Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Conditional timechart condiftion

gjhaaland
Explorer
‎11-09-2023 01:29 AM

Hi,

Not sure how to fix it. Hope someone can give me a hint.  The code looks like

index=asa host=1.2.3.4 src_sg_info=*

| timchart span=10m dc(src_sg_info) by src_sg_info

| rename user1 as "David E"

 

This splunk code will give a list with active/logged on VPN user.  So far so good. So my question is following: howto  include empty src_sg_info into the same timechart and mark it as "No active VPN user"

Labels (1)
Labels
0 Karma
Reply

gjhaaland
Explorer
‎11-09-2023 02:38 AM

Thanks, is it possible to 

if field src_sg_info does not exist then "No active VPN user" in the same timechart. 

0 Karma
Reply

FelixLeh
Contributor
‎11-09-2023 01:34 AM

 

index=asa host=1.2.3.4 
| fillnull src_sg_info value="No active VPN user"
| timechart span=10m dc(src_sg_info) by src_sg_info
| rename user1 as "David E"

 

0 Karma
Reply

gjhaaland
Explorer
‎11-13-2023 12:23 AM

Thanks,

Does not work.  Also know following. If  src_sg_info does not exist then we know that it's no active VPN user. Does not know how to test src_sg_info existance.  Thnaks again. 

 

Rgds

Geir

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...