cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
vijaya5
Engager
Member since: ‎02-14-2020
‎07-09-2021
Community Statistics
Posts 11
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-14-2020
Activity Feed
Topics I've Started
View All

Maintenance windows for databases

by in Monitoring Splunk
‎06-15-2021 08:00 AM
‎06-15-2021 08:00 AM
Hi All,   I have a requirement to keep few of the database in maintenance window as there is a planned database patching activity. Can someone guide me how it can be done?.   As i tried it, it allows me to add either entities or services only.   Regards, Vijaya Meda ... View more
Labels

Re: |rex field=_raw (?<Severity?\s\w{7,8}\;) not w...

by in Splunk Search
‎10-05-2020 08:58 AM
‎10-05-2020 08:58 AM
... View more

|rex field=_raw (?<Severity?\s\w{7,8}\;) not worki...

by in Splunk Search
‎10-05-2020 07:44 AM
‎10-05-2020 07:44 AM
Hi All,   I am trying to use below regex in my splunk SPL, which is working fin in rubular but not working as SPL.   |rex field=_raw (?<Severity?\s\w{7,8}\;) not working     Please suggest ... View more
Labels

REST API usage to get list of all the alerts

by in Splunk Enterprise Security
‎06-01-2020 04:05 AM
‎06-01-2020 04:05 AM
Hi Everyone, I would like to list all the alerts that are setup by users not by splunk apps like ITSI/DMC using REST API. Please help me. I used below queries, but did not give proper results. | rest /services/saved/searches | search title=*| rename title AS "Title", description AS "Description", alert_threshold AS "Threshold", cron_schedule AS "Cron Schedule", search AS "Search", action.email.to AS "Email" ,alert_comparator AS "Comparison", dispatch.earliest_time AS "frequency", alert.severity AS "SEV" ,author AS "Author" ,disabled AS "Disabled-True"| eval Severity=case(SEV == "5", "Critical-5", SEV == "4", "High-4",SEV == "3", "Warning-3",SEV == "2", "Low-2",SEV == "1", "Info-1") | table Title, Description, Threshold, Comparison, "Cron Schedule", frequency, Severity,Search, Email,Author,Disabled-True | rest /services/alerts/fired_alerts/ |rest /servicesNS/admin/-/alerts/alert_actions |rest/servicesNS/-/-/saved/searches | search alert.track=1 | fields title description search disabled triggered_alert_count actions action.script.filename alert.severity cron_schedule ... View more
Labels

splunk storage reprots for vmware hosts

by in Getting Data In
‎05-28-2020 05:11 AM
‎05-28-2020 05:11 AM
i would like to create a report for vmware hosts with storage stats like storageCapacity, Storage_free and Storage used. Can someone help me with correct source and sourcetype details here? ... View more
Labels

Correlating events from 2 different indexers when ...

by in Splunk IT Service Intelligence
‎04-14-2020 02:44 AM
‎04-14-2020 02:44 AM
Hi, I have 2 different indexers snmptrapd and servicenow. Where snmptrap will have NNMI related events for storage devices, such as when any storage device is down/not functional and servicenow indexer will have incident related events from CMDB data. So i need to get events with storage device down along with respective Incident data. Is there any possibility to correlate these 2 indexers, so that i can get required ... View more
Labels

Need to get events created in last 30days

by in Splunk Search
‎02-27-2020 04:01 AM
‎02-27-2020 04:01 AM
Hi, I am trying to fetch splunk events that are created in last 30days for below query, by selecting time range as last 30days. But i am getting all time events itseems for this query. Please suggest Query used: index=servicenow eventtype=snow_change* sourcetype="snow:change_request" (change_state_name="Work Complete" OR change_state_name=Closed) earliest=-30d@d | dedup number | eval diff=strptime(dv_work_end,"%Y-%m-%d %H:%M:%S")-strptime(dv_work_start,"%Y-%m-%d %H:%M:%S") | eval Downtime=round((diff/60),3) | table number Downtime host dv_work_start dv_work_end SPlunk Evets o/p: Complete 1,285 events (1/28/20 12:00:00.000 AM to 2/27/20 5:30:31.555 PM) No Event Sampling Job Smart Mode Events Patterns Statistics (1,285) Visualization 100 Per Page Format Preview Prev1...3456789...Next number Downtime host dv_work_start dv_work_end number Downtime host dv_work_start dv_work_end CHG0129357 300.000 kmci4odw2023 2020-01-19 21:00:00 2020-01-20 02:00:00 CHG0129566 120.000 kmci4odw2023 2020-01-19 23:30:00 2020-01-20 01:30:00 CHG0129494 99.250 kmci4odw2023 2020-01-19 23:48:54 2020-01-20 01:28:09 CHG0129795 4320.367 kmci4odw2023 2020-01-20 10:55:10 2020-01-23 10:55:32 CHG0129116 1110.000 kmci4odw2023 2020-01-20 13:00:00 2020-01-21 07:30:00 CHG0129536 1380.000 kmci4odw2023 2020-01-20 13:30:00 2020-01-21 12:30:00 CHG0129632 88.250 kmci4odw2023 2020-01-20 15:05:04 2020-01-20 16:33:19 CHG0129634 120.000 kmci4odw2023 2020-01-20 16:15:00 2020-01-20 18:15:00 CHG0129585 120.000 kmci4odw2023 2020-01-20 17:00:00 2020-01-20 19:00:00 CHG0129389 155.100 kmci4odw2023 2020-01-20 22:30:25 2020-01-21 01:05:31 CHG0129593 0.000 kmci4odw2023 2020-01-20 23:30:00 2020-01-20 23:30:00 CHG0129647 90.667 kmci4odw2023 2020-01-21 04:30:00 2020-01-21 06:00:40 CHG0129323 1440.000 kmci4odw2023 2020-01-21 07:00:00 2020-01-22 07:00:00 CHG0128642 60.000 kmci4odw2023 2020-01-21 09:00:00 2020-01-21 10:00:00 CHG0129555 151.300 kmci4odw2023 2020-01-21 09:00:25 2020-01-21 11:31:43 CHG0128772 90.000 kmci4odw2023 2020-01-21 09:30:00 2020-01-21 11:00:00 CHG0129613 1440.000 kmci4odw2023 2020-01-21 09:30:00 2020-01-22 09:30:00 CHG0129234 1440.000 kmci4odw2023 2020-01-21 09:30:00 2020-01-22 09:30:00 CHG0129955 10080.000 kmci4odw2023 2020-01-21 09:55:51 2020-01-28 09:55:51 CHG0129650 57.800 kmci4odw2023 2020-01-21 10:00:00 2020-01-21 10:57:48 CHG0128646 120.000 kmci4odw2023 2020-01-21 10:00:00 2020-01-21 12:00:00 CHG0129667 1230.000 kmci4odw2023 2020-01-21 13:00:00 2020-01-22 09:30:00 CHG0128650 3120.000 kmci4odw2023 2020-01-21 13:00:00 2020-01-23 17:00:00 CHG0129676 120.000 kmci4odw2023 2020-01-21 13:15:00 2020-01-21 15:15:00 CHG0129461 119.500 kmci4odw2023 2020-01-21 13:30:30 2020-01-21 15:30:00 CHG0129446 60.000 kmci4odw2023 2020-01-21 16:00:00 2020-01-21 17:00:00 CHG0129292 50.000 kmci4odw2023 2020-01-21 17:00:00 2020-01-21 17:50:00 CHG0129679 35.000 kmci4odw2023 2020-01-21 17:20:00 2020-01-21 17:55:00 CHG0129709 420.000 kmci4odw2023 2020-01-21 19:00:00 2020-01-22 02:00:00 CHG0129526 167.917 kmci4odw2023 2020-01-21 21:00:00 2020-01-21 23:47:55 CHG0129677 180.000 kmci4odw2023 2020-01-21 21:30:00 2020-01-22 00:30:00 CHG0129646 40.183 kmci4odw2023 2020-01-21 23:35:37 2020-01-22 00:15:48 CHG0129567 296.883 kmci4odw2023 2020-01-22 00:25:57 2020-01-22 05:22:50 CHG0129417 1450.000 kmci4odw2023 2020-01-22 07:00:00 2020-01-23 07:10:00 CHG0129295 10.000 kmci4odw2023 2020-01-22 07:00:00 2020-01-22 07:10:00 ... View more
Labels

Need to fetch events created in last 30days

by in Splunk IT Service Intelligence
‎02-26-2020 11:26 PM
‎02-26-2020 11:26 PM
Hi, I am using below query to fetch change request events created in last 30days...but when i seletc time range i am getting alltime events itseems. Can anyone suggest how to get events only created in previous month or specific time period. Query Used: index=servicenow eventtype=snow_change* sourcetype="snow:change_request" (change_state_name="Work Complete" OR change_state_name=Closed) | dedup number | eval diff=strptime(dv_work_end,"%Y-%m-%d %H:%M:%S")-strptime(dv_work_start,"%Y-%m-%d %H:%M:%S") | eval Downtime=round((diff/60),3) | table number Downtime host dv_work_start dv_work_end Events shown: 100 Per Page Format Preview Prev1...3456789...Next number Downtime host dv_work_start dv_work_end CHG0129357 300.000 kmci4odw2023 2020-01-19 21:00:00 2020-01-20 02:00:00 CHG0129566 120.000 kmci4odw2023 2020-01-19 23:30:00 2020-01-20 01:30:00 CHG0129494 99.250 kmci4odw2023 2020-01-19 23:48:54 2020-01-20 01:28:09 CHG0129795 4320.367 kmci4odw2023 2020-01-20 10:55:10 2020-01-23 10:55:32 CHG0129116 1110.000 kmci4odw2023 2020-01-20 13:00:00 2020-01-21 07:30:00 ... View more
Labels

Time difference in splunk

by in Splunk IT Service Intelligence
‎02-26-2020 05:38 AM
‎02-26-2020 05:38 AM
I have time stamp like below format 2020-02-17 18:23:04 and i woul like to calculate the differene between two such fields start an end times of an activity. which function i can use to get time difference if the time format is like above?. ... View more
Labels

Not able to see VMWare related fields in splunk

by in Getting Data In
‎02-17-2020 03:45 AM
‎02-17-2020 03:45 AM
Hi, I am trying to build dashboard which will list performance stats for VMWare like CPU, Memory and Storage utlizations for oth linux and Windows machines. i used below SPL to fetch VMware events. index=vmware-perf sourcetype= vmware:perf:cpu Sample Event: 1/7/20 9:44:00.000 AM moid uuid instance samp_int p_summation_cpu_costop_millisecond p_average_cpu_totalCapacity_megaHertz p_average_cpu_reservedCapacity_megaHertz p_summation_cpu_used_millisecond p_average_cpu_usagemhz_megaHertz p_average_cpu_usage_percent p_average_cpu_latency_percent p_summation_cpu_ready_millisecond p_summation_cpu_wait_millisecond p_average_cpu_utilization_percent p_average_cpu_demand_megaHertz p_summation_cpu_swapwait_millisecond p_average_cpu_coreUtilization_percent p_summation_cpu_idle_millisecond p_average_cpu_readiness_percent host-81 b5250000-0100-0000-0000-00000000000d 46 20 54 0.27 0.72 0.8 9971 host-81 b5250000-0100-0000-0000-00000000000d 47 20 4 0.02 0.42 0.8 9971 host-81 b5250000-0100-0000-0000-00000000000d 44 20 28 0.14 0.54 1.35 9949 host-81 b5250000-0100-0000-0000-00000000000d 45 20 74 0.36 1.13 1.35 9949 Show all 50 lines but i could not identofy CPU related fields here. Please Suggest ... View more

getting sum of a multivalues field for ach event

by in Splunk Search
‎02-14-2020 05:51 AM
‎02-14-2020 05:51 AM
Hi, I have a query like below. index=linux sourcetype=iostat mount="*" which will list total_ops for each mount of a host in multiple events. i need to get sum of total_ops of each host of all mounts from latest event. Please help ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-09-2021 02:21 AM