Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About psamuel69
psamuel69
Explorer
Member since:
05-24-2023
04-02-2024
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 05-24-2023 |
Activity Feed
- Karma Re: JSON extraction for ITWhisperer. 03-25-2024 05:30 AM
- Posted Re: JSON extraction on Splunk Search. 03-25-2024 05:28 AM
- Posted Re: JSON extraction on Splunk Search. 03-25-2024 04:34 AM
- Posted JSON extraction on Splunk Search. 03-25-2024 02:48 AM
- Tagged JSON extraction on Splunk Search. 03-25-2024 02:48 AM
- Posted How to Install 2 version of DB Connect in the same instance? on Deployment Architecture. 05-31-2023 07:18 AM
- Tagged How to Install 2 version of DB Connect in the same instance? on Deployment Architecture. 05-31-2023 07:18 AM
- Tagged How to Install 2 version of DB Connect in the same instance? on Deployment Architecture. 05-31-2023 07:18 AM
- Posted Re: How to get a list or details of indexes based on the cluster/group they are residing on? on Splunk Enterprise. 05-31-2023 07:12 AM
- Posted How to get a list or details of indexes based on the cluster/group they are residing on? on Splunk Enterprise. 05-24-2023 08:21 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
03-25-2024
05:28 AM
eval'ed my extracted payload to _raw and voila , it works !!! Thanks a lot for your time and expertise !
... View more
03-25-2024
04:34 AM
Thanks for your quick response . I tried using spath aswell . But it seems that the field is not getting extracted in between , as the error suggests .. Field 'orderTypesTotal' does not exist in the data. Do you think an extracted json would have an issue where as a raw json would work with spath ? As my json payload is created only after adding extraction via a regex on a raw event .
... View more
03-25-2024
02:48 AM
Hello Expert Splunk Community , I am struggling with a JSON extraction . Need help/advice on how to do this operation Data Sample : [
{
"orderTypesTotal": [
{
"orderType": "Purchase",
"totalFailedTransactions": 0,
"totalSuccessfulTransactions": 0,
"totalTransactions": 0
},
{
"orderType": "Sell",
"totalFailedTransactions": 0,
"totalSuccessfulTransactions": 0,
"totalTransactions": 0
},
{
"orderType": "Cancel",
"totalFailedTransactions": 0,
"totalSuccessfulTransactions": 1,
"totalTransactions": 1
}
],
"totalTransactions": [
{
"totalFailedTransactions": 0,
"totalSuccessfulTransactions": 1,
"totalTransactions": 1
}
]
}
] [
{
"orderTypesTotal": [
{
"orderType": "Purchase",
"totalFailedTransactions": 10,
"totalSuccessfulTransactions": 2,
"totalTransactions": 12
},
{
"orderType": "Sell",
"totalFailedTransactions": 1,
"totalSuccessfulTransactions": 2,
"totalTransactions": 3
},
{
"orderType": "Cancel",
"totalFailedTransactions": 0,
"totalSuccessfulTransactions": 1,
"totalTransactions": 1
}
],
"totalTransactions": [
{
"totalFailedTransactions": 11,
"totalSuccessfulTransactions": 5,
"totalTransactions": 16
}
]
}
] I have the above event coming inside a field in _raw events . using json(field) i have validated that the above is a valid json . UseCase : I need to have the total of all the different ordertypes using totalFailedTransactions": , "totalSuccessfulTransactions": , "totalTransactions": numbers into a table . totalFailedTransactions totalSuccessfulTransactions totalTransactions Purchase 10 2 12 Sell 1 2 3 Cancel 0 2 2 Thanks in advance! Sam
... View more
- Tags:
- json
05-31-2023
07:18 AM
Hi Splunkers ,
As the Subject mentions , I want to run 2 version of Splunk DB connect on the same instance . Existing : 3.5.0 >> want to move to 3.13.0 (latest) I am not able to rename and keep both of them side by side , the UI doesn't load . Is there a way this can be achieved ? UseCase : To migrate the connections / identities from one to another in a phased process . There was failed DBconnect upgrade due to which i had to restore old DB connect and this is the way we have decided if it can be achieved . In general any app should be able to do this , do let me know if you guys have a solution !
... View more
- Tags:
- db
- DB Connect
Labels
- Labels:
-
heavy forwarder
05-31-2023
07:12 AM
Thank you for your response . As an out of the box functionality Splunk DMC doest provide those filters and i can use them on the DMC host to create me Dashboards etc . But my question is in terms of how to get the same group related info available on the Search Heads , so that i can save a Dashboard or alert using the same . Use case : To know which region a index is getting its data from .
... View more
05-24-2023
08:21 AM
Hello Splunkers , I am in need of finding a list of Indexes that are from a particular indexer cluster or group. Like when you go to DMC and look for Indexes and volumes(Indexes and Volumes: Instance) , there is an option to filter them via Groups .I want a similar search that can be powered from the _internal log or some other rest endpoint from a search head . Thanks in advance ! Sam
... View more
Labels
- Labels:
-
development
-
other
-
using Splunk Enterprise
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-02-2024
10:28 AM
|
