Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About anwar114
anwar114
Explorer
Member since:
10-16-2017
03-24-2021
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 10-16-2017 |
Activity Feed
- Karma Re: How can we find size of events in a particular duration? for rajgowd1. 06-29-2020 05:02 AM
- Posted Re: Issue in Microsoft Log Analytics Add-on(Formerly Know as OMS) on All Apps and Add-ons. 06-21-2020 01:44 AM
- Tagged Re: Issue in Microsoft Log Analytics Add-on(Formerly Know as OMS) on All Apps and Add-ons. 06-18-2020 03:21 AM
- Posted Re: Issue in Microsoft Log Analytics Add-on(Formerly Know as OMS) on All Apps and Add-ons. 06-18-2020 02:44 AM
- Karma Re: intermittent events missing when pulling through Microsoft Log Analytics Add-on (Formerly Known as OMS) for jkat54. 06-05-2020 12:51 AM
- Posted Re: need to consider special format in csv as same field value on Getting Data In. 03-15-2020 09:16 PM
- Posted need to consider special format in csv as same field value on Getting Data In. 03-15-2020 03:30 PM
- Tagged need to consider special format in csv as same field value on Getting Data In. 03-15-2020 03:30 PM
- Tagged need to consider special format in csv as same field value on Getting Data In. 03-15-2020 03:30 PM
- Tagged need to consider special format in csv as same field value on Getting Data In. 03-15-2020 03:30 PM
- Posted Re: intermittent events missing when pulling through Microsoft Log Analytics Add-on (Formerly Known as OMS) on All Apps and Add-ons. 02-23-2020 01:41 AM
- Posted Re: intermittent events missing when pulling through Microsoft Log Analytics Add-on (Formerly Known as OMS) on All Apps and Add-ons. 02-09-2020 09:16 PM
- Posted Re: intermittent events missing when pulling through Microsoft Log Analytics Add-on (Formerly Known as OMS) on All Apps and Add-ons. 02-09-2020 02:04 AM
- Posted Re: intermittent events missing when pulling through Microsoft Log Analytics Add-on (Formerly Known as OMS) on All Apps and Add-ons. 02-05-2020 09:12 PM
- Posted intermittent events missing when pulling through Microsoft Log Analytics Add-on (Formerly Known as OMS) on All Apps and Add-ons. 02-04-2020 10:42 PM
- Tagged intermittent events missing when pulling through Microsoft Log Analytics Add-on (Formerly Known as OMS) on All Apps and Add-ons. 02-04-2020 10:42 PM
- Tagged intermittent events missing when pulling through Microsoft Log Analytics Add-on (Formerly Known as OMS) on All Apps and Add-ons. 02-04-2020 10:42 PM
Topics I've Started
06-21-2020
01:44 AM
Hi, @jkat54 i have version 1.0.3. There is line break issue happening still. appreciate a start up where to for fixing it. Let me know more details needed. Thanks in advance
... View more
06-18-2020
02:44 AM
hi, I am having single event breaking issue for couple of events. versions is 1.0.3. Would you be able to suggest ways to tackle the issue. Only below errors from logs , but these WARN message doesn't coincide with the event which is broken : WARN LineBreakingProcessor - Truncating line because limit of 10000 bytes has been exceeded with a line length >= 11423 - data_source="log_analytics://xxxxxxxx", data_host="xxxxxxxxx", data_sourcetype="loganalytics" WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event. Defaulting to timestamp of previous event (Thu Jun 18 09:14:20 2020). Context: source=log_analytics://xxxxxxxxx|host=xxxxxxxx|loganalytics|\n 5 similar messages suppressed. First occurred at: Thu Jun 18 09:07:52 2020 Thanks in Advance.
... View more
- Tags:
- @jkat54
03-15-2020
09:16 PM
is there a way to do it (escape the quotations or remove them ) from splunk before or while indexing. as the csv is an output from another system commandline there is no much we can do from that side. thx
... View more
03-15-2020
03:30 PM
Is there a way to let splunk know when ever the format like "32770": ALL_REQ:2 | CT_FLAG(32768) keep it as a single field value in csv .
Data:
"123","EMPTY","1766 Bytes","32770": ALL_REQ:2 | CT_FLAG(32768),"131680": 20(32) | CT_FLAG |MODIFIED:20000(131072),"44d5","200 bytes"
using normal csv extraction splunk extracts fields to :
field1 :123
field2: EMPTY
field3: 1766 Bytes
field4: "32770": ALL_REQ:2 | CT_FLAG(32768),"131680": 20(32) | CT_FLAG |MODIFIED:20000(131072), 44d5
field5: "200 bytes"
splunk combines field4 & field5 into a single field. thereafter all other field values gets pre jumped .
Result required after field extraction:
field1 :123
field2: EMPTY
field3: 1766 Bytes
field4: "32770": ALL_REQ:2 | CT_FLAG(32768)
field5: "131680": 20(32) | CT_FLAG |MODIFIED:20000(131072)
field6: 44d5
field7: 200 bytes
... View more
02-23-2020
01:41 AM
did the change looks like events are appearing now. will monitor .
Thanks for quick response and suggestions
... View more
02-09-2020
09:16 PM
This is my settings now:
interval : 840 (14min)
lag time : 15
My initial was as below which was working till 2 weeks before, then i changed to above both are not working.
interval : 60
lag time : 15
... View more
02-09-2020
02:04 AM
Its bit strange behaviour. When i disable and enable the input , it pulls all the events from the eventhub. all works well.
thereafter for regular interval pulls it skips some events and pulls some (cannot figure out whats going wrong for certain events to be skipped and certain pulled during regular pulls.)
... View more
02-05-2020
09:12 PM
appreciate if @jkat54 have a look.
... View more
02-04-2020
10:42 PM
Hi,
intermittent events missing when pulling through Microsoft Log Analytics Add-on (Formerly Known as OMS) .
can not find any err or warn in the internal logs.
When tried to pull with larger Event Delay / Lag Time it pulled all the events.
so its working but when changed to 15 min it again has this intermittent event loss.
interval : 60
Also is there a plan for python 3 support , eventually splunk 8 would go for python 3.
... View more
