cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
n0vsec
Explorer
Member since: ‎05-28-2020
‎03-04-2024
Community Statistics
Posts 5
Solutions 1
Karma Given 3
Karma Received 1
Member Since ‎05-28-2020
Activity Feed
View All

Re: Specify Fields for Outputlookup or Outputcsv

by in Splunk Search
‎02-07-2024 09:34 AM
‎02-07-2024 09:34 AM
This is exactly what I was looking for!  One interesting thing I noticed, which I am not sure is a bug or not: If you run outputlook up and _time is still in the initial pipeline it will output _time to the lookup This happens even if you explicitly try to remove using the field command   A work around would be to rename time, which works but is not ideal Also to clean this up since this appends to the results of the initial pipeline you will need to follow with a where isnotnull(a), filtering out results on null values that should be present in the appended results. So the resulting search would be something like: ...initial search... ``` If you don't want _time in your resulting lookup ``` | rename _time as time | convert ctime(time) ``` Select fields for outputing to lookup ``` | appendpipe [| fields a, b, c | outputlookup lookup_file] ``` Remove appended entries by filtering on null fields which should only be present in the appended output ``` | where isnotnull(d)   ... View more

Re: Specify Fields for Outputlookup or Outputcsv

by in Splunk Search
‎09-28-2020 10:43 AM
‎09-28-2020 10:43 AM
Did you ever find an answer to this?  I wanting to do a similar search.  I only want to append specific fields to a lookup table, while keeping the rest of the fields for alert automation. ... View more

Re: Alert report - columns not ordered by table c...

by in Alerting
‎09-16-2020 04:10 PM
‎09-16-2020 04:10 PM
Were you able to resolve this? ... View more

Re: Alert action script returned error codes on we...

by in Alerting
‎08-31-2020 08:39 AM
‎08-31-2020 08:39 AM
So apparently at some point in time there was an update to our Splunk Cloud instance that broke webhooks, the only way to fix this was to put a ticket in and revert to Python 2.7 until the following update.  Not the best solution I would say, but everything is working for now. ... View more

Alert action script returned error codes on webhoo...

by in Alerting
‎05-28-2020 11:27 AM
1 Karma
‎05-28-2020 11:27 AM
1 Karma
I have set up an alert using webhooks and they have not been firing. I have set the notification to also show up in triggered alerts to make sure that the alert was in fact firing. When looking through the logs via index=_* webhook action=webhook I found some errors, which I cannot figure out how to remediate: event_message: action=webhook - Alert action script returned error code=3 event_message: action=webhook - Alert action script completed in duration=64 ms with exit code=3 event_message: action=webhook STDERR - Unexpected error: POST data should be bytes, an iterable of bytes, or a file object. It cannot be of type str. I realize that the last one is a Python error, which I found some information on here: stackoverflow - Python 3 urllib produces TypeErr... I guess what I am wondering is if this is something that I might be doing wrong? Or is something broken on the cloud platform? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-04-2024 12:32 PM
Karma from
View All
Karma given to
View All