Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About yasit
yasit
Explorer
Member since:
10-25-2022
10-24-2023
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 10-25-2022 |
Activity Feed
- Posted Re: Stats command error on Splunk Search. 10-24-2023 07:32 AM
- Posted Re: Stats command error on Splunk Search. 10-24-2023 12:55 AM
- Posted Stats command error on Splunk Search. 10-16-2023 04:08 AM
- Posted search query stats multiple counts filteration on Splunk Search. 09-23-2023 06:38 AM
- Karma Re: Splunk app data index issue for gcusello. 09-21-2023 06:55 AM
- Karma Re: Splunk app data index issue for gcusello. 09-21-2023 06:55 AM
- Posted Re: Splunk app data index issue on Getting Data In. 09-21-2023 06:37 AM
- Posted Re: Splunk app data index issue on Getting Data In. 09-21-2023 06:29 AM
- Posted Splunk app data index issue on Getting Data In. 09-21-2023 06:11 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
10-24-2023
07:32 AM
what can be the solution here as I'm creating this query dynamically with format and giving as an input to base query. how can i escape these special charachters
... View more
10-24-2023
12:55 AM
@somesoni2 still the stats command is raising the error while escaping the with \ error: The argument ''The argument ''https://abc.......?export\=download&id\=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X'' is invalid."is invalid.
... View more
10-16-2023
04:08 AM
index=abcd | stats count(eval(searchmatch(''https://drive.google.com/uc?export=download&id=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X'))) as ''https://drive.google.com/uc?export=download&id=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X' OR count(eval(searchmatch('value2'))) as 'value2' I'm getting this error: Error in 'stats' command: The argument '''https://drive.google.com/uc?export=download&id=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X'' is invalid. this works fine with many other URLs and ips, is there any special character that is not allowed with stats?
... View more
09-23-2023
06:38 AM
i have a query where i am looking for multiple values with OR and then counting the occurrence with the stats the query is something like this index=**** ("value1") OR ("Value3") OR ... | stats count(eval(searchmatch("vlaue1"))) as value1, count(eval(searchmatch("vlaue2"))) as value2 now I just want to collect only those values which are found which mean there count is greater than 0. How can I achieve this where only stats of the values are displayed which are found in the events also search values are mostly ips, URLs , domains, etc Note: I'm making this query for dashboard
... View more
09-21-2023
06:37 AM
@dural_yyz Thanks for the insight, I've declared the index in my app's indexes.conf which is installed on the HF which essentially is being populated by scripted input. But is there a way around where I don't have to install my app on the indexers? And also can you please provide the reference where it mentions that I have to install my app in Indexer?
... View more
09-21-2023
06:29 AM
thanks @gcusello what seems to be the issue? my understanding was that by default if Splunk receives data for an index that doesn't exist, it will attempt to create the index dynamically.
... View more
09-21-2023
06:11 AM
my app contains the index.conf which declares the index that is installed on the heavy forwarder and it is not installed on the indexer. The problem is that data does not land on the indexer
... View more
Labels
- Labels:
-
heavy forwarder
-
indexer
-
scripted input
