Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About rahulroy_splunk
rahulroy_splunk
Path Finder
Member since:
12-21-2013
06-05-2020
Community Statistics
| Posts | 20 |
| Solutions | 3 |
| Karma Given | 597 |
| Karma Received | 20 |
| Member Since | 12-21-2013 |
Activity Feed
- Got Karma for Can we create DB Connect inputs in separate app?. 07-04-2022 01:23 AM
- Got Karma for Where can I download an older version of Splunk DB Connect (specifically version 1.2.2)?. 06-05-2020 12:48 AM
- Got Karma for Where can I download an older version of Splunk DB Connect (specifically version 1.2.2)?. 06-05-2020 12:48 AM
- Got Karma for Where can I download an older version of Splunk DB Connect (specifically version 1.2.2)?. 06-05-2020 12:48 AM
- Karma Re: Displaying the count of events over varying time spans for somesoni2. 06-05-2020 12:47 AM
- Karma Re: How to compute concurrent members in events? for somesoni2. 06-05-2020 12:47 AM
- Karma Re: Windows PerfMon stats -- unable to create total_cpu field for somesoni2. 06-05-2020 12:47 AM
- Karma Re: How to show multiple field values, that match another field for somesoni2. 06-05-2020 12:47 AM
- Karma Re: Creating Indirect / Cascading Search for somesoni2. 06-05-2020 12:47 AM
- Karma Re: searching the records of the table with empty field for somesoni2. 06-05-2020 12:47 AM
- Karma Re: blacklist file form inputs.conf for somesoni2. 06-05-2020 12:47 AM
- Karma Re: Using a value from a lookup table for somesoni2. 06-05-2020 12:47 AM
- Karma Re: How do I group software versions together for somesoni2. 06-05-2020 12:47 AM
- Karma Re: Lookup multiple values for martin_mueller. 06-05-2020 12:47 AM
- Karma Re: Lookup multiple values for somesoni2. 06-05-2020 12:47 AM
- Karma Re: How to remove statistics data table from an exported report and only keep the visualization graph? for somesoni2. 06-05-2020 12:47 AM
- Karma Re: How to extract multivalue fields in multiple events from xml data? for somesoni2. 06-05-2020 12:47 AM
- Karma Re: Is there any way to use the date_month field in a search as a numeric field without performance loss? for woodcock. 06-05-2020 12:47 AM
- Karma Re: Is there any way to use the date_month field in a search as a numeric field without performance loss? for somesoni2. 06-05-2020 12:47 AM
- Karma Re: correlate multiple destination fields based on single source field. for somesoni2. 06-05-2020 12:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 3 | |||
| 0 |
09-12-2019
01:25 PM
1 Karma
I'm using DB Connect 3.1.4 on Splunk 7.1. My db inputs were created in separate app, one app for each app area. I've installed 3.1.4 version of DB connect, did the migration of database inputs, but they're failing with following error:
ConfMigrationFailException: Fail to migration conf input, stanza name '.......'
It fails even if I copy the db_inputs.conf file to splunk_app_db_connect app itself. Any new connection I make works fine. Any idea why the migrated ones are not working?
... View more
07-06-2018
08:56 AM
I'm on Splunk 6.2.6. I have a SHC (3 nodes) and a deployment server (standalone box). So when I run a search with rest command, the id field format is different in my SHC nodes and deployment server nodes.
For example, if I run this
| rest /servicesNS/-/-/saved/searches splunk_server=local | head 1 | table id
The output on SHC nodes would be
id
http://<SHCNodeName>:<mgtmt_port>/servicesNS/nobody/search/saved/searches/somesname
Whereas, the same would return this on my standalone Deployment server.
id
http://127.0.0.1/servicesNS/nobody/search/saved/searches/somesname
I believe 127.0.0.1 is localhost but no port information , hence making the id field value unreachable (planning to some automation using this id/url).
Any idea why it doesn't show a valid url in the id field on standalone instance? I don't see any explicit config on SHC node where it works.
... View more
03-30-2017
11:32 AM
In Splunk DB Connect 1, I could create a database connection from conf file (database.conf) where I could provide a cleartext password and after deployment, Splunk would encrypt it. I tried to do the same with identities.conf on Splunk DB Connect 2.3.1 and it didn't encrypt the password and I'm getting error "Unable to decrypt password, please re-enter the password on identity".
Is it possible to manually or have Splunk to do the description when adding identities from conf file?
... View more
03-09-2017
10:00 AM
3 Karma
Where can we download an older version of Splunk DB Connect, version 1.2.2 specifically? I don't see that version in Splunkbase: https://splunkbase.splunk.com/app/2686/
... View more
03-01-2017
09:07 AM
Thanks @mmodestino. We'll go with 2.4.
... View more
03-01-2017
08:10 AM
My company does upgrade to latest version for at least 3 maintenance version for Splunk, as earlier versions may have some bugs. We're currently on DB Connect version 1.1.7 and would like to upgrade to 2.x or higher. What would be the best version to upgrade to ?
... View more
07-24-2015
04:08 PM
1 Karma
You can just get away with refreshing the endpoints. https://yoursplunkserver/debug/refresh
... View more
10-28-2014
01:28 PM
Can you post your full log??
... View more
08-15-2014
07:23 AM
Do you capture Process information on the server? (may be using TA apps). If yes, then you might be able to track the process which is causing those peak CPU usage.
... View more
08-12-2014
12:22 PM
1 Karma
Something like this should work for you.
process="squid" httpstatus=200 | regex clientaddress="10\.([1-9]|[1-9][0-9]|1[0-9][0-9]|200)\.([8-9][0-9]|1[0-9][0-9])\.(2(3[1-9]|4[0-9]|5[0-4]))"
The regex command will match the specified regular expression for the field clientaddress and filter out non-matching events.
... View more
08-07-2014
11:23 AM
2 Karma
It means run on any splunk instance 🙂
You can use this dashboard code without any prior data setup.
... View more
08-01-2014
12:58 PM
1 Karma
If you already have an existing dashboard(or rather form), you can copy the " " to tag of that dashboard and copy "
...
" to section after . I hope this is what you're asking.
... View more
04-29-2014
02:01 PM
1 Karma
You can upload your file (list of name) as lookup table file and then use it in the query. E.g. your lookup table, say names.csv, with header as name and one name per row. Add that a lookup table under appropriate app and set necessary sharing permission. Then the updated query could be like this
index=yourindex [|inputlookup names.csv ]
... View more
02-11-2014
09:49 AM
1 Karma
something like this
search giving field project, status | eval nStatus=case(status="s1",1,status="s2",2,status="s3",3,1=1,4) | table project, nStatus
... View more
