cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jaciro11
Path Finder
Member since: ‎05-08-2020
‎12-29-2020
Community Statistics
Posts 16
Solutions 2
Karma Given 2
Karma Received 0
Member Since ‎05-08-2020
Activity Feed
View All

Splunk Integration with Umbrella: Problem to show ...

by in Splunk Search
‎12-29-2020 11:27 AM
‎12-29-2020 11:27 AM
Hello Splunk Forum TEAM,   I have a question refered to the integration because right now I receive the information whitout problems but when I try to check in in a search I can´t find any log.   Here is where we use the scripts for pull data and delete after 30 days. ----------------------------------------------------------------------------------------------------------------------------------- -5. In $SPLUNK_HOME/etc/apps/TA-cisco_umbrella/local/inputs.conf create the following stanzas. Make sure you change the path and index in the monitor stanza if necessary! [script://./bin/pull-umbrella-logs.sh] disabled = 0 interval = 300 index = _internal sourcetype = cisco:umbrella:input start_by_shell = false [script://./bin/delete-old-umbrella-logs.sh] disabled = 0 interval = 600 index = _internal sourcetype = cisco:umbrella:cleanup start_by_shell = false [monitor:///opt/splunk/etc/apps/TA-cisco_umbrella/data/dnslogs/*/*.csv.gz] disabled = 0 index = opendns sourcetype = opendns:dnslogs -6. Verify data is coming in and you are seeing the proper field extractions by searching the data. ----Example Search: index=awsindexyouchose sourcetype=opendns:dnslogs ----Note: You can look for script output by searching: index=_internal sourcetype=cisco:umbrella* --------------------------------------------------------------------------------------------------------------------------------------- But when I try to do the next search: index=_internal sourcetype=cisco:umbrella* I dont retrive data.   ... View more
Labels

Re: Search with three Index with different fields

by in Getting Data In
‎06-12-2020 04:50 PM
‎06-12-2020 04:50 PM
My problem is:  CreatedDate>2020-05-30 Sorry all and thanks!!! 🙂  ... View more

Search with three Index with different fields

by in Getting Data In
‎06-12-2020 04:35 PM
‎06-12-2020 04:35 PM
Hello Splunk TEAM, I have a question about my searchs in splunk. I have 3 index and I want to search and compare some information.  But when I do my search Tiempo_Ejecutado its wrong I dont know what happen!   (index="inlooxtt" StatusName!=Completed StatusName!=Cancelled PerformedByName!=Donado* CreatedDate>2020-05-30 ProjectName!="Capac* General" ProjectName!="Preventas*") OR (index="inlooxtasks" ProjectStatusName!=Completed ProjectStatusName!=Cancelled ContactDisplayName!=Donado* ContactDisplayName!="null" ProjectName!="Capac* General" ProjectName!="Preventas*") OR (index="inlooxprojects" StatusName!="Completed" StatusName!="Cancelled" StatusName!="Pausado" IsRecycled!="true" FirstTeamMember!="Inloox - Alejandro Donado (deleted)" Name!="Capacit* General" Name!=Preventas*) | eval Proyectos=coalesce(ProjectName, Name) | eval Tiempo_Ejecutado=(DurationMinutes/60), Tiempo_Planeado=WorkAmount, Tiempo_Vendido=Ventas | stats dedup_splitvals=true sum(Tiempo_Ejecutado) as Tiempo_Ejecutado, sum(Tiempo_Planeado) as Tiempo_Planeado, sum(Tiempo_Vendido) as Tiempo_Vendido by Proyectos | eval Tiempo_Ejecutado=round(Tiempo_Ejecutado,2) | eval Tiempo_Planeado=round(Tiempo_Planeado,2) | sort Proyectos     Index1 have ProjectName Index2 ProjectName Index Name Thanks ALL! ... View more
Labels

Re: Use stat with two different Index with differe...

by in Getting Data In
‎06-12-2020 09:45 AM
‎06-12-2020 09:45 AM
Hello @richgalloway  It Working!!! Thanks you !!!!!!! 😁 ... View more

Use stat with two different Index with different f...

by in Getting Data In
‎06-12-2020 08:44 AM
‎06-12-2020 08:44 AM
Hello Splunk TEAM, I have a problem with my search because I use to different index and the data which I want to compare when I want to define by a field is different for example. I have two Index  in one I have ContactByName and in the other index I have PerformedByName. I the two fields I have the same data but when I want to compare the data in that information I cant. I try to rename ContactByName as PerformedByName to do my search again but is not a good idea.  I have this Right now:  (index="inlooxtt" StatusName!=Completed StatusName!=Cancelled PerformedByName!=Donado* CreatedDate>2020-05-30 ProjectName!="Capac* General" ProjectName!="Preventas*") OR (index="inlooxtasks" ProjectStatusName!=Completed ProjectStatusName!=Cancelled ContactDisplayName!=Donado* ContactDisplayName!="null" ProjectName!="Capac* General" ProjectName!="Preventas*") | rename ContactDisplayName as PerformedByname | eval Tiempo_Ejecutado=(DurationMinutes/60), Tiempo_Planeado=WorkAmount | stats dedup_splitvals=true sum(Tiempo_Ejecutado) as Tiempo_Ejecutado, sum(Tiempo_Planeado) as Tiempo_Planeado by PerformedByname But I have this:  The Tiempo_Ejecutado didnt appear 😞  Thanks all ... View more
Labels

Re: Splunk Use multiple index in a same search

by in Getting Data In
‎06-10-2020 04:49 PM
‎06-10-2020 04:49 PM
I try with this because we need the position of the indexes. (index="inlooxtt" StatusName!=Pausado StatusName!=Completed StatusName!=Cancelled PerformedByName!=Donado* ) OR (index="inlooxtasks" ProjectStatusName!="Paused" ProjectStatusName!="Completed" ProjectStatusName!="Cancelled" ContactDisplayName!=Donado* ContactDisplayName!="null") | rename ProjectName as Proyectos | eval Tiempo_Ejecutado=(DurationMinutes/60), Tiempo_Planeado=WorkAmount | stats dedup_splitvals=true sum(Tiempo_Ejecutado) as Tiempo_Ejecutado, sum(Tiempo_Planeado) as Tiempo_Planeado by Proyectos | eval Tiempo_Ejecutado=round(Tiempo_Ejecutado,2) | sort Proyectos   But the solution is the OR thanks for all! ... View more

Re: Splunk Use multiple index in a same search

by in Getting Data In
‎06-10-2020 03:01 PM
‎06-10-2020 03:01 PM
Hello,   Its not the same Query we have 2 different Index, Inlooxtt and Inlooxasks.   Thanks you ... View more

Re: Splunk Use multiple index in a same search

by in Getting Data In
‎06-10-2020 02:51 PM
‎06-10-2020 02:51 PM
Hello Greg, When I try to use ur search I take this:    ... View more

Splunk Use multiple index in a same search

by in Getting Data In
‎06-10-2020 12:04 PM
‎06-10-2020 12:04 PM
Hello Slunk Team, I have a question about appendcols. When I try to use two index to compare some information I got the information in different orders not in the same to compare the values.   SEARCH index="inlooxtt" StatusName!=Paused StatusName!=Completed StatusName!=Cancelled PerformedByName!=Donado* | eval Horas=(DurationMinutes/60) |stats dedup_splitvals=true sum(Horas) as Tiempo by ProjectName | eval Tiempo=round(Tiempo,2) |rename Tiempo as Tiempo | sort ProjectName | appendcols [search index="inlooxtasks" ProjectStatusName!=Paused ProjectStatusName!=Completed ProjectStatusName!=Cancelled ContactDisplayName!=Donado* ContactDisplayName!="null" | eval Horas2=(WorkAmount) | stats dedup_splitvals=true sum(Horas2) as Tiempo2 by ProjectName | rename ProjectName as Proyecto2 | eval Tiempo2=round(Tiempo2,2) | sort Proyecto2] How I can do to solve my iproblem I will show what happen.  I want to have all my data in order to do a exatly data comparison   Thanks all!! ... View more
Labels

Re: LINE_BREAKER with INDEXED_EXTRACTIONS does not...

by in Getting Data In
‎06-04-2020 11:55 AM
‎06-04-2020 11:55 AM
Hello, Really Thanks for you help, you helped me fix my issue!! but When I have all my data correct the first one event and the last continue appearing with problem. Only two events The fist and the last. I will show you. https://ibb.co/zrHfJrG and First event. https://ibb.co/cwV3qGD ... View more

Re: LINE_BREAKER with INDEXED_EXTRACTIONS does not...

by in Getting Data In
‎06-04-2020 08:18 AM
‎06-04-2020 08:18 AM
https://ibb.co/kh2gRrJ ... View more

Re: LINE_BREAKER with INDEXED_EXTRACTIONS does not...

by in Getting Data In
‎06-04-2020 08:18 AM
‎06-04-2020 08:18 AM
Well I really don´t understand what happen I change my Line_Breaker for }(,){ and I think all work correctly. look. Can you explain me what happen, why this only change fix this. ... View more

Re: LINE_BREAKER with INDEXED_EXTRACTIONS does not...

by in Getting Data In
‎06-04-2020 07:31 AM
‎06-04-2020 07:31 AM
Where I need to add this in props.conf?? Sorry for ask this 😞 ... View more

Re: LINE_BREAKER with INDEXED_EXTRACTIONS does not...

by in Getting Data In
‎06-04-2020 06:22 AM
‎06-04-2020 06:22 AM
How I use spath im so new with splunk can you explain to me please. ... View more

LINE_BREAKER with INDEXED_EXTRACTIONS does not wor...

by in Getting Data In
‎06-03-2020 11:53 PM
‎06-03-2020 11:53 PM
Hello Splunk TEAM, I have a question. I have this data: { "@odata.context":"https://app.inlooxnow.de/odata/$metadata#workpackageview","value":[ { "PlanningReservationId":"5345345","DoneDate":null,"WorkAmount":261.0,"IsDone":false,"Name":"Informaci","StartReminderDateTime":null,"EndReminderDateTime":null,"ProjectId":"4d7a-8fb1-b69918c35e25","ContactId":null,"ChangedDate":"2017-10-24T13:51:03.277Z","CreatedDate":"2017-09-04T14:16:31.147Z","PositionNumber":0,"CardPositionNumber":0,"PositionOrderedByContact":null,"PlanningId":null,"GroupId":"76879d8a-482b-b17d-4d0cb8eee218","CreatedByContactId":"b-85a6-4af8-a7b2-ca8dc38cd601","WorkPackageStartDateTime":null,"WorkPackageEndDateTime":"2017-10-17T23:00:00Z","IsBillable":true,"IsBilled":false,"CostPerHour":null,"SecondaryCostPerHour":null,"CustomColor":null,"IsRead":true,"AssignedByContactId":null,"HasStartDate":false,"HasEndDate":true,"StartDateTime":null,"EndDateTime":"2017-10-17T23:00:00Z","PlanningReservationStatusName":"To do","PlanningReservationStatusId":"263d4762-dc54-46ec-95a7-36391f9ef4b5","MindMapNodeId":null,"PlanningTypeId":null,"Location":null,"PSPCode":null,"ColorFlag":null,"PlanningCustomColor":null,"PlanningProgress":null,"CalendarId":null,"ConstraintType":null,"ConstraintDate":null,"DurationTicks":null,"PlanningStartDateTime":null,"PlanningEndDateTime":null,"IsFixed":null,"IsMilestone":null,"IsGrouping":null,"IsCollapsed":null,"IsCritical":null,"PlanningSnapshotId":null,"OriginalPlanningId":null,"IsProjectGrouping":null,"IsVIP":null,"PlanningPositionNumber":null,"DisplayName":null,"ParentPlanningId":null,"ProjectName":"Hospital","ProjectNumber":"1257","Priority":1,"FirstManager":"pepe raul","FirstTeamMember":"Inloox - Heremias","FirstCustomer":null,"FirstPartner":null,"FirstAdditionalContact":null,"ComputedProgress":100.0,"IsEndDateFixed":false,"IsRecycled":false,"IsArchived":true,"IsRequest":false,"ProjectImageId":"2b797791-ccb5-490b-9939-2dfda829f3f4","ClientName":"hospitalo","ClientNumber":"0114","ProjectStatusName":"Completed","ProjectStatusProgress":100,"DivisionName":null,"ContactName":null,"FirstName":null,"LastName":null,"ContactDisplayName":null,"ContactImageId":null,"AssignedByDisplayName":null,"AssignedByImageId":null,"GroupName":"Preventa","WorkpackagePredecessorDone":null,"AllWorkpackagePredecessorDone":null,"CustomExpand@odata.navigationLink":"https://app.inlooxnow.de/odata/workpackageview(50c9fca1-b316-4b96-abb6-0018d1a58c61)/CustomExpand","DocumentObjectRelation@odata.navigationLink":"https://app.inlooxnow.de/odata/workpackageview(50c9fca1-b316-4b96-abb6-0018d1a58c61)/DocumentObjectRelation" },{ PlanningReservationId":"5345345","DoneDate":null,"WorkAmount":261.0,"IsDone":false,"Name":"Informaci","StartReminderDateTime":null,"EndReminderDateTime":null,"ProjectId":"4d7a-8fb1-b69918c35e25","ContactId":null,"ChangedDate":"2017-10-24T13:51:03.277Z","CreatedDate":"2017-09-04T14:16:31.147Z","PositionNumber":0,"CardPositionNumber":0,"PositionOrderedByContact":null,"PlanningId":null,"GroupId":"76879d8a-482b-b17d-4d0cb8eee218","CreatedByContactId":"b-85a6-4af8-a7b2-ca8dc38cd601","WorkPackageStartDateTime":null,"WorkPackageEndDateTime":"2017-10-17T23:00:00Z","IsBillable":true,"IsBilled":false,"CostPerHour":null,"SecondaryCostPerHour":null,"CustomColor":null,"IsRead":true,"AssignedByContactId":null,"HasStartDate":false,"HasEndDate":true,"StartDateTime":null,"EndDateTime":"2017-10-17T23:00:00Z","PlanningReservationStatusName":"To do","PlanningReservationStatusId":"263d4762-dc54-46ec-95a7-36391f9ef4b5","MindMapNodeId":null,"PlanningTypeId":null,"Location":null,"PSPCode":null,"ColorFlag":null,"PlanningCustomColor":null,"PlanningProgress":null,"CalendarId":null,"ConstraintType":null,"ConstraintDate":null,"DurationTicks":null,"PlanningStartDateTime":null,"PlanningEndDateTime":null,"IsFixed":null,"IsMilestone":null,"IsGrouping":null,"IsCollapsed":null,"IsCritical":null,"PlanningSnapshotId":null,"OriginalPlanningId":null,"IsProjectGrouping":null,"IsVIP":null,"PlanningPositionNumber":null,"DisplayName":null,"ParentPlanningId":null,"ProjectName":"Hospital","ProjectNumber":"1257","Priority":1,"FirstManager":"pepe raul","FirstTeamMember":"Inloox - Heremias","FirstCustomer":null,"FirstPartner":null,"FirstAdditionalContact":null,"ComputedProgress":100.0,"IsEndDateFixed":false,"IsRecycled":false,"IsArchived":true,"IsRequest":false,"ProjectImageId":"2b797791-ccb5-490b-9939-2dfda829f3f4","ClientName":"hospitalo","ClientNumber":"0114","ProjectStatusName":"Completed","ProjectStatusProgress":100,"DivisionName":null,"ContactName":null,"FirstName":null,"LastName":null,"ContactDisplayName":null,"ContactImageId":null,"AssignedByDisplayName":null,"AssignedByImageId":null,"GroupName":"Preventa","WorkpackagePredecessorDone":null,"AllWorkpackagePredecessorDone":null,"CustomExpand@odata.navigationLink":"https://app.inlooxnow.de/odata/workpackageview(50c9fca1-b316-4b96-abb6-0018d1a58c61)/CustomExpand","DocumentObjectRelation@odata.navigationLink":"https://app.inlooxnow.de/odata/workpackageview(50c9fca1-b316-4b96-abb6-0018d1a58c61)/DocumentObjectRelation" },{ PlanningReservationId":"5345345","DoneDate":null,"WorkAmount":261.0,"IsDone":false,"Name":"Informaci","StartReminderDateTime":null,"EndReminderDateTime":null,"ProjectId":"4d7a-8fb1-b69918c35e25","ContactId":null,"ChangedDate":"2017-10-24T13:51:03.277Z","CreatedDate":"2017-09-04T14:16:31.147Z","PositionNumber":0,"CardPositionNumber":0,"PositionOrderedByContact":null,"PlanningId":null,"GroupId":"76879d8a-482b-b17d-4d0cb8eee218","CreatedByContactId":"b-85a6-4af8-a7b2-ca8dc38cd601","WorkPackageStartDateTime":null,"WorkPackageEndDateTime":"2017-10-17T23:00:00Z","IsBillable":true,"IsBilled":false,"CostPerHour":null,"SecondaryCostPerHour":null,"CustomColor":null,"IsRead":true,"AssignedByContactId":null,"HasStartDate":false,"HasEndDate":true,"StartDateTime":null,"EndDateTime":"2017-10-17T23:00:00Z","PlanningReservationStatusName":"To do","PlanningReservationStatusId":"263d4762-dc54-46ec-95a7-36391f9ef4b5","MindMapNodeId":null,"PlanningTypeId":null,"Location":null,"PSPCode":null,"ColorFlag":null,"PlanningCustomColor":null,"PlanningProgress":null,"CalendarId":null,"ConstraintType":null,"ConstraintDate":null,"DurationTicks":null,"PlanningStartDateTime":null,"PlanningEndDateTime":null,"IsFixed":null,"IsMilestone":null,"IsGrouping":null,"IsCollapsed":null,"IsCritical":null,"PlanningSnapshotId":null,"OriginalPlanningId":null,"IsProjectGrouping":null,"IsVIP":null,"PlanningPositionNumber":null,"DisplayName":null,"ParentPlanningId":null,"ProjectName":"Hospital","ProjectNumber":"1257","Priority":1,"FirstManager":"pepe raul","FirstTeamMember":"Inloox - Heremias","FirstCustomer":null,"FirstPartner":null,"FirstAdditionalContact":null,"ComputedProgress":100.0,"IsEndDateFixed":false,"IsRecycled":false,"IsArchived":true,"IsRequest":false,"ProjectImageId":"2b797791-ccb5-490b-9939-2dfda829f3f4","ClientName":"hospitalo","ClientNumber":"0114","ProjectStatusName":"Completed","ProjectStatusProgress":100,"DivisionName":null,"ContactName":null,"FirstName":null,"LastName":null,"ContactDisplayName":null,"ContactImageId":null,"AssignedByDisplayName":null,"AssignedByImageId":null,"GroupName":"Preventa","WorkpackagePredecessorDone":null,"AllWorkpackagePredecessorDone":null,"CustomExpand@odata.navigationLink":"https://app.inlooxnow.de/odata/workpackageview(50c9fca1-b316-4b96-abb6-0018d1a58c61)/CustomExpand","DocumentObjectRelation@odata.navigationLink":"https://app.inlooxnow.de/odata/workpackageview(50c9fca1-b316-4b96-abb6-0018d1a58c61)/DocumentObjectRelation" },{ PlanningReservationId":"5345345","DoneDate":null,"WorkAmount":261.0,"IsDone":false,"Name":"Informaci","StartReminderDateTime":null,"EndReminderDateTime":null,"ProjectId":"4d7a-8fb1-b69918c35e25","ContactId":null,"ChangedDate":"2017-10-24T13:51:03.277Z","CreatedDate":"2017-09-04T14:16:31.147Z","PositionNumber":0,"CardPositionNumber":0,"PositionOrderedByContact":null,"PlanningId":null,"GroupId":"76879d8a-482b-b17d-4d0cb8eee218","CreatedByContactId":"b-85a6-4af8-a7b2-ca8dc38cd601","WorkPackageStartDateTime":null,"WorkPackageEndDateTime":"2017-10-17T23:00:00Z","IsBillable":true,"IsBilled":false,"CostPerHour":null,"SecondaryCostPerHour":null,"CustomColor":null,"IsRead":true,"AssignedByContactId":null,"HasStartDate":false,"HasEndDate":true,"StartDateTime":null,"EndDateTime":"2017-10-17T23:00:00Z","PlanningReservationStatusName":"To do","PlanningReservationStatusId":"263d4762-dc54-46ec-95a7-36391f9ef4b5","MindMapNodeId":null,"PlanningTypeId":null,"Location":null,"PSPCode":null,"ColorFlag":null,"PlanningCustomColor":null,"PlanningProgress":null,"CalendarId":null,"ConstraintType":null,"ConstraintDate":null,"DurationTicks":null,"PlanningStartDateTime":null,"PlanningEndDateTime":null,"IsFixed":null,"IsMilestone":null,"IsGrouping":null,"IsCollapsed":null,"IsCritical":null,"PlanningSnapshotId":null,"OriginalPlanningId":null,"IsProjectGrouping":null,"IsVIP":null,"PlanningPositionNumber":null,"DisplayName":null,"ParentPlanningId":null,"ProjectName":"Hospital","ProjectNumber":"1257","Priority":1,"FirstManager":"pepe raul","FirstTeamMember":"Inloox - Heremias","FirstCustomer":null,"FirstPartner":null,"FirstAdditionalContact":null,"ComputedProgress":100.0,"IsEndDateFixed":false,"IsRecycled":false,"IsArchived":true,"IsRequest":false,"ProjectImageId":"2b797791-ccb5-490b-9939-2dfda829f3f4","ClientName":"hospitalo","ClientNumber":"0114","ProjectStatusName":"Completed","ProjectStatusProgress":100,"DivisionName":null,"ContactName":null,"FirstName":null,"LastName":null,"ContactDisplayName":null,"ContactImageId":null,"AssignedByDisplayName":null,"AssignedByImageId":null,"GroupName":"Preventa","WorkpackagePredecessorDone":null,"AllWorkpackagePredecessorDone":null,"CustomExpand@odata.navigationLink":"https://app.inlooxnow.de/odata/workpackageview(50c9fca1-b316-4b96-abb6-0018d1a58c61)/CustomExpand","DocumentObjectRelation@odata.navigationLink":"https://app.inlooxnow.de/odata/workpackageview(50c9fca1-b316-4b96-abb6-0018d1a58c61)/DocumentObjectRelation" },{ But When I Download this data from the Rest API with JSON format and sourcetype _JSON I got all the events in one event. I need to break this event in multiple events and extract the fields. I try to use this: props.conf pulldown_type = true LINE_BREAKER = (},{) KV_MODE = none category = Structured SHOULD_LINEMERGE = false And the data breaks correctly with (},{) but no one value is extracted to a field. And when I try to extract data from the events I cant because never pass pass when I check regular expression and click in the event which I need to extract, after that it looking stuck. I try to use INDEXED_EXTRACTIONS = json But nothing works. Please I need a hand please!! ... View more
Labels

Help with integration via Inloox API with Splunk R...

by in Getting Data In
‎05-08-2020 09:16 AM
‎05-08-2020 09:16 AM
Hello all, Right now I started to use Splunk, and I have so many doubts. When I GET the data via REST-API, I get a lot of data and well I finally find how to create fields and other things. How do I make Splunk get only new data and not collect old data to evade duplicate data? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎12-29-2020 04:20 PM
Karma given to
View All