Hi all. Having an issue with hostname override for snmp logs. An issue I’m having is i created this props and transforms to get the agent_hostname from the logs to override the host (syslog011) for these snmp trap logs but it doesn’t seem to have worked. Not sure what the mistake is herE. TRANSFORMS.CONF [snmptrapd_kv] DELIMS - "\n," =" [snmp_hostname_change] DEST_KEY-MetaData: : Host REGEX-Agent_Hostname = (•*) FORMAT-host:: $1 PROPS.CONF [snmptrapd] disabled = false LINE BREAKER = ([\r\n]+) Agent_ Address\s= MAX TIMESTAMP LOOKAHEAD = 30 NO_BINARY_CHECK - true SHOULD LINEMERGE = false TIME _FORMAT = SY-8m-%d 8H:&M: :S TIME _PREFIX = Datels=\s EXTRACT-node = ^[^\[\n]*\[(?P<node>[^\]]+) REPORT-snmptrapd = snmptrapd_kv TRANSFORMS-snmp_hostname_change = snmp_hostname_change   ... View more

We have a service for a location 102. we preface entities that correlate with that service with a 102 in their entity name for example a location 102 entity can be name "102AP_M1" for an AP, the number before the device type is the location "102" in this instance. We use the aliases entity_name and name to map entities to this alias. Due to our bad naming conventions we have another entity named "100AP_M102" that is showing up as an entity mapped to service 102. I put in an alias of "name NOT 100AP_M102" but this didnt remove the entity from this service. I tried similar aliases but no luck.    We use a base search to identify these APs and dont want to remove this base search because there are other dependencies. Any ideas on how to get this AP off this service? ... View more

I have the below search and I want to modify it to get the bandwidth utilization percentage. Whats the best way to go about that and what should I add to my search?   index=snmp sourcetype=snmp_attributes Name=ifHCInOctets host=xyz | streamstats current=t global=f window=2 range(Value) AS delta BY UID | eval mbpsIn=delta*8/1024/1024 | append [search index=snmp sourcetype=snmp_attributes Name=ifHCOutOctets host=xyz | streamstats current=t global=f window=2 range(Value) AS delta BY UID | eval mbpsOut=delta*8/1024/1024 ] | search UID=1 | timechart span=5m per_second(mbpsIn) AS MbpsIn per_second(mbpsOut) AS MbpsOut BY UID ... View more

Where can I find the icons that I can use for a splunk architecture diagram? ... View more