Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About ssuluguri
ssuluguri
Path Finder
Member since:
01-23-2023
Thursday
Community Statistics
| Posts | 42 |
| Solutions | 1 |
| Karma Given | 23 |
| Karma Received | 1 |
| Member Since | 01-23-2023 |
Activity Feed
- Karma Re: Splunk data migration from Splunk cloud to other tool for kiran_panchavat. Thursday
- Posted Re: Splunk data migration from Splunk cloud to other tool on Deployment Architecture. Thursday
- Karma Re: Splunk data migration from Splunk cloud to other tool for livehybrid. Thursday
- Posted Splunk data migration from Splunk cloud to other tool on Deployment Architecture. Thursday
- Posted Re: How to get count 0 for the field value which is not matching with events on Splunk Search. 08-07-2024 10:26 AM
- Posted Re: How to get count 0 for the field value which is not matching with events on Splunk Search. 08-05-2024 11:29 AM
- Karma Re: How to get count 0 for the field value which is not matching with events for yuanliu. 08-05-2024 11:23 AM
- Karma Re: How to get count 0 for the field value which is not matching with events for ITWhisperer. 08-05-2024 11:23 AM
- Posted Re: How to get count 0 for the field value which is not matching with events on Splunk Search. 08-05-2024 11:22 AM
- Karma Re: How to get count 0 for the field value which is not matching with events for yuanliu. 08-05-2024 11:19 AM
- Posted Re: How to get count 0 for the field value which is not matching with events on Splunk Search. 08-02-2024 11:22 AM
- Posted Re: How to get count 0 for the field value which is not matching with events on Splunk Search. 08-02-2024 11:20 AM
- Posted How to get count 0 for the field value which is not matching with events on Splunk Search. 08-01-2024 01:36 PM
- Posted Disabled alerts are triggering from SH cluster member on Splunk Enterprise. 01-12-2024 10:35 AM
- Posted Re: Universal forwarder upgrade matrix on Installation. 10-23-2023 02:27 PM
- Posted Universal forwarder upgrade matrix on Installation. 10-20-2023 11:18 AM
- Karma Re: Federated search head validation for richgalloway. 07-26-2023 10:47 AM
- Posted Re: Federated search head validation on Security. 07-26-2023 09:35 AM
- Karma Re: Federated search head validation for richgalloway. 07-26-2023 09:35 AM
- Posted Federated search head validation on Security. 07-26-2023 08:40 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
Thursday
I just needed some help from Splunk regarding a request from our clients. So, a client is migrating from Splunk to Sentinel but has about 25 TBs of data still on Splunk cloud which they want to keep for at least a year. The data should be readable for investigations and compliance purposes. I know the client might need Splunk professional services for all options mentioned above since it's Splunk Cloud but what would be the best and most cost-effective solution for them? Can you please help and advise what could be the best way forward.
... View more
Labels
08-07-2024
10:26 AM
Appreciated for the time you spent on it , it worked .
... View more
08-05-2024
11:29 AM
Overall our requirement is that " We are passing a lookup where both Primary and Secondary devices defined , if only both stopped sending the events then we need to display the hosts "
this is the query I prepared , but not giving the exact requirement , can you optimize , help .
| tstats count max(_time) AS latest_event_time where index=firewall sourcetype="cisco:ftd" [| inputlookup Firewall_list.csv | table Primary | Rename Primary AS host] groupby host
| append [|inputlookup Firewall_list.csv | table Primary | Rename Primary AS host | eval count=0]
| stats sum(count) as count max(latest_event_time) AS latest_event_time by host |rename host as Pri
|append [| tstats count max(_time) AS latest_event_time where index=firewall sourcetype="cisco:ftd" [| inputlookup Firewall_list.csv | table Secondary | Rename Secondary AS host] groupby host
| append [|inputlookup Firewall_list.csv | table Secondary | Rename Secondary AS host | eval count=0]
| stats sum(count) as count max(latest_event_time) AS latest_event_time by host |rename host as Sec]
Host are in lookup
... View more
08-05-2024
11:22 AM
Thanks a lot it worked . Adding to that I m passing two values from lookup as below , if both hosts event count is zero then I need the result to display the host name which are passing from lookup . Can you help me here .
... View more
08-02-2024
11:22 AM
This is not giving results which needed , I see 0 for each entry from lookup
... View more
08-02-2024
11:20 AM
Thanks for your time , I see the data which is coming 0 for each entry coming from lookup but it should give only value 0 for the host which is not sending events .
... View more
08-01-2024
01:36 PM
Hi Splunkers,
My requirement is below .
I have lookup where 7 hosts defined . when my search is running for both tstats and stats I only get 5 hosts count which are greater than 0 . Can someone help how can we get count 0 for the field which we are passing from lookup .
Query :
| tstats count max(_time) AS latest_event_time where index=firewall sourcetype="cisco:ftd" [| inputlookup Firewall_list.csv | table Primary | Rename Primary AS host] groupby host
... View more
Labels
- Labels:
-
count
01-12-2024
10:35 AM
Hi Team, We have SH Cluster as below . 3 SHs members,1 Deployer. We have few alerts keep on firing with splunk@<> sender even though we configured our customised sender and also few alerts were disabled but still they are firing from same one SH cluster members and from other 2 not(which is expected). Raised multiple vendor cases but no help. Can someone help
... View more
Labels
- Labels:
-
troubleshooting
10-23-2023
02:27 PM
We are on splunk platform . We have server reporting to on prem Deployment servers and outputs configured to send cloud indexers .
... View more
10-20-2023
11:18 AM
Hi All, We have various splunk UFs running on windows ,unix machines . We are planning to upgrade all the versions to latest universal forwarder . We have versions from : 6.5.0 to 8.2.7 . Our plan to upgrade to 9.x Can someone help intermediate versions to upgrade from 6.5.0 to 9.X
... View more
Labels
- Labels:
-
universal forwarder
07-26-2023
08:40 AM
Hi Team, I have created a federated provider and test connection successful . what will be our next steps ? is federated index mandatory to create ? if yes all the indexes across SHs should be created ?'
... View more
Labels
- Labels:
-
login
07-14-2023
10:34 AM
Hi all , We have a scripted input and when its exaction started we are keep on getting "INFO prior run of stanza 'ExchangeClientExperience' is still in progress. Skip this one" . If anyone experiencing and got resolution , please help us too.
... View more
Labels
- Labels:
-
scripted input
07-12-2023
12:09 PM
Thanks for the reply Meet. 1.Data is indexing on cloud 2.Data automatically populating for sometimes and going OFF. Backend raw data .
... View more
- Tags:
- for yo
07-11-2023
12:02 PM
Hi Team,
We are ingesting data from syslot to splunk using Cyberark App . Data is going ON and OFF even though data available on /var/log/Cyberark .
Can you suggest what can be the issue .
... View more
Labels
- Labels:
-
indexer
06-30-2023
08:43 AM
I was getting same error, but after splunk restarted data started collecting
... View more
05-27-2023
01:24 AM
Hi Team,
I have requested to turn on HSH and they shared the Manager_uri and pass key but when trying to add its getting failed .
Can someone help .
... View more
Labels
- Labels:
-
troubleshooting
05-01-2023
08:09 AM
Hi , I have got similar request to configure between splunk cloud and powerBI , I am getting below error . "Verify the server URL. Error parsing JSON: Expect either an object or array at root" Can someone help on this .
... View more
04-25-2023
09:51 AM
Hi Team,
We have received a request to pull data from Rest API . Can you please help with any document which can help to configure .
... View more
04-24-2023
06:41 AM
@VatsalJagani : Can you give more information on those two links you shared. which app best suits ? what are the prr-requisites? any mandatory configuration ? If you dont mind can you give step by step process .
... View more
04-19-2023
08:05 AM
Hi team,
We have got a requirement "some dashboarding in PowerBI and connecting it to Splunk for data."
Is it possible in splunkcloud environment ?
If yes , can you please help me with steps to configure
... View more
Labels
- Labels:
-
configuration
04-13-2023
02:50 PM
Hi Team, We have a custom which is creating incident in SNOW , if the alert triggered from Splunk . But from past few days its not happening and getting this error . "ERROR sendmodalert [4016 AlertNotifierWorker-0] - action=sn_sec_incident_alert_admin STDERR - Failed to create an incident in snow". Your help is much needed and appreciated
... View more
Labels
- Labels:
-
troubleshooting
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Thursday
|
Karma given to
