Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About inventsekar
inventsekar
Super Champion
Member since:
06-19-2015
2 weeks ago
Community Statistics
| Posts | 1244 |
| Solutions | 148 |
| Karma Given | 1671 |
| Karma Received | 309 |
| Member Since | 06-19-2015 |
Activity Feed
- Got Karma for Re: How do I configure a custom text on the login screen?. a week ago
- Got Karma for Re: Addons cost in Splunk. 2 weeks ago
- Posted Re: Conditional drilldown on Splunk Search. 2 weeks ago
- Posted Re: Addons cost in Splunk on Developing for Splunk Enterprise. 2 weeks ago
- Got Karma for Re: How to check if new hosts get added to instance & get alerted?. 2 weeks ago
- Posted Re: Create a failed search job on Splunk Search. 3 weeks ago
- Karma Re: Create a failed search job for richgalloway. 3 weeks ago
- Karma Re: Create a failed search job for bowesmana. 3 weeks ago
- Posted Create a failed search job on Splunk Search. 3 weeks ago
- Posted Re: How do I extract a substring beginning by some characters and ending by : on Splunk Search. 03-05-2021 08:03 AM
- Posted Re: Add color to report column in email on Reporting. 02-24-2021 01:52 PM
- Posted Re: Add color to report column in email on Reporting. 02-24-2021 01:31 PM
- Posted Re: Splunk Report functionality on Reporting. 02-24-2021 01:26 PM
- Got Karma for Re: sslRootCAPath at server.conf. 02-21-2021 03:39 PM
- Posted Re: How to count specific data separated by pipe character ? on Splunk Search. 02-21-2021 09:02 AM
- Posted Re: Can splunk recognize Chinese character timestamp on Getting Data In. 02-08-2021 02:04 AM
- Karma Re: rest jobs runDuration inaccurate values for richgalloway. 02-08-2021 01:47 AM
- Posted Re: How to find the perple who leave in the next day on Splunk Search. 02-08-2021 01:46 AM
- Posted Re: How to find the perple who leave in the next day on Splunk Search. 02-07-2021 05:56 AM
- Posted Re: rest jobs runDuration inaccurate values on Splunk Search. 02-02-2021 07:58 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 1 | |||
| 0 | |||
| 0 |
2 weeks ago
Hi @prettysunshinez ... We can have a full panel as hidden. We can not hide one or two columns alone(as per my knowledge). Even if there are some ways to hide the column, how can you implement drilldown on that panel which is hidden?!?!.. If you explain your situation more clearly, there should be some other ways to solve this issue.
... View more
2 weeks ago
1 Karma
Hi @Madhusri ... Generally add-ons/TA's are free. Most of the App's also are free. Only the "premium apps" are not free. Some examples for premium apps... Splunk Premium apps Splunk IT Service Intelligence (ITSI) Splunk Enterprise Security (ES) Splunk User Behavior Analytics (Splunk UBA) Splunk App for PCI Compliance – Splunk Enterprise Security. Splunk App for Microsoft Exchange.
... View more
3 weeks ago
Thanks @bowesmana .. that works fine. @richgalloway .. i would like to run a search which will fail. Let me give more info.. in our clustered environment, at random times, user's search queries status in JOBS say "failed", but still continuous to run for very long time.. even for weeks. is there any way to clear these "failed jobs" please.
... View more
- Tags:
- O
3 weeks ago
Hi, for a testing purpose, i would like to create a failed search job.. i did search for this, but no luck.. any suggestions please
... View more
Labels
- Labels:
-
search job inspector
03-05-2021
08:03 AM
Hi, You can use rex command... |makeresults | eval _raw="pwein1a1_cjq0_287471.trc: ORA-12850: Could not allocate" | rex field=_raw "(?<oraNum>ORA-\d+)\:" | table _raw oraNum
if this solves your query, pls accept this as solution, upvote is appreciated, thanks.
... View more
02-24-2021
01:52 PM
EDIT >> we are using Splunk web/// do you use splunk cloud, if yes, then, you will need to contact the splunk cloud support guys to edit/update the conf files. << EDIT i think you saved this as an alert and you get email from the alert, right. if so, maybe, please check dashboards/reports options, instead of the "alerts". Sending colored table on email report is a difficult task i think. the best and easy workaround is the dashboards. dashboard's pdf email delivery is possible with colored tables.
... View more
02-24-2021
01:31 PM
Hi @JasonMcMahan ... i am not sure of your query, but, pls have a look at a similar query... https://community.splunk.com/t5/All-Apps-and-Add-ons/Change-background-color-of-specifc-column-in-email-alert-table/m-p/443806
... View more
02-24-2021
01:26 PM
Hi @KYAKUBO ..i am not much clear on your query.. i assume like this..you have created a Splunk Report, which will generate a table format result, you are sending email notifications on each run.. you wanted the email attachment file name to be dynamic. is that correct, please suggest, thanks.
... View more
02-21-2021
09:02 AM
Hi @Linnie25 If the fields are not extracted, then, you have to use rex to find out the country and then count. | makeresults
| eval log="|test|13e|1234|guest |CA|1.2|test|test"
| rex field=log "\|(?<country>\w\w)\|\d"
| stats count by country
... View more
02-08-2021
02:04 AM
https://community.splunk.com/t5/Archive/How-do-I-search-for-Chinese-characters-in-Splunk/m-p/393544 this question seems like a good fit for your case.. maybe, you can create if cases for the AM and PM and then manually do the calculations. https://docs.splunk.com/Documentation/SplunkCloud/8.1.2012/Data/Configurecharactersetencoding pls check the Chinese character set - " GB_2312-80 (aka, CHINESE, ISO-IR-58, CSISO58GB231280)" try to use it and see if it picks up the Chinese characters. on this question, https://community.splunk.com/t5/Getting-Data-In/how-to-recognize-timestamp-with-Chinese-character/td-p/30576?sort=oldest its said that "Currently we do not support Chinese month like 一月, ......十二月. SPL-67688 has been created for getting supported, will be fixed in the later version."... but searching for "SPL-67688" fails, not sure of how to proceed. if the above two ideas didnt work, you should check with Splunk Support only.
... View more
02-08-2021
01:46 AM
2021 -02-07 21:39:40 id=1001 , flt=2021-01-11 00:05:18 , ip=xxx.xx.xxx.xx , device=xxx assuming that "flt" is already extracted: base search | eval epochLoginTime=strptime(flt, "%Y-%m-%d hh:mm:ss")
| eval epochOneDay=relative_time(now(), "-1d@d" )
| where epochLoginTime > epochOneDay
... View more
02-07-2021
05:56 AM
Hi @Minghao .. pls share with us the login log (without actual username/server names, etc) .. > I want to anyalize the people that login today and don't login tommorow this should be simple. the login log should have the timestamp.. so, you can search for the users whose last login was more than 24 hrs (which means, those users didnt login last 24hrs). if you provide us the sample login log (without actual username/server names, etc), we can help you with the SPL query. thanks.
... View more
02-02-2021
07:58 PM
Hi @scelikok @gcusello @to4kawa @bowesmana @ITWhisperer ...any suggestions please..
... View more
02-02-2021
01:51 PM
I am not sure, but, lets try this once... index=main-app OR (index=auth-app "createsession") | rex field=_raw "UID: (?<uid>......)" | stats count(uid)
... View more
02-02-2021
01:44 PM
Please try... index=main-app | join uid [search index=auth-app "createsession" | rex field=_raw "UID: (?<uid>......)" | fields uid ] | stats count
... View more
02-02-2021
12:06 PM
Hi.. do you know if UID is extracted? pls try (index=auth-app OR index=main-app) UID or, simply please try.. (index=auth-app OR index=main-app) H0XF7PQU1 update us your results, thanks.
... View more
02-02-2021
11:59 AM
Hi All... As i am trying to find out the the long running search queries using this rest search, its working fine, but, its having a field "runDuration", as per the doc: runDuration Time in seconds that the search took to complete. https://docs.splunk.com/Documentation/Splunk/8.1.1/RESTREF/RESTsearch#search.2Fjobs but, it seems the runDuration values are totally wrong (the 1st value 22456767.32 is close to 259days) | rest /services/search/jobs splunk_server=* | table runDuration (sorted as per runDuration) runDuration 22456767.32 4493630.885 4364271.151000001 4156740.1780000003 4156682.699 4155523.87 4154739.233 4154733.224 4154682.228 4154629.832 ours is a indexer clustered, SH clustered, environment. i run this query at the monitoring console. 1. is the runDuration from the rest job is inaccurate/wrong? 2. apart from rest query, is there any other ways to find out the search run time please? i used - index=_audit action="search" search=* NOT user="splunk-system-user" exec_time=* | table search total_run_time user result_count is_realtime host this looks like perfect one, but, its not having the user's timepicker info(what value the user used for earliest and latest times).. please suggest, thanks.
... View more
- Tags:
- rest
Labels
- Labels:
-
search job inspector
12-15-2020
08:32 PM
Hi @brwalker_splunk .. as per your DM, i have sent the email with the post in question and my reply contant, thanks.
... View more
11-30-2020
06:23 PM
Hi @brwalker_splunk Today i faced PFI on this post(you may be able to see my response from the "auto-saved" response of mine): https://community.splunk.com/t5/Installation/fresh-install-not-responsive/m-p/531413#M6959 Best Regards, Sekar
... View more
11-30-2020
03:54 PM
Hi @slipinski would you like index-time or search-time parsing? may i know if you are aware of the command "spath", please suggest, thanks. Best Regards, Sekar
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
2 weeks ago
|
Karma given to
