Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About omprakash9998
omprakash9998
Path Finder
Member since:
12-15-2017
08-15-2022
Community Statistics
| Posts | 43 |
| Solutions | 0 |
| Karma Given | 14 |
| Karma Received | 3 |
| Member Since | 12-15-2017 |
Activity Feed
- Posted Is there a way to determine Splunk License Usage for a Specific Event Type? on Monitoring Splunk. 08-15-2022 09:44 AM
- Tagged Is there a way to determine Splunk License Usage for a Specific Event Type? on Monitoring Splunk. 08-15-2022 09:44 AM
- Posted Re: Forwarder Management >> serverclass.conf not updating on Deployment Architecture. 09-30-2021 09:07 AM
- Posted Need Help with query on Splunk Search. 02-11-2021 12:23 PM
- Karma Re: How to check the total usage percentage by Windows server memory? for jessec_splunk. 06-05-2020 12:50 AM
- Karma Re: How do you compare the same field in two different time periods? for chrisyounger. 06-05-2020 12:50 AM
- Karma Re: How long is the value of a field greater than X? for knielsen. 06-05-2020 12:50 AM
- Karma Re: How long is the value of a field greater than X? for woodcock. 06-05-2020 12:50 AM
- Karma Re: In the Splunk App for Infrastructure, can you use existing universal forwarders without running the script and reinstalling on all of our servers? for dagarwal_splunk. 06-05-2020 12:50 AM
- Karma Re: Alert if Value over threshold for a certain period of time for aberkow. 06-05-2020 12:50 AM
- Got Karma for In the Splunk App for Infrastructure, can you use existing universal forwarders without running the script and reinstalling on all of our servers?. 06-05-2020 12:50 AM
- Karma Re: logs by udp syslog for gcusello. 06-05-2020 12:49 AM
- Karma Re: Windows Event Excessive Logs for nickhills. 06-05-2020 12:49 AM
- Karma Re: Active Directory for p_gurav. 06-05-2020 12:49 AM
- Got Karma for KV Store process terminated abnormally (exit code 100, status exited with code 100). See mongod.log and splunkd.log for details.. 06-05-2020 12:49 AM
- Got Karma for Why is there high Mongod CPU usage on the search head?. 06-05-2020 12:49 AM
- Karma Re: How can I generate a trending analysis into the past? for aweitzman. 06-05-2020 12:47 AM
- Karma Re: Couldn't find ns_log sourcetype for Citrix Netscaler app for jconger. 06-05-2020 12:47 AM
- Karma Re: how can i use splunk locally in windows for analyzing logs which is available on Linux servers ? for kml_uvce. 06-05-2020 12:47 AM
- Karma Re: Forwarder Management Issue for carmitstead. 06-05-2020 12:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-15-2022
09:44 AM
Hi,
Is there a way to determine Splunk License Usage for a specific event type.
I used index=_internal source=*license_usage.log* st=abcd to determine the license usage for the entire sourcetype.
To dig in deeper for the specific event type I found articles pointing to use len(_raw) which gives the byte size length of the raw event. I used the below to check if it returns the same from license_usage.log
index="x" sourcetype=abcd | bin _time span=1d | eval size=len(_raw) | stats sum(size) as sizeInBytes by _time | eval GB = sizeInBytes/1024/1024/1024
The numbers do not match. The numbers from len(_raw) are very high when compared to the actual License Usage.
... View more
- Tags:
- license
Labels
- Labels:
-
license usage
09-30-2021
09:07 AM
Can you please explain what do you mean by in search app context when using forwarder management to create a serverclass. I have the same issue. I am trying to replicate to see how it is caused. Thanks
... View more
02-11-2021
12:23 PM
Trying build a time chart for Top 10 CPU consuming Processes for a Linux host for a given timeframe. index=os host=xxxxxx source=top pctCPU != 0.0
| table COMMAND, pctCPU _time | sort - pctCPU | dedup COMMAND | head 10 I am trying to get a timechart based for the pctCPU usage only for these 10 COMMANDS. Thanks
... View more
11-19-2019
05:19 AM
|sort _time # this to make it easier for the application team to read the logs when they open the alert so that all the events are in ascending order.
|bin _time span = 16m
| stats count by host _time
|Where count > 7 # Yeah Should be 7
|Eval count = count *2 # only to display the number of minutes the value was above the threshold
| rename count AS "Minutes Over Threshold" host as Host
... View more
11-19-2019
05:14 AM
Thank you for the help.
How would i go about grabbing the earliest time of exceeded Value and the latest time for the exceeded value and taking the difference.
thank you
... View more
11-18-2019
10:30 AM
Hi,
I have an event being received once every 2 minutes. I am trying to setup an alert if the Value for the event goes beyond certain threshold for 15 mins or more. I am using the below query.
index= x host = y
|Where Value > Threshold
|sort _time
|bin _time span = 16m
| stats count by host _time
|Where count > 6
|Eval count = count *2
Does the above code need any changes to work.
Thanks in advance
... View more
08-23-2019
07:43 AM
Hi all,
Splunk search head web url is set to https://hostname:8000
Is there a way to change it to just https://splunk for our environment
Thanks,
Om
... View more
07-15-2019
06:29 AM
Hi,
We collect windows performance logs. After the update to 7.2.0, each performance counter with a Space in its name is being filled with an underscore making us change all the alerts and searches.
Can you please help how to fix this issue.
Thanks,
... View more
05-22-2019
07:43 AM
The List of Values are for the Counter % committed bytes in use. But the memory usage on the server lists it higher than the Value of the counter.
Any help is appreciated. Thank you
... View more
05-22-2019
06:23 AM
Thank you for the reply.
I tried to match the Memory usage in the Performance tab in the Windows task manager to the % Committed Bytes in Use. But the % committed bytes in use is lower than the values showed in the Task Manager. is there any other counter's value that has to be added to the % committed bytes in use.
Thank you
... View more
05-21-2019
06:52 AM
Hi all,
How do you check the total % of memory being used by a windows server.
Which Performance counter can help us find the total Percentage of memory a windows server is consuming?
Thanks,
Om
... View more
03-07-2019
09:39 AM
Hi,
We are trying to fin out memory leaks in windows servers, We are trying to track the Value of the counter Virtual_Bytes. How can we track the Value and check if it keeps on growing and how to determine the time for which it kept on increasing in value.
> 03/07/2019_11:27:38.497_-0500
> collection=Process object=Process
> counter="Virtual_Bytes"
> instance=winlogon Value=2199081287680
> host = host1 index = perfmon source = Perfmon:Process sourcetype
> = Perfmon:Process
Thanks,
Om
... View more
03-07-2019
08:47 AM
Hi @woodcock
Thank you for your help. It worked. Is there anyway to track a value to see if it keeps on increasing. We are trying to find if there are any memory leaks. For which we have to check if the value keeps increasing for a certain period of time.
Thanks,
Om
... View more
02-27-2019
04:56 AM
No results were found. We are not specifically looking for a an exact number per se 10mins. we are looking to get a dynamic dashboard which tell the amount of time its value is over 90%. It can be any amount of time. we want to calculate the number of minutes it is over 90%.
Thanks,
Om
... View more
02-26-2019
12:35 PM
The query worked but it displays the number of total times the value went above 90%. We are trying to get the duration for which the value was above 90%. We were able to get the dashboard like the image, but since we used transaction command it is comparing every occurrence of the value to the last occurrence. We are looking to get a number for each consecutive occurrence like 6mins, 10mins or so on for as long the event is at 90%.
Thanks,
Om
... View more
02-26-2019
12:03 PM
@cvssravan we re not looking for a single static number for the entire time period. We are looking for somethig like this:
If the Value goes above 90% consecutively for 10mins, we would like to get a dashboard which populates the number 10. and resets once it goes below 90%.
Thanks,
Om
... View more
02-26-2019
11:38 AM
hi,
the above query is giving me a list of all the hosts in my environment and displaying the sum(minutes_above_90_pct) as 0 for all the hosts.
... View more
02-26-2019
10:23 AM
Hi,
We are collecting windows performance logs once every two minutes to check if a server goes over 90% of the CPU usage. We are trying to track the number of minutes the values was above 90%.
the events look like this
02/25/2019_14:12:37.949_-0500 collection=CPU object=Processor counter="%_Processor_Time" instance=1 Value=98.396306059935881194
We have tried index=perfmon host=* object="processor" counter="%_processor_time" instance = * | transaction host startswith=Value>90 endswith=Value<=90 |eval _duration = duration/60 | stats values(collection) values(_duration) as time_duration values(instance) by _time, host
our results look like
We want to know for how long is the value above 90%. We are not able to generate a dashboard which says the total duration for which the values goes over 90 and comes back below 90%. The duration in our stats table does not show the total time for which the value was above 90%.
Thank
... View more
- Tags:
- splunk-enterprise
02-26-2019
06:21 AM
it worked.
Thank you very much .
... View more
02-26-2019
06:05 AM
hi @knielsen
Thank you for the help, the above query is working perfectly when I specify for a single host. Can you please help when dealing with multiple hosts. When I tried with multiple hosts the query is comparing two events of two different hosts.
Shown below are the events which the query is comparing which belong to different hosts.
02/26/2019_08:24:37.417_-0500 collection=CPU object=Processor counter="%_Processor_Time" instance=_Total Value=98.980411764203140024
02/26/2019_08:24:37.527_-0500 collection=CPU object=Processor counter="%_Processor_Time" instance=_Total Value=0.703194212318492
host = host1 host = host2 index = perfmon source = Perfmon:CPU sourcetype = Perfmon:CPU
Thanks
... View more
02-25-2019
12:31 PM
https://www.splunk.com/blog/2012/10/21/splunk-app-for-active-directory-and-the-top-10-issues.html
... View more
02-25-2019
12:29 PM
Hi,
we are trying to calculate for how long is the Value greater than 90%. We want to get the first time when the value is greater than 90% and for how long was it over 90% before it went down.
Thanks
02/25/2019_14:12:37.949_-0500 collection=CPU object=Processor counter="%_Processor_Time" instance=1 Value=98.396306059935881194
... View more
02-18-2019
09:54 AM
index=perfmon eventtype="perfmon_windows" (Host="*") Host="*" object=Process counter="Private_Bytes" earliest=-30m@m latest=-20m@m
| stats avg(Value) AS older by host process_name
| join [search index=perfmon eventtype="perfmon_windows" (Host="*") Host="*" object=Process counter="Private_Bytes" earliest=-20m@m latest=-10m@m | stats avg(Value) AS newer by host process_name _time | convert ctime(_time) as time ] |eval diff= newer - older | eval percent = (diff/older)*100
|table host, process_name, older, newer, percent , time| where newer > 4 * older | sort - percent | outputlookup append=true autotestlookup.csv
this is our current search query to compare the memory and save it in a lookup file. I am not sure if the approach we are trying is the best option.
... View more
02-18-2019
06:23 AM
Hi,
we Have been trying to detect any memory leaks on our windows servers. As of now we are just trying to compare the virtual bytes counter for two different time ranges and tracking the increase in the memory usage by a process.Later we are trying to detect patterns by saving the results in a lookupfile. Is there a better approach to achieve this.
Thanks
... View more
02-14-2019
11:57 AM
index=perfmon eventtype="perfmon_windows" (Host="*") Host="*" object=Process counter="Private_Bytes" earliest=-15m@m latest=-5m@m
| stats avg(Value) AS older by host process_name
| join [search index=perfmon eventtype="perfmon_windows" (Host="*") Host="*" object=Process counter="Private_Bytes" earliest=-5m@m latest=@m | stats avg(Value) AS newer by host process_name ]
| table host, process_name, older, newer
i used join in the place of append and used the table command at the end instead of stats and it works for now.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-15-2022
06:34 PM
|
Karma given to
