Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About douglasmsouza
douglasmsouza
Explorer
Member since:
02-26-2018
07-20-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 02-26-2018 |
Activity Feed
- Got Karma for Custom REST API endpoint with PersistentServerConnectionApplication. 02-28-2023 05:52 AM
- Karma Re: Custom REST API endpoint with PersistentServerConnectionApplication for livehybrid. 07-20-2020 04:39 AM
- Posted Custom REST API endpoint with PersistentServerConnectionApplication on Splunk Dev. 07-15-2020 12:39 PM
- Posted Perfmon:CPU timestamp on Getting Data In. 05-07-2020 12:03 PM
- Tagged Perfmon:CPU timestamp on Getting Data In. 05-07-2020 12:03 PM
- Tagged Perfmon:CPU timestamp on Getting Data In. 05-07-2020 12:03 PM
- Tagged Perfmon:CPU timestamp on Getting Data In. 05-07-2020 12:03 PM
- Posted Re: How to display a progress bar in panels when refreshing an HTML Dashboard, not "waiting for data"? on Dashboards & Visualizations. 12-16-2019 12:42 PM
- Posted Re: Python SDK: StreamingCommand only returns data in fields where fields are in the first record. on Splunk Dev. 11-12-2019 09:02 AM
- Posted Re: Python SDK: StreamingCommand only returns data in fields where fields are in the first record. on Splunk Dev. 11-07-2019 05:40 AM
- Posted Re: Why are similar events showing different datetimes? on Getting Data In. 11-04-2019 10:30 AM
- Posted Why are similar events showing different datetimes? on Getting Data In. 11-04-2019 08:44 AM
- Tagged Why are similar events showing different datetimes? on Getting Data In. 11-04-2019 08:44 AM
- Tagged Why are similar events showing different datetimes? on Getting Data In. 11-04-2019 08:44 AM
- Tagged Why are similar events showing different datetimes? on Getting Data In. 11-04-2019 08:44 AM
- Posted Re: Is there any way to apply the dark theme dashboards per user? on Dashboards & Visualizations. 08-30-2019 12:38 PM
- Posted Monitor files perfomance on Getting Data In. 04-18-2019 07:36 AM
- Tagged Monitor files perfomance on Getting Data In. 04-18-2019 07:36 AM
- Tagged Monitor files perfomance on Getting Data In. 04-18-2019 07:36 AM
- Tagged Monitor files perfomance on Getting Data In. 04-18-2019 07:36 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 |
07-15-2020
12:39 PM
1 Karma
I'm currently using PersistentServerConnectionApplication to implement custom API endpoints inside Splunk. Any changes I make in code delays about 1 or 2 minutes to start working. Is this the correct behavior or am I missing something? If it is the correct behavior, is there any form to test the endpoint immediately after save the code? Also, I would like to know if BaseRestHandler approach still works on Splunk newer versions (8.x), because I coudn't make this work (python can´t find splunk.rest.BaseRestHandler class). Best regards.
... View more
05-07-2020
12:03 PM
Hello!
I'm trying to change the timestamp (_time) from Perfmon:CPU before index, to use my Splunk Heavy Forwarder date instead of the original event timestamp.
The Perfmon:CPU _raw is:
05/07/2020 15:46:37.269 -0300
collection=CPU
object=Processor
counter="% Processor Time"
instance=_Total
Value=1.887035386881708
My Splunk architecture is: Universal Forwarder -> Heavy Forwarder -> Indexer
I have tried the following configurations on my Heavy Forwarder (props.conf):
[source::Perfmon...]
DATETIME_CONFIG = CURRENT
MAX_TIMESTAMP_LOOKAHEAD = 1
[Perfmon:CPU]
DATETIME_CONFIG = CURRENT
MAX_TIMESTAMP_LOOKAHEAD = 1
[source::Perfmon:CPU]
DATETIME_CONFIG = CURRENT
MAX_TIMESTAMP_LOOKAHEAD = 1
None of this configurations worked and the _time of Perfmon:CPU events already is the original timestamp (first line of _raw).
I also configured a transform to remove the first line of _raw event. Even if the first line is removed, the _time field don't respect DATETIME_CONFIG = CURRENT configuration.
Can anyone help me?
... View more
12-16-2019
12:42 PM
I'm having the same issue here. Did you manage to solve it?
... View more
11-12-2019
09:02 AM
@harrison_tamu I ended up doing it in a similar way. Adding every possible fields just on the first record worked for me.
... View more
11-07-2019
05:40 AM
Hi @harrison_tamu, did you solve this problem?
I'm, having the same issue here.
... View more
11-04-2019
10:30 AM
Hi,
Yes, I have already checked the time in the universal forwarders, heavy forwarders, indexers and search heads.
Here in Brazil the daylight savings should have started the last weekend, but we don´t have it anymore.
Note that the raw events is being indexed with the correct timestamp, but in some cases the search head shows the wrong date.
... View more
11-04-2019
08:44 AM
I'm facing something strange about _time and timezone.
We have 2 hosts indexing the same event type (Unix:Uptime).
On the search head, I have the following situation:
1 - The first host shows the correct timestamp
2 - The second host shows the timestamp 1 hour ago
The events have the same timezone and the same "date_hour" field.
What I'm doing wrong?
... View more
08-30-2019
12:38 PM
I'm having the same problem here... Did you manage to solve it?
... View more
04-18-2019
07:36 AM
Hello,
I need to monitor some Oracle Database agent logs with Splunk Universal Forwarder. The base directory for finding the logs is $ORACLE_HOME.
We´re using this configuration to monitor these logs in a Splunk Enterprise environment:
[monitor://$ORACLE_HOME/log/*/agent/ohasd/oraagent_(grid|oracle)/oraagent_(grid|oracle).log]
...
I know we could configure ORACLE_HOME env in splunk-launch.conf on each UF instance.
However, we have already installed all Universal Forwarders and we don´t know the $ORACLE_HOME env variable on the UF hosts.
we have about 300 hosts, so we decided to do the above configuration to save time:
[monitor:///.../log/*/agent/ohasd/oraagent_(grid|oracle)/oraagent_(grid|oracle).log]
When I execute splunk list monitor its listing all directories under / partition, even if there is one log file per host.
My questions are:
1 - Does Splunk will really look into all directories under /?
2 - If yes, would I have performance problems because the huge amount of directories?
Thanks.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-20-2020
08:00 AM
|
