About romux

romux · ‎08-05-2022

On complement, I see with Browser Dev tools When I see the bug job and result_preview arrived before underscore and theme_utils When Highlighting work, we see that underscore.js and themeUtils.js is loaded before job & result_preview

romux · ‎08-05-2022

Hi, On last version of Dashboard Examples (v 8.2.5) & Splunk (v9.0), I see a bug with table cell highlight JS. When you go on Table cell Page on dashboard Examples, you see table with cell highlighting work correctly. But if you refresh avec Ctrl + R this page, randomly, Highlighting disappear. I reproduce the same bug with a custom dashboard. Have you the same Bug ?

romux · ‎09-17-2018

I have an Error on splunkd.log 09-17-2018 13:02:52.305 +0200 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 130, in init\n hand.execute(info)\n File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 594, in execute\n if self.requestedAction == ACTION_LIST: self.handleList(confInfo)\n File "/opt/splunk/etc/apps/TA-azure-event-hubs-connector---modular-input/bin/ta_azure_event_hubs_connector_modular_input/splunk_aoblib/rest_migration.py", line 38, in handleList\n AdminExternalHandler.handleList(self, confInfo)\n File "/opt/splunk/etc/apps/TA-azure-event-hubs-connector---modular-input/bin/ta_azure_event_hubs_connector_modular_input/splunktaucclib/rest_handler/admin_external.py", line 40, in wrapper\n for entity in result:\n File "/opt/splunk/etc/apps/TA-azure-event-hubs-connector---modular-input/bin/ta_azure_event_hubs_connector_modular_input/splunktaucclib/rest_handler/handler.py", line 118, in wrapper\n raise RestError(exc.status, exc.message)\nRestError: REST Error [404]: Not Found -- HTTP 404 Not Found -- {"messages":[{"type":"ERROR","text":"Not Found"}]}\n

romux · ‎09-17-2018

Hi, See an extract of input.conf (This is specific of Windows to UNIX format). You need to make dos2unix. All of your file (conf, python script) have escape character ^M https://unix.stackexchange.com/questions/134695/what-is-the-m-character-called [azure_event_hubs_capture_logs]**^M** start_by_shell = false**^M** sourcetype = eventhubslogs^M interval = 30^M disabled = 0^M ^M Splunk failed to load module because all of your files have this character. Regards Romux

romux · ‎09-14-2018

Hi, All of your files have ^M at end of the lines. You have to edit or construct your Add-on on Windows Server ? Splunk Heavy Forwarder crash with that. Regards Romux

romux · ‎12-13-2017

Hi, For calculate Application unavailable Time on Workhours, I try to find a solution to exclude period time : 7PM to 7am no workhours time Week-end period time But duration keep elapsetime of Saturday and Sunday when my transaction during some days. Do you have an tricks&tips to exclude that because my SPL is very very long and I can't take again all case? index=xxx_appli_alerts (scenario=APPLI1) NOT scenario=PERF_* NOT criticity=HP | transaction scenario startswith=eval(status!="RECOVERY") endswith=eval(status="RECOVERY") | eval starttime=strftime(_time, "%Y-%m-%d %H:%M:%S") | eval endtime=strftime(_time+duration, "%Y-%m-%d %H:%M:%S") | eval number_of_day=strftime(duration, "%d") | eval hour_of_the_starttime=strftime(_time, "%H") | eval hour_of_the_endtime=strftime(_time+duration, "%H") | eval anomaly_hno=if((strftime(_time,"%d") != strftime(_time+duration,"%d")),"YES","NO") | eval anomaly_weekend=if(((strftime(_time,"%w") == "5" AND hour_of_the_starttime >= "19") OR strftime(_time,"%w") == "6" OR strftime(_time,"%w") == "0") AND (strftime(_time,"%d") != strftime(_time+duration,"%d")),"YES","NO") | eval hno_period=(19-7)*60*60*(number_of_day-1) | eval work_start=if(hour_of_the_starttime >=19 OR hour_of_the_starttime < 7,"HNO", "HO") | eval work_end=if(hour_of_the_endtime >=19 OR hour_of_the_endtime < 7,"HNO", "HO") | eval day_of_week=strftime(_time,"%w") | eval starttime=case( anomaly_weekend=="YES", strftime(relative_time(_time,"+w@w1+7h"),"%Y-%m-%d %H:%M:%S"), (work_start=="HNO" AND work_end=="HO") AND hour_of_the_starttime >=19 ,strftime(relative_time(_time,"@d+1d+7h"),"%Y-%m-%d %H:%M:%S"), (work_start=="HNO" AND work_end=="HO") AND hour_of_the_starttime < 7, strftime(_time, "%Y-%m-%d 07:00:00"), (work_start=="HNO" AND work_end=="HNO") OR (work_start=="HO" AND work_end=="HO") OR (work_end=="HNO" AND work_start=="HO"),starttime ) | eval endtime=case( (work_end=="HNO" AND work_start=="HO") AND hour_of_the_endtime >=19 ,strftime(relative_time(_time+duration,"@d+19h"),"%Y-%m-%d %H:%M:%S"), (work_end=="HNO" AND work_start=="HO") AND hour_of_the_endtime < 7, strftime(_time+duration, "%Y-%m-%d 19:00:00"), (work_start=="HNO" AND work_end=="HNO") OR (work_start=="HO" AND work_end=="HO") OR (work_start=="HNO" AND work_end=="HO"),endtime) | eval calcul_hno=(strptime(strftime(_time+duration,"%Y-%m-%d %H:%M:%S"),"%Y-%m-%d %H:%M:%S")-strptime(strftime(relative_time(_time+duration,"@d+7h"),"%Y-%m-%d %H:%M:%S"),"%Y-%m-%d %H:%M:%S"))+(strptime(strftime(relative_time(_time,"@d+19h"),"%Y-%m-%d %H:%M:%S"),"%Y-%m-%d %H:%M:%S")-strptime(strftime(_time,"%Y-%m-%d %H:%M:%S"),"%Y-%m-%d %H:%M:%S")) | eval duration=case( anomaly_hno=="YES" AND anomaly_weekend=="YES", strptime(endtime,"%Y-%m-%d %H:%M:%S")-strptime(starttime,"%Y-%m-%d %H:%M:%S"), anomaly_hno=="NO" AND anomaly_weekend=="YES", strptime(endtime,"%Y-%m-%d %H:%M:%S")-strptime(starttime,"%Y-%m-%d %H:%M:%S"), anomaly_hno=="NO" AND anomaly_weekend=="NO", strptime(endtime,"%Y-%m-%d %H:%M:%S")-strptime(starttime,"%Y-%m-%d %H:%M:%S"), anomaly_hno=="YES" AND anomaly_weekend=="NO" AND day_of_week!=5, strptime(endtime,"%Y-%m-%d %H:%M:%S")-strptime(starttime,"%Y-%m-%d %H:%M:%S")-hno_period, anomaly_hno=="YES" AND anomaly_weekend=="NO" AND day_of_week=5, calcul_hno ) | dedup _raw | search NOT (work_start="HNO" AND work_end="HNO") | lookup plage_unavailable.csv application AS scenario OUTPUT datedeb datefin | where NOT (strptime(starttime,"%Y-%m-%d %H:%M:%S") > strptime(datedeb,"%Y-%m-%d %H:%M:%S") AND strptime(starttime,"%Y-%m-%d %H:%M:%S") < strptime(datefin,"%Y-%m-%d %H:%M:%S")) | stats values(endtime) as endtime first(step) as step values(criticity) as bundle sum(duration) as duration values(work_start) values(work_end) values(anomaly_hno) values(anomaly_weekend) values(day_of_week) values(calcul_hno) values(number_of_day) by starttime, scenario | eval duration=round(duration,0) | replace C1 WITH GOLD IN bundle | replace C2 WITH SILVER in bundle | addcoltotals label=duration | eval duration=tostring(duration,"duration")

romux · ‎10-12-2017

Hi, I want to troubleshoot & Observe activity of ITSI and I want to know if I have Metrics to look : - Engine activity (consumer, refresher queue, etc ...) - KPI & Service - ... Best regards Romuald

Posts	7
Solutions	0
Karma Given	1
Karma Received	0
Member Since	‎03-04-2013

Online Status	Offline
Date Last Visited	‎08-08-2022 09:46 AM

Is anyone else experiencing this Bug in Dashboard ...

Azure Event Hubs Connector - Modular Input: Bug de...

Transaction : How to exclude Night hour and Week-e...

How can I monitor ITSI Engine Activities to help m...

Re: Is anyone else experiencing this Bug in Dashbo...

Is anyone else experiencing this Bug in Dashboard ...

Re: Azure Event Hubs Connector - Modular Input: Bu...

Re: Azure Event Hubs Connector - Modular Input: Bu...

Azure Event Hubs Connector - Modular Input: Bug de...

Transaction : How to exclude Night hour and Week-e...

How can I monitor ITSI Engine Activities to help m...