knowledge Management. 06-18-2020 09:02 AM
- Posted Dynamic Heading for dropdown on Splunk Search. 06-11-2020 02:43 AM
- Posted Re: How to create dashboard which shows all dashboard's panels provides data or not? on Dashboards & Visualizations. 05-19-2020 06:29 AM
- Posted How to create dashboard which shows all dashboard's panels provides data or not? on Dashboards & Visualizations. 05-14-2020 05:31 AM
- Tagged How to create dashboard which shows all dashboard's panels provides data or not? on Dashboards & Visualizations. 05-14-2020 05:31 AM
- Tagged How to create dashboard which shows all dashboard's panels provides data or not? on Dashboards & Visualizations. 05-14-2020 05:31 AM
- Posted How to hide the minus character from the bar graph on Splunk Search. 04-22-2020 03:51 AM
- Tagged How to hide the minus character from the bar graph on Splunk Search. 04-22-2020 03:51 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-29-2024
05:49 AM
Hi @isoutamo , Yes, I can see the Entry data in a separate event, but there are no fields parsed through this. I need fields and values to be parsed like the below table. Field Name Field Value Sender Component XYZ Receiver Component ABC Interface Mobile System Error - Waiting 3
... View more
01-29-2024
05:44 AM
<?xml version="1.0" encoding="UTF-8" ?>
<Results xmlns:xsi="http://www.w3.org">
<Result>
<Code>OK</Code>
<Details>LoadMessageOverviewData</Details>
<Text>Successfull</Text>
</Result>
<Data>
<ColumnNames>
<Column>Sender Component</Column>
<Column>Receiver Component</Column>
<Column>Interface</Column>
<Column>System Error</Column>
<Column>Waiting</Column>
</ColumnNames>
<DataRows>
<Row>
<Entry>XYZ</Entry>
<Entry>ABC</Entry>
<Entry>Mobile</Entry>
<Entry>-</Entry>
<Entry>3</Entry>
</Row>
</DataRows>
</Data>
</MessageStatisticsQueryResults> Hi @PickleRick , Above is my xml data, My expected parsed data are below Field Name Field Value Sender Component XYZ Receiver Component ABC Interface Mobile System Error - Waiting 3
... View more
01-24-2024
07:19 AM
Sample data: <?xml version="1.0" encoding="UTF-8" ?> <Results xmlns:xsi="http://www.w3.org"> <Result> <Code>OK</Code> <Details>LoadMessageOverviewData</Details> <Text>Successful</Text> </Result> <Data> <ColumnNames> <Column>Sender Component</Column> <Column>Receiver Component</Column> <Column>Interface</Column> <Column>System Error</Column> <Column>Waiting</Column> </ColumnNames> <DataRows> <Row> <Entry>XYZ</Entry> <Entry>ABC</Entry> <Entry>Mobile</Entry> <Entry>-</Entry> <Entry>3</Entry> </Row> </DataRows> </Data> </Results> Hello, I need to extract fields from the above xml data. I have tried the below props, but still the data is not extracting properly. Props.conf CHARSET=UTF-8 BREAK_ONLY_BEFORE = <\/Row> MUST_BREAK_AFTER = <Row> SHOULD_LINEMERGE = true KV_MODE = xml pulldown_type = true DATETIME_CONFIG = CURRENT NO_BINARY_CHECK=true TRUNCATE=0 description=describing props config disabled=false How to parse the data.? Thanks in advance
... View more
03-30-2023
06:27 AM
Hi,
I have a graph with almost 100 values plotted where the graph looks like the below image. We expect the graph to be in a curve drawn in red with some values. Do we have option to do curve smoothing/filtering in splunk.
... View more
Labels
- Labels:
-
using Splunk Cloud
03-24-2023
03:20 AM
Hi,
I have created a app in splunk cloud platform through Manage Apps -> Create Apps.
The App is created but while searching for events with the index shows the below error.
Search process did not exit cleanly, exit_code=111, description="exited with error: Application does not exist: app_name".
what could be the issue?
Thanks in advance.
... View more
Labels
- Labels:
-
troubleshooting
-
using Splunk Cloud
12-08-2022
08:05 PM
Hello @payal23 , I am facing the same issue. Was your issue resolved? Can you suggest something for troubleshooting?
... View more
12-08-2022
08:01 PM
Hi, We have configured a input to connect to redshift database from splunk db connect. It was working fine. But suddenly the input is showing invalid database connection in the inputs page and we are unable to create a new connection. Telnet to the db is connecting. What could be the possible issues for this?
... View more
Labels
- Labels:
-
troubleshooting
10-04-2022
10:38 PM
Hi,
I have a python script with json string which is sent to splunk cloud through Universal Forwarder. Since I have ":" character in my json string, the string is not indexed due to missing escape character. I tried adding \ manually for escaping, but the indexed data shows the ":" character with "\" as prefix.
Please suggest a way to escape : in my python script or a way to eliminate the \ in indexed data.
... View more
Labels
09-30-2022
12:10 AM
Hi @gcusello , The issue is fixed now. The forwarder was searching for python3.exe where i have python.exe in my splunkuniversalforwarder folder. So it couldn't find the file. The issue is fixed as I renamed the file name. Thanks for ur solutions @gcusello
... View more
09-27-2022
09:30 PM
Hi @gcusello , I have checked the filename and path. Regarding the grants for the file, I am unable to add my splunk user in the security tab of Access window.
... View more
09-27-2022
02:10 AM
Hi,
I am trying to run a python script on my universal forwarder which send data to splunk cloud instance. I have added the path in inputs.conf and there is not events found in my index.
While checking on splunkd logs, there shows a error "The system cannot find the file specified".
what could be the problem?
... View more
Labels
- Labels:
-
scripted input
-
universal forwarder
06-18-2020
09:02 AM
I have a macro created already in a app. Now, I need to change the name of the macro. I couldn't find any option to rename the macro. Is there is any way to rename the macro? Thanks in advance
... View more
Labels
- Labels:
-
search macro
06-11-2020
02:43 AM
We have many dashboards of having different field name but similar query logic. So the heading changes for each dashboard. How to make the heading of the dropdown dynamic by giving token or defining macro? Thanks in advance.
... View more
Labels
- Labels:
-
fields
05-19-2020
06:29 AM
Thank you for the answer.
I have used the scheduled search and summary index to load the panels.
... View more
05-14-2020
05:31 AM
I want to create a dashboard which should have a table where each row is a dashboard and columns are panels of the dashboard. And the value should be either "Found Results" (if the panel of the specific dashboard has results) or "No Results" ( if the panel returns no results).
Thanks in Advance
... View more
Labels
- Labels:
-
panel
04-22-2020
03:51 AM
Hello,
I have generated a bar graph which has values on both positive and negative sides of the x axis. Logically, the values in the negative axis should display with minus as prefix, but we have a requirement not to show the minus character before the numeric value.
The idea is to get the graph on both positive and negative side with positive values for easier understanding of the graph.
To achieve, we end up converting some positive values to negative inorder to show in negative axis. But now minus character plays as a issue here.
Is there any way to hide the preceeding minus character or any other way of bringing some values to the negative axis of the graph.
Thanks in advance.
... View more
