cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
dolj
Loves-to-Learn Everything
Member since: ‎05-02-2020
‎11-25-2024
Community Statistics
Posts 11
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-02-2020
Activity Feed
View All

Re: Props and the Magic 8

by Splunk Employee in Getting Data In
‎11-25-2024 12:31 PM
1 Karma
‎11-25-2024 12:31 PM
1 Karma
Yes, it's recommended as a best practice to implement all Magic 8 configs because they establish consistency and reliability in data onboarding. While most TAs start with Magic 6, adding the EVENT_BREAKER configs gives you better control over event distribution and parsing. Think of Magic 6 as the minimum standard, and Magic 8 as the complete package for optimal data handling. The TAs can be updated with the additional configs when needed based on your specific deployment, but having all 8 from the start is generally ideal as it prevents potential data parsing issues down the line. If this Helps, Please Upvote. ... View more

Re: using addcoltotals

by SplunkTrust in Splunk Search
‎08-09-2023 11:26 PM
‎08-09-2023 11:26 PM
You can't use the total calculated by addcoltotals as it's in a new row at the bottom of the table, however, as @richgalloway the typical way to calculate percentages is to use eventstats to add up all the counts, so that the total is added to _every_ row in your data set, which you can then calculate the percentages with. Then discard that calculated total field if you no longer need it ... View more

Re: Is there a limit to the number of white/blackl...

by in Deployment Architecture
‎04-27-2023 07:28 AM
‎04-27-2023 07:28 AM
Here is the spec doc for the serverclass.conf file. https://docs.splunk.com/Documentation/Splunk/9.0.4/Admin/Serverclassconf   I have not run into any limits on the number of items.  Especially when I use a csv file to specify 100s of servers for a specific class.  You should be good. ... View more

Re: inputs.conf blacklist format

by in Getting Data In
‎02-12-2023 01:07 PM
1 Karma
‎02-12-2023 01:07 PM
1 Karma
Escaping with regex may make it hard to read, but luckily there is a smart way around it. You can start and stop in regex with \Q  and \E on what you like to get literal. | makeresults | eval _raw= "C:\Program Files (x86)\Google" | regex "\QC:\Program Files (x86)\Google\E"  This makes regex much more readable. https://www.regular-expressions.info/characters.html ... View more

Re: What is the best was to identify the outage wi...

by SplunkTrust in Splunk Search
‎06-13-2022 11:28 PM
‎06-13-2022 11:28 PM
Hi @dolj, if you want to find the time borders of a search you can use "addinfo" (https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Addinfo). If instead you want to display the first and the last event, you can use stats and the options "first" and "last", something like this: your_search | stats first(_raw) AS first last(_raw) AS last Ciao. Giuseppe ... View more

Re: Web_service.log is empty after upgrading from ...

by in Deployment Architecture
‎05-24-2020 08:24 PM
‎05-24-2020 08:24 PM
not sure why but it wasn't working and it now is. I found this log related to the web UI 05-24-2020 23:12:06.172 -0400 ERROR UiHttpListener - An applicaiton server has exited unexpectedly, web UI cannot be used until it is restarted ... View more

Re: Data input for Browsing History analysis app

by in All Apps and Add-ons
‎05-05-2020 05:29 PM
‎05-05-2020 05:29 PM
I Installed 6.5.10 and configured all windows event logs locally and see events coming in but nothing in the borwser index and nothing in the dashboar even after a restart. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-25-2024 03:32 PM