×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
VSIRIS
Path Finder
Member since: ‎12-15-2017
‎05-31-2024
Community Statistics
Posts 13
Solutions 1
Karma Given 15
Karma Received 12
Member Since ‎12-15-2017
Activity Feed
View All

Re: Has anyone experience issues with Splunk AOB o...

by in All Apps and Add-ons
‎09-03-2022 06:30 PM
‎09-03-2022 06:30 PM
I can double check and get back to you. Based on what you have mentioned, it looks like you are not getting any output in the AOB in Splunk Ver 9.0, correct? Also what version of AOB is it?  ... View more

Re: automatic creation of local folder in client s...

by in Deployment Architecture
‎11-12-2021 08:23 AM
1 Karma
‎11-12-2021 08:23 AM
1 Karma
Trying using    [serverClass:myServerClass:app:yourApp] excludeFromUpdate = $app_root$/lookups with no slash at the end  ($app_root$/lookups/)   https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Serverclassconf ... View more

Re: Splunk 5 Clustering: Indexes not seen In clust...

by in Deployment Architecture
‎03-18-2021 09:49 AM
‎03-18-2021 09:49 AM
That was the exact setting that I missed, after that rep_factor setting now I see all indexes. ... View more

Where does Splunk Technical Assessment App should ...

by in Splunk Enterprise
‎03-18-2021 08:41 AM
‎03-18-2021 08:41 AM
I certainly know it's a Splunk Premium App mostly managed by Splunk PS but yet I have this question, that in which instance should the STA be exactly installed.   ... View more

Re: Why is Splunk indexing our data in the wrong c...

by in Splunk Dev
‎11-23-2020 09:45 AM
‎11-23-2020 09:45 AM
Hi Splunkers, I have logs like <Header> <Product>Microsoft SQL Server Reporting Services Version 2011.0110.6615.02 ((SQL11_SP3_QFE-CU).180109-2116 )</Product> <Locale>English ()</Locale> <TimeZone>Central Daylight Time</TimeZone> <Path>D:\Program Files\Microsoft SQL Server\MSRS11.CTSSRS2012\Reporting Services\Logfiles\ReportServerService__11_05_2020_14_52_11.log</Path> <SystemName>Avotrix69901</SystemName> <OSName>Microsoft Windows NT 6.2.9200</OSName> <OSVersion>6.2.9200</OSVersion> <ProcessID>3296</ProcessID> <Virtualization>Hypervisor</Virtualization> </Header> <ProcessorArchitecture>AMD64</ProcessorArchitecture> <ApplicationArchitecture>AMD64</ApplicationArchitecture> processing!ReportServer_0-51!1ed8!11/05/2020-14:52:11:: v VERBOSE: Mapping data reader successfully initialized. library!ReportServer_0-51!2bc8!11/05/2020-14:52:11:: v VERBOSE: Transaction commit. processing!ReportServer_0-51!1ed8!11/05/2020-14:52:11:: e ERROR: Throwing Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: , Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: There is no data for the field at position 3.; runningjobs!ReportServer_0-51!2bc8!11/05/2020-14:52:11:: v VERBOSE: Thread pool settings: Available worker: 399, Max worker: 400, Available IO: 400, Max IO: 400 runningjobs!ReportServer_0-51!2bc8!11/05/2020-14:52:11:: v VERBOSE: Spawning new thread for a work item. runningjobs!ReportServer_0-51!2bc8!11/05/2020-14:52:11:: v VERBOSE: ThreadJobContext.EndCancelableState runningjobs!ReportServer_0-51!2bc8!11/05/2020-14:52:11:: v VERBOSE: ThreadJobContext.WaitForCancelException entered runningjobs!ReportServer_0-51!2bc8!11/05/2020-14:52:11:: v   And after indexing i am getting events like \x00c\x00h\x00u\x00n\x00k\x00s\x00!\x00R\x00e\x00p\x00o\x00r\x00t\x00S\x00e\x00r\x00v\x00e\x005\x001\x00!\x002\x001\x00d\x000\x00!\x001\x001\x00/\x000\x005\x00/\x002\x000\x002\x000\x00-\x001\x004\x00:\x005\x002\x00:\x001\x002\x00:\x00:\x00 \x00v\x00 \x00V\x00E\x00R\x00B\x00O\x00S\x00E\x00:\x00 \x00R\x00e\x00t\x00r\x00i\x00e\x00v\x00e\x00d\x00 \x00s\x00e\x00g\x00m\x00e\x00n\x00t\x00 \x004\x003\x00f\x00b\x000\x009\x009\x00d\x00-\x00c\x006\x006\x004\x00-\x00e\x00a\x001\x001\x00-\x008\x001\x002\x00d\x00-\x000\x000\x002\x001\x005\x00a\x009\x00b\x000\x008\x00a\x00c\x00 \x00f\x00o\x00r\x00 \x00c\x00h\x00u\x00n\x00k\x00 \x004\x002\x00f\x00b\x000\x009\x009\x00d\x00-\x00c\x006\x006\x004\x00-\x00e\x00a\x001\x001\x00-\x008\x001\x002\x00d\x00-\x000\x000\x002\x001\x005\x00a\x009\x00b\x000\x008\x00a\x00c\x00 \x00f\x00r\x00o\x00m\x00 \x00t\x00h\x00e\x00 \x00s\x00e\x00g\x00m\x00e\x00n\x00t\x00  I had solved this issue using the below settings in props.conf [MyOwnSourceType] CHARSET = UTF16-LE ... View more

Re: Splunk DataModel Unknown Fields

by in Reporting
‎09-25-2020 09:22 AM
4 Karma
‎09-25-2020 09:22 AM
4 Karma
Try This... | datamodel data_model_name root_object_name search | table _time, sourcetype, root_object_name.* Example: | datamodel Network_Traffic All_Traffic search| search All_Traffic.*="unknown" | dedup sourcetype | table _time, sourcetype, All_Traffic.* ... View more

how to input encrypted files like PGP encrypted fi...

by in Getting Data In
‎06-29-2020 08:22 AM
2 Karma
‎06-29-2020 08:22 AM
2 Karma
Hello Everyone, Does anyone know if there is any method in Splunk to index encrypted input files like PGP encrypted files. @ashish9433  ... View more
Labels

Re: Why the count of the user per hour varies afte...

by in Splunk Search
‎04-09-2020 10:19 AM
‎04-09-2020 10:19 AM
At every execution you timerange is getting differed, so obviously if you stick to your earliest and latest of time, then your result will be constant. You can add the below in your query and see to yourself index=abc earliest=-2h@h latest=-1h@h | table _time, server, userdetails | timechart span=1h dc(userdetails) by server ... View more

Re: How to Monitor missing sourcetypes/hosts

by in Getting Data In
‎04-09-2020 09:07 AM
‎04-09-2020 09:07 AM
Nothing is as fast as a simple query like tstats and for users who cannot go installing the third party apps can always use the below code for reference. Also this will help you to identify the retention period of indexes along with source, sourcetype, host, etc. | tstats earliest(time) as earliestTime latest(_time) as latestTime count as eventCount where index=* by source sourcetype host index splunk_server |eval" retention period days"=round((latestTime-earliestTime)/86400,2)|convert ctime(*Time) | dbinspect index=*  | stats count as bucket_count min(startEpoch) as earliest_event by index splunk_server  | eval earliest_event_human = strftime(earliest_event, "%c") Do also check out Avotrix app on splunkbase. ... View more

Re: HTTP Event Collector returns Bad Request - wha...

by in Getting Data In
‎10-21-2019 10:27 AM
1 Karma
‎10-21-2019 10:27 AM
1 Karma
My problem was I had enabled SSL. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-31-2024 11:00 AM
VSIRIS's Photos
Top