Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About AKBBB
AKBBB
Explorer
Member since:
07-18-2022
02-21-2023
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 07-18-2022 |
Activity Feed
- Got Karma for ERROR PersistentScript [23354 PersistentScriptIo] - From {/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-add-on-. 06-15-2023 07:52 PM
- Posted Why is there alerting slowness issues after upgrade? on Splunk Search. 02-21-2023 09:14 AM
- Posted ERROR PersistentScript [23354 PersistentScriptIo] - From {/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-add-on- on All Apps and Add-ons. 02-15-2023 09:13 AM
- Karma Re: Less Event displayed while searching as * then search hostname while its showing if I search at the beginning for gcusello. 02-03-2023 11:57 PM
- Posted Re: Less Event displayed while searching as * then search hostname while its showing if I search at the beginning on Splunk Search. 02-02-2023 01:15 AM
- Posted Re: Less Event displayed while searching as * then search hostname while its showing if I search at the beginning on Splunk Search. 02-02-2023 01:00 AM
- Posted Re: Less Event displayed while searching as * then search hostname while its showing if I search at the beginning on Splunk Search. 02-02-2023 12:38 AM
- Posted Re: Less Event displayed while searching as * then search hostname while its showing if I search at the beginning on Splunk Search. 02-01-2023 11:57 PM
- Posted Re: Less Event displayed while searching as * then search hostname while its showing if I search at the beginning on Splunk Search. 02-01-2023 11:46 PM
- Posted Why do less events display while searching as * then search hostname while its showing if I search at the beginning? on Splunk Search. 02-01-2023 10:49 PM
- Posted Re: How to configure Splunk after migrating it into AZURE platform? on Splunk Enterprise. 01-30-2023 05:12 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 |
02-21-2023
09:14 AM
Hi All,
After splunk upgrade from 8.0 to 9.0.2 , i am facing the slowness in alerting to create ticket .
Can anyone help on this ?
Thanks,
... View more
Labels
- Labels:
-
search job inspector
02-15-2023
09:13 AM
1 Karma
Hi Splunkers, I have developed the custom Add On one one server on which its working fine , when i have exported on another server, its giving the below error. i have gone through the many articles on community and found its somehow relate to password.conf file. mean since its built on different server so it had encrypted password with their splunk.secret and kvstore. now please help me out how can I resolve issue on here another server and update password.conf or bind with this another server. ERROR PersistentScript [23354 PersistentScriptIo] - From {/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk-add-on-for-nimsoft/bin/splunk_add_on_for_nimsoft_rh_settings.py persistent}: WARNING:root:Run function: get_password failed: Traceback (most recent call last): Thanks in advance,
... View more
Labels
02-02-2023
01:15 AM
we are calculating % of server availability from the code and 2nd search is part of whole query (from where event discrepancy is there) in this we are searching all events then calculating availability based on each server, when 0% availability was seen so then I searched putting server in start of query then its resulting availability .
... View more
02-02-2023
01:00 AM
If I search by using below SPL index=prod_solarwinds (source="rest://Prod_Solarwinds_Agent_Asset" OR source="rest://Prod_Solarwinds_ICMP_Asset" ) Caption=FREQSAPP150 |search Vendor="*" Caption="*" |search * Vendor="*" |dedup _time |table _time Caption ResponseTime Status | replace *-primary WITH * IN Caption | replace *-secondary WITH * IN Caption |eval Availablity = if(ResponseTime < 0 AND Status=2,0,1) |sort Caption _time limit=0 |dedup _time Caption I get 2760 records while using index=prod_solarwinds (source="rest://Prod_Solarwinds_Agent_Asset" OR source="rest://Prod_Solarwinds_ICMP_Asset" ) |search Vendor="*" Caption="*" |search * Vendor="*" |dedup _time |table _time Caption ResponseTime Status | replace *-primary WITH * IN Caption | replace *-secondary WITH * IN Caption | search Caption=FREQSAPP150 |eval Availablity = if(ResponseTime < 0 AND Status=2,0,1) |sort Caption _time limit=0 |dedup _time Caption I get only 3 as below Complete 5,889 events (1/1/23 12:00:00.000 AM to 2/1/23 12:00:00.000 AM) time Caption ResponseTime Status Availablity 2023-01-29 15:00:47 FREQSAPP150 -1 2 0 2023-01-29 16:52:51 FREQSAPP150 -1 2 0 2023-01-31 19:06:59 FREQSAPP150 -1 2 0 problem is here due to this Availaibility from search is coming around 80% and from second its coming 0, i want understand why its happening
... View more
02-02-2023
12:38 AM
I have to use the 2nd search only in whole query of dashboard . so this logic should work . so cant remove becoz this need to apply on lots of many other server . In 1st logic if I put Caption=FREQSAPP150 it aslo producing 2760 events
... View more
02-01-2023
11:57 PM
but 2nd search should return all events which is coming in 1st search why not getting , please suggest
... View more
02-01-2023
11:46 PM
If I search by using below SPL index=prod_solarwinds (source="rest://Prod_Solarwinds_Agent_Asset" OR source="rest://Prod_Solarwinds_ICMP_Asset" ) FREQSAPP150 |search Vendor="*" Caption="*" |search * Vendor="*" |dedup _time |table _time Caption ResponseTime Status | replace *-primary WITH * IN Caption | replace *-secondary WITH * IN Caption |eval Availablity = if(ResponseTime < 0 AND Status=2,0,1) |sort Caption _time limit=0 |dedup _time Caption I get 2760 records while using index=prod_solarwinds (source="rest://Prod_Solarwinds_Agent_Asset" OR source="rest://Prod_Solarwinds_ICMP_Asset" ) |search Vendor="*" Caption="*" |search * Vendor="*" |dedup _time |table _time Caption ResponseTime Status | replace *-primary WITH * IN Caption | replace *-secondary WITH * IN Caption | search Caption=FREQSAPP150 |eval Availablity = if(ResponseTime < 0 AND Status=2,0,1) |sort Caption _time limit=0 |dedup _time Caption I get only 3 as below Complete 5,889 events (1/1/23 12:00:00.000 AM to 2/1/23 12:00:00.000 AM) time Caption ResponseTime Status Availablity 2023-01-29 15:00:47 FREQSAPP150 -1 2 0 2023-01-29 16:52:51 FREQSAPP150 -1 2 0 2023-01-31 19:06:59 FREQSAPP150 -1 2 0
... View more
02-01-2023
10:49 PM
Hi Guys,
Less Event displayed while searching as * then search hostname while its showing if I search at the beginning with hostname
Please suggest why it is misbehaving and what is the Solution for this to get all events .
Thanks in advance.
... View more
Labels
- Labels:
-
subsearch
01-30-2023
05:12 AM
I do have same use case , please respond anyone where can I find the solution around this.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-21-2023
01:35 PM
|
