Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About RichaSingh
RichaSingh
Path Finder
Member since:
07-23-2013
06-05-2020
Community Statistics
| Posts | 16 |
| Solutions | 0 |
| Karma Given | 33 |
| Karma Received | 1 |
| Member Since | 07-23-2013 |
Activity Feed
- Karma Re: How to split multiple lines of data into individual lines? for peter_krammer. 06-05-2020 12:47 AM
- Karma How do I disable Transparent Huge Pages (THP) and confirm that it is disabled? for jwelch_splunk. 06-05-2020 12:47 AM
- Karma Re: How do I disable Transparent Huge Pages (THP) and confirm that it is disabled? for jwelch_splunk. 06-05-2020 12:47 AM
- Karma Re: Why am I getting "ERROR: The http port [8000] is already bound." trying to start Splunk after installation on Linux? for sibanandapani1. 06-05-2020 12:47 AM
- Karma Re: Splunk App for WebSphere - Splunk Enterprise 6.1.2 for ehorjus. 06-05-2020 12:47 AM
- Karma Re: Which ports should be opened on Splunk sever, to let splunk alerts reach zenoss application at 8081? for richgalloway. 06-05-2020 12:47 AM
- Karma Re: How to create a new index in index cluster (6.2.2) for dart. 06-05-2020 12:47 AM
- Karma Re: How to write regex to extract multi-value fields and graph data by time? for somesoni2. 06-05-2020 12:47 AM
- Karma Re: Can someone guide me with Splunk SDK integration? The online splunk doc does not help much. for MuS. 06-05-2020 12:47 AM
- Karma How to split multiple lines of data into individual lines? for otman01. 06-05-2020 12:47 AM
- Karma Re: How to split multiple lines of data into individual lines? for woodcock. 06-05-2020 12:47 AM
- Got Karma for Timestamp Parsing in JSON. 06-05-2020 12:47 AM
- Karma Re: index performance issue high latency for Simeon. 06-05-2020 12:46 AM
- Karma Re: How to create an array of values from a field? for naveenurs. 06-05-2020 12:46 AM
- Karma Re: Splunk will not start and is waiting for config lock for jrodman. 06-05-2020 12:46 AM
- Karma Re: Splunk will not start and is waiting for config lock for yannK. 06-05-2020 12:46 AM
- Karma Re: Unable to delete search events for Damien_Dallimor. 06-05-2020 12:46 AM
- Karma Re: How do I clean a clustered index? for Rob. 06-05-2020 12:46 AM
- Karma Powershell unattended installation for bmacias84. 06-05-2020 12:46 AM
- Karma Best way to implement an external script for responsys_cm. 06-05-2020 12:46 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
05-30-2016
12:17 PM
This one was such a saviour !
Thanks for sharing this...
... View more
01-05-2016
09:46 PM
esix [Splunk] ,
Thanks for your inputs here.
Yes, the DAT file contains ACII value in readable format.
thanks
... View more
01-05-2016
09:44 PM
Hi,
I need inputs from a timely scheduled script from a remote server.
Can I configure this script on deployment server, placing the script in $SPLUNK_HOME$/deploymentapps/<app_name>/bin/ & the respective inputs, props, and other conf files in $SPLUNK_HOME$/deploymentapps/<app_name>/local/ . Then push these settings to respective hosts with Splunk universal forawrders installed
... View more
01-03-2016
02:49 AM
Hi,
I have configured an app being pushed from deployment server to a remote Windows host to read DAT files.
Links already referenced:
http://splunk-base.splunk.com/answers/60643/archiveprocessor-bypassing-normal-systemlocalpropsconf-processing-for-dat-files-inside-archives-434
https://answers.splunk.com/answers/55279/handling-text-dat-files-how-can-i-override-splunks-system-default-props-conf-configuration-for-just-a-single-app.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev
The configuration looks like this :
props.conf
[source::....(dat)]
sourcetype = mysourcetype
inputs.conf
[default]
index = app
sourcetype = mysourcetype
[monitor://D:\folder\folder\Server34\encyc\status\*\*]
[monitor://C:\Anupama\status\...\...]
[monitor://C:\folder\status\*\*]
[monitor://C:\folder\status\*.dat]
It is weird that all the files in the folder getting read, except for the required DAT files.
Can someone help with the best configurations, please ?
... View more
11-01-2015
10:15 PM
1 Karma
Hi,
Can anyone help me with best configurations for timestamp parsing (where "DateTime" is the actual time) for following JSON format :
{ [-]
AccessKey: ----------------------
Account: some-value
AccountId: somevalue
Action: GetInstances
Class: ----------------------------------------------------------
**DateTime: 2007-10-27T00:51:57.91Z**
ElapsedTime: 00:00:00
File: null
Level: Trace
Line: null
LogId: ID-347t58734534-6565ghmhmm
Message: Vapor URL - https://www.randomURL.com,ImageId)
Header - {
"Signature": "$^%$#@)(#4t4r65gvjhloojk",
"AccessKey": "123854y3957349534-0fdjvbkjds90234u02394-23940=dsffsvbkdjadsvfnk0923480",
"RequestType": 0,
"SkipOwnerLookup": false,
"UserAgent": "456934",
"UserAgentVersion": null,
"Timestamp": "2007-10-27T00:51:57Z",
"User": "3254832564873`12",
"TestMode": false,
"ScheduledAction": false
}
What I have already tried in props.conf is:
[API]
TIMESTAMP_FIELDS=DateTime
INDEXED_EXTRACTIONS=json
NO_BINARY_CHECK=true
KV_MODE=none
And also:
[API]
TIME_PREFIX = "\"DateTime\":\"
INDEXED_EXTRACTIONS=json
Also, I have been through the link:
https://answers.splunk.com/answers/104500/transforming-timestamps.html
None of the two seem to be working. Any comments/ suggestions will be highly appreciated.
... View more
08-29-2015
04:13 AM
Hi,
I am facing the problem while trying dynamic recipients for sendmail command. If you could share your script and relevant commands.conf file so that I check the arguments and options the sendmail.py, it will be great.
Thanks
... View more
08-03-2015
05:59 AM
I have application data being collected on following shared folders over network :
\qlikviewt1\east\torage\
\qlikviewt1\adscv\abck\
\qlikviewt1\asdfg\storage\
To monitor them, is it necessary to install splunk UF at qlikviewt1 or there is a workaround ?
If there is a work around how can I modify my input stanza for same?
... View more
07-31-2015
12:25 AM
All Splunk Alerts log into another monitoring tool called Zenoss.
A shell script (running one splunk search head) passes all the information as an alert is triggered, & sends to zenoss at port 8081,.
Recently firewall change led to blocking all ports.
Now which ports should I request to be enable so that the same shell script is able to communicates & send data to zenoss:8081 ?
... View more
07-23-2015
04:41 AM
Hi,
Can anyone suggest a document to refer to for best practices on installing any app in a distributed clustered environment.
All Splunk instances are in version 6.0.3
Thanks
... View more
12-13-2014
11:39 AM
Appreciate the response!
But I have already tired those.
Any other work around if anyone could direct me to ?
... View more
11-25-2014
12:42 AM
Hi ,
I have a log file with series of DFS path. Another csv file with an array of strings (which I refer to as Qtree). I would like to do a string search for each value of the field Qtree. This is what I have tried:
index=qt | eval search_id=Qtree | join search_id type=inner [search source=C:\Users\risingh\Desktop\qtree\dfsback.txt $search_id$ | fields _raw ]
This shows no results found.
Can someone please help me with this string array search and joining the two results? I have been trying for a really long to make a way out, but couldn't .... need to get this sorted!
... View more
11-20-2014
12:54 AM
I am having a similar set up where I have integrated a script to accept field values from live streaming events. The whole system integration works just fine. For instance, when I run as , " | script python script-name singleIP " where IP address is that picked from a single event; it works fine.
But my only concern is to automate this for all the events in the selected time range & the field rather than a single value.
I already tried luck with " *| script python script-name $IP$ * ", where IP is the extracted field holding over 2000 IPs.
But script doesn't seem to identify & read values in there then.
I am just bothered if any splunk event streaming input-output APIs I am missing to include in the script before automating this?
Kindly help me to figure the best & optimal path.
... View more
11-17-2014
12:22 AM
it says
The external search command 'asd' did not return events in descending time order, as expected.
... View more
11-17-2014
12:16 AM
Here is my edited script. But I still get the same error.
import sys, getopt
import os
import urllib
import urllib2
import csv
import splunk.Intersplunk
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
results = []
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
for arg in sys.argv:
print arg
url='https://%s' %arg
results = os.system('curl -u "username:password" %s' %url)
results = splunk.Intersplunk.readResults(None, None, True)
splunk.Intersplunk.outputResults(results)
... View more
11-16-2014
10:26 AM
Hi,
I wrote a python script to read the external IP from event logs and pass that as the parameter to the command(script) which is designed to do a CURL lookup . I made sure to include all the splunk libraries within to stream the data, and meet the environment dependencies for CURL on windows.
Just to make sure I tested the python script with an IP passed as an argument out of Splunk framework& it works fine.
But returns Error code 1, when integrated with splunk as follows:
import sys, getopt
import os
import urllib
import urllib2
import csv
import sys,splunk.Intersplunk
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
results = []
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
for arg in sys.argv:
print arg
url='https:///%s?' %arg
maxm = os.system('curl -u "username:password" %s' %url)
result = splunk.Intersplunk.generateErrorResults(None, None, True)
splunk.Intersplunk.outputResults(results)
"External search command 'asd' returned error code 1."
Please let me know what I am missing on and the likely solution for this.
Thanks
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
Karma given to
