Search from Last Occurrence of a string
Hello Experts, I am trying to read the text from the last square bracket (which is TestModelCompany,en_US) 21:11:31,367 INFO [TestBenuLogger] [155.56.208.68] [716057] [-] [TestModelCompany,en_US] No 1...
View ArticleAnalyzing HEC response times on idle
Hi, thanks to the wonderful website_monitoring app, I see some interesting but unexplained tidbits. We have two indexers with HEC configurued. Because of project delays those HEC inputs are idle. I use...
View ArticleDoes this add-on work with Github's SASS solution?
I'm curious if this add-on will work with the Github SAAS solution. it looks like it's been awhile since it's been updated so just curious. If not, do you know of an add-on that does?
View ArticleNo route to host at 8089 cluster
My indexer cluster is down except for 1 out of 6. 8089 is suddenly not working for indexers and CM<>indexer comms and i get the below error messages. Its a multi site indexer cluste. I have ran...
View Articleconfigure Splunk to parse and index JSON data - line break issue
I got a custom crafted json file that holds mix of data types within. I'm a newbie with splunk administration so bear with me. This is the file I wand to parse: `{ "data": [ { "serial": [ 0 ],...
View Articlekvstore lookups from database.
Hi Please give me any feedback . ideas as to whether I am following the best action. I have a database table that is occasionally updated / add to. I would like to start using this information in...
View ArticleUnable to upload dSYM file
I'm trying to upload dSYM file from the UI https://mint.splunk.com/dashboard/project/XXX/settings/dsyms but getting an error: "Access to XMLHttpRequest at...
View ArticleUsing result fields for earliest/latest time in secondary search
I have an existing search that finds fields named "RunDate" "StartTime" "EndTime" stored as part of test run summaries. The search then proceeds to convert those time values into usable Unix, via...
View ArticleHow to check for updated apps without an online connection
Our Splunk cluster has no Internet connection by policy. Any idea how to at least semi automate update checks for splunkbase apps? thx afx
View ArticleHow to combine rows with overlapping MV values
I have data from a couple different sources that I am trying to combine together into coherent results. The issue I am running into is that sometimes the data does not line up perfectly. Both data...
View ArticleHow to trim everything from a field after a comma
I have a field that contains: CN=Joe Smith,OU=Support,OU=Users,OU=CCA,OU=DTC,OU=ENT,DC=ent,DC=abc,DC=store,DC=corp I'd like to trim off everything after the first comma. This information can always be...
View ArticleHow to search from last occurrence of a string
Hello Experts, I am trying to read the text from the last square bracket (which is TestModelCompany,en_US) 21:11:31,367 INFO [TestBenuLogger] [155.56.208.68] [716057] [-] [TestModelCompany,en_US] No 1...
View ArticleHow to configure Splunk to parse and index JSON data
I got a custom-crafted JSON file that holds a mix of data types within. I'm a newbie with Splunk administration so bear with me. This is the file I want to parse: `{ "data": [ { "serial": [ 0 ],...
View ArticleUnable to upload dSYM file and receiving error message
I'm trying to upload dSYM file from the UI https://mint.splunk.com/dashboard/project/XXX/settings/dsyms but getting an error: "Access to XMLHttpRequest at...
View ArticleHow to convert JSON into specific table format
This what we have in logs: ```index="xyz" INFO certvalidationtask ``` And this prints a JSON object which consists of a list of commonName + ExpirationDate Stage.env...
View ArticleHow to calculate percentage of data which has two different values between...
Here I have 3 fields "Status", merchantID & count. I am trying to find out the percentage of "CONFIRMED" and "REJECTED (these are values of "Status" for each merchantID. I mean calculation would be...
View ArticleSSO on OKTA using SAML error message: "**Saml response does not contain group...
Hi at all, I have the following problem: We configured SSO with OKTA using SAML. When authenticating we receive from Splunk the following error message "Saml response does not contain group information".
View ArticleResult Token not displaying in email message
I have a scheduled PDF that I need to display the dates the report was run for. Unfortunately, I just learned that the tokens will not display in the Scheduled PDF as they do when I open the dashboard...
View ArticleExecute sql command on dbconnect
Hi I have queries that does not run on db connect, but it will be run on informix server and return result. What is the reason? ![alt text][1] ![alt text][2] Thanks [1]:...
View ArticleMissing events from Splunk Universal Forwarder
I have one missing event out of 168 events from our Universal Forwarder. I've already checked the internal logs and the file has been indexed "Batch input finished reading file=", but I cannot find...
View Article