Archive

Can Splunk find love?

to4kawa
SplunkTrust
SplunkTrust

Since Valentine's Day is near,
Splunk can search for everything. And it might find love, I thought.

How?

Tags (1)
1 Solution

to4kawa
SplunkTrust
SplunkTrust

Hey, Look. I find it!
love

| makeresults count=2
| streamstats count as x
| eval x=if(x=1,0.00000,1.80000)
| makecontinuous x span=0.01
| eval z=split("A#B#C#D","#")
| stats values(x) as x by z
| stats count by x z
| eval y = case(x < 1 AND (z="A" OR z="C"),exact(pow(x,(2/3))) + exact(sqrt(1 - pow(x,2)))
,x < 1 AND (z="B" OR z="D"),exact(pow(x,(2/3))) - exact(sqrt(1 - pow(x,2))))
| eval x = if(z="C" OR z="D",x * -1, x)
| table x , y
| sort 0 x
| rename y as LOVE

cf. technical detail

View solution in original post

to4kawa
SplunkTrust
SplunkTrust

Hi,everyone
Thank you for so many answers.
Can splunk find love?
yes

Happy Valentine's Day and Happy Splunking!

to4kawa
SplunkTrust
SplunkTrust

Hey, Look. I find it!
love

| makeresults count=2
| streamstats count as x
| eval x=if(x=1,0.00000,1.80000)
| makecontinuous x span=0.01
| eval z=split("A#B#C#D","#")
| stats values(x) as x by z
| stats count by x z
| eval y = case(x < 1 AND (z="A" OR z="C"),exact(pow(x,(2/3))) + exact(sqrt(1 - pow(x,2)))
,x < 1 AND (z="B" OR z="D"),exact(pow(x,(2/3))) - exact(sqrt(1 - pow(x,2))))
| eval x = if(z="C" OR z="D",x * -1, x)
| table x , y
| sort 0 x
| rename y as LOVE

cf. technical detail

View solution in original post

emeelan_splunk
Splunk Employee
Splunk Employee

Just don't use the Drake equation...you'll be seriously depressed.
https://www.maa.org/news/math-news/drake-equation-adapted-to-estimate-soulmate-search-odds

0 Karma

to4kawa
SplunkTrust
SplunkTrust

too little!!
But I believe to find a little more.

0 Karma

jpolvino
Builder

When I set my eyes upon you, dearest Splunky
And lookup at my rare love,
My mind doth return
from a search for a perfect union.

Who could predict
We could sort our diffs and join?
As I crawl with my tail between my legs
To join my top love once again!

I never metadata source so robust and uniq
From head to tail,
Dearest Splunky, which none can replace.

to4kawa
SplunkTrust
SplunkTrust
| windbag
| regex "[love]"
0 Karma

acharlieh
Influencer

True love is the greatest thing in the world - except for a nice MLT - mutton lettuce and tomato san... but when discussing the application of mathematics and technology in the search for love, I feel it's important to keep in mind that your normal approach is useless here:
Even the identity matrix doesn't work normally

But, Splunk enables you to bring data from Everything, and apply it to Everything. So what are you passionate about? You could use that power for good causes and enable the charities that you are passionate about. Or maybe you're passionate about other things... maybe cars, or barbeque, or parties, brewing, or anything else you can think of. It's simply a matter of getting that data into Splunk to start analyzing it to help making decisions to improve things

And on that journey of bringing data to your passions, there have been and continue to be a lot of awesome people in the worldwide Splunk Community... Between Slack, here on Answers, Reddit, many local user groups, and lots of other places around the world and online, there are so many folks, passionate in their respective areas, who are willing to help and talk and spread new ideas about the uses of Splunk, Phantom, VictorOps, SignalFX, Omnition, UBA, DSP, and many other solutions supported by Splunk, Inc, and even those used often around Splunk solutions, to make everyone's work and personal lives better. Some of them may even share your particular passions as well!

The Splunk community is the heart of Splunk... and finding them was an experience of finding my people. I love those who have mentored me there, and I love giving back and helping others find that same spark that I had with it. Because of the Splunk Community, .conf has become much more than just a Vendor conference to learn what's new and awesome around Splunk... for me and others, it's become that camp where I know I'll be able to see in person and catch up with all the people I love, and have missed seeing them in person over the past year. These people have both seen me at my best, and helped me through my worst... and there are even a few of them where I would hop on a plane at a moments notice to come help if they needed me to.

So sure Splunk helped me find love...

Perhaps somewhat differently than you may have intended... but what is love?
Baby don't hurt me, don't hurt me, no more

to4kawa
SplunkTrust
SplunkTrust

Oh,
Old days you sang Never gonna give you up, now such a sad song

what is love? I don't know , too.
But I want to find a little more.

0 Karma

spayneort
Contributor
0 Karma

to4kawa
SplunkTrust
SplunkTrust

Thank you, It will be helpful.
But I want to find a little more.

0 Karma

nickhills
Ultra Champion

https://www.splunk.com/en_us/blog/tips-and-tricks/valentines2015.html

If my comment helps, please give it a thumbs up!

to4kawa
SplunkTrust
SplunkTrust

Thank you, there was such an article.
But I want to find a little more.

0 Karma

to4kawa
SplunkTrust
SplunkTrust
<form>
  <label>text to bin</label>
  <fieldset submitButton="false" autoRun="true">
    <input type="text" token="field1">
      <label>Text</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>| makeresults count=1112
| streamstats current=f count
| where match(count,"^[01]?[01]?[01]?[01]$$")
| eval count =printf("%04d",count)
| stats list(count) as hex2bin
| eval counter = mvappend(mvrange(0,10),split("abcdef",""))
| appendcols [| makeresults count=256
| streamstats count as code
| eval ascii=printf("%c",code)
| stats values(ascii) as ascii
| eval code=mvrange(1,256)]
| eval text="$field1$"
| appendpipe [
| eval text_len=mvrange(1,len(text)+1)
| rex field=text_len mode=sed "s/(\d+)/bin_\1/g"
| stats count by text_len
| transpose header_field=text_len column_name=text]
| head 1
| foreach bin_* 
    [ eval <<FIELD>> = mvindex(split(text,""),<<MATCHSTR>> -1)
    | eval <<FIELD>> = mvindex(code,mvfind(ascii,<<FIELD>>))
    | eval <<FIELD>>_upper = printf("%x",floor(<<FIELD>> / 16)) 
    | eval <<FIELD>>_lower = printf("%x",(<<FIELD>> % 16)) 
    | eval <<FIELD>>_upper=mvindex(hex2bin,mvfind(counter,<<FIELD>>_upper)) 
    | eval <<FIELD>>_lower=mvindex(hex2bin,mvfind(counter,<<FIELD>>_lower))
    | eval result=mvappend(result,<<FIELD>>_upper,<<FIELD>>_lower)]
    | table text result
    | eval result=mvjoin(result," ")</query>
          <earliest>0</earliest>
          <latest></latest>
          <sampleRatio>1</sampleRatio>
        </search>
      </table>
    </panel>
  </row>
</form>

Text to Bin

0 Karma

jkat54
SplunkTrust
SplunkTrust

Try this dashboard to find out the answer:

https://pastebin.com/Rw4DM0RC

Sorry for the pastebin link, but the forum keeps giving 500 error when I post the code here.

<form>
  <label>Valentine's Day Slots by Michael Camp Bentley</label>
  <fieldset submitButton="true" autoRun="true">
    <input type="dropdown" token="bet" searchWhenChanged="true">
      <label>Bet Amount</label>
      <choice value="1">Bet $1</choice>
      <choice value="5">Bet $5</choice>
      <choice value="10">Bet $10</choice>
      <default>1</default>
      <initialValue>1</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <single>
        <search>
          <query>| makeresults count=1 
| eval participants= printf("%c",tonumber("1F47C",16)).",".printf("%c",tonumber("2661",16)).",".printf("%c",tonumber("1F498",16)).",".printf("%c",tonumber("1F48F",16)) 
| makemv delim="," participants 
| mvexpand participants 
| streamstats count(participants) as count1 
| stats range(count1) as range values(participants) as participants 
| eval number_of_participants=tonumber(range+1) 
| eval random=random()%$$number_of_participants$$
| eval a=upper(mvindex(participants,random)) 
| fields a 
| appendcols 
    [| makeresults count=1 
    | eval participants= printf("%c",tonumber("1F47C",16)).",".printf("%c",tonumber("2661",16)).",".printf("%c",tonumber("1F498",16)).",".printf("%c",tonumber("1F48F",16)) 
    | makemv delim="," participants 
    | mvexpand participants 
    | streamstats count(participants) as count1 
    | stats range(count1) as range values(participants) as participants 
    | eval number_of_participants=tonumber(range+1) 
    | eval random=random()%$$number_of_participants$$
    | eval b=upper(mvindex(participants,random)) 
    | fields b] 
| appendcols 
    [| makeresults count=1 
    | eval participants= printf("%c",tonumber("1F47C",16)).",".printf("%c",tonumber("2661",16)).",".printf("%c",tonumber("1F498",16)).",".printf("%c",tonumber("1F48F",16)) 
    | makemv delim="," participants 
    | mvexpand participants 
    | streamstats count(participants) as count1 
    | stats range(count1) as range values(participants) as participants 
    | eval number_of_participants=tonumber(range+1) 
    | eval random=random()%$$number_of_participants$$
    | eval c=upper(mvindex(participants,random)) 
    | fields c] 
| eval earnings=case(
    a==printf("%c",tonumber("1F48F",16)) AND b==printf("%c",tonumber("1F48F",16)) AND c==printf("%c",tonumber("1F48F",16)),1000,
    a==printf("%c",tonumber("1F498",16)) AND b==printf("%c",tonumber("1F498",16)) AND c==printf("%c",tonumber("1F498",16)) ,500,
    a==printf("%c",tonumber("2661",16)) AND b==printf("%c",tonumber("2661",16)) AND c==printf("%c",tonumber("2661",16)) ,250,
    a==printf("%c",tonumber("1F47C",16)) AND b==printf("%c",tonumber("1F47C",16)) AND c==printf("%c",tonumber("1F47C",16)) ,100,
    a==printf("%c",tonumber("1F48F",16)) AND b==printf("%c",tonumber("1F48F",16)) OR b==printf("%c",tonumber("1F48F",16))
    AND c==printf("%c",tonumber("1F48F",16)) OR a==printf("%c",tonumber("1F48F",16)) AND c==printf("%c",tonumber("1F48F",16)),500,
    a==printf("%c",tonumber("1F498",16)) AND b==printf("%c",tonumber("1F498",16)) OR b==printf("%c",tonumber("1F498",16)) 
    AND c==printf("%c",tonumber("1F498",16)) OR a==printf("%c",tonumber("1F498",16)) AND c==printf("%c",tonumber("1F498",16)) ,250,
    a==printf("%c",tonumber("2661",16)) AND b==printf("%c",tonumber("2661",16)) OR b==printf("%c",tonumber("2661",16)) 
    AND c==printf("%c",tonumber("2661",16)) OR a==printf("%c",tonumber("2661",16)) AND c==printf("%c",tonumber("2661",16)) ,100,
    a==printf("%c",tonumber("1F47C",16)) AND b==printf("%c",tonumber("1F47C",16)) OR b==printf("%c",tonumber("1F47C",16))
    AND c==printf("%c",tonumber("1F47C",16)) OR a==printf("%c",tonumber("1F47C",16)) AND c==printf("%c",tonumber("1F47C",16)) ,10,
    1=1,0) 
| eval loss=if(earnings==0,$bet$,0)</query>
          <earliest>1535385600.000</earliest>
          <latest>1535474114.000</latest>
          <sampleRatio>1</sampleRatio>
          <refresh>30s</refresh>
          <refreshType>delay</refreshType>
        </search>
        <option name="colorBy">value</option>
        <option name="colorMode">none</option>
        <option name="drilldown">none</option>
        <option name="numberPrecision">0</option>
        <option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
        <option name="rangeValues">[0,30,70,100]</option>
        <option name="refresh.display">progressbar</option>
        <option name="showSparkline">1</option>
        <option name="showTrendIndicator">1</option>
        <option name="trellis.enabled">1</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
        <option name="trendColorInterpretation">standard</option>
        <option name="trendDisplayMode">absolute</option>
        <option name="unitPosition">after</option>
        <option name="useColors">0</option>
        <option name="useThousandSeparators">1</option>
      </single>
    </panel>
  </row>
     <row>
         <panel>
             <html>
                 Contact the Author -> <a href="https://www.linkedin.com/in/remote-splunk-consultant-atlanta" alt="Link to Michael Bentley's LinkedIn Profile">Michael "JKat54" Bentley</a> -> Or Call 1-844-4SPLUNK for more details
             </html>
         </panel>
     </row>   
</form>

to4kawa
SplunkTrust
SplunkTrust

I modify a little. so, I can provide your great query here!

0 Karma

jkat54
SplunkTrust
SplunkTrust

WINNER

to4kawa
SplunkTrust
SplunkTrust

Thank you, I didn't know I could do this.
But I want to find a little more and try your dashboard.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Sure, since splunk supports UTF, many of the "valentines" characters will work when eval'd like the white and black hearts below:


0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!