Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- About vganjare
vganjare
Builder
Member since:
04-11-2014
06-05-2020
Community Statistics
| Posts | 171 |
| Solutions | 28 |
| Karma Given | 8 |
| Karma Received | 57 |
| Member Since | 04-11-2014 |
Activity Feed
- Got Karma for Re: How to update a lookup table using a scheduled search by appending results, not replace the old data?. 06-18-2021 12:47 PM
- Karma Re: Why is summary indexing creating duplicate records in the summary index? for MuS. 06-05-2020 12:47 AM
- Karma Re: Proper etiquette and timing for voting here on Answers (particularly down-voting)? for MuS. 06-05-2020 12:47 AM
- Karma Re: Is there any way to use different Splunk Web ports specific for different users? for esix_splunk. 06-05-2020 12:47 AM
- Karma Re: How to search when an event was indexed? for Arun_N_007. 06-05-2020 12:47 AM
- Karma Re: How to use eval if there is no result from the base search and without the use of any subsearch? for MuS. 06-05-2020 12:47 AM
- Karma How to search call data records to find parallel concurrent calls from the same originating telephone number? for garryclarke. 06-05-2020 12:47 AM
- Karma Re: How to edit my scheduled outputlookup search to NOT overwrite the existing lookup table if the new results are blank? for mbenwell. 06-05-2020 12:47 AM
- Karma converting 1.1.1970 to epoch doesn't work, whereas converting epoch 0 to string does work... is it a bug or did I miss something? for grundsch. 06-05-2020 12:47 AM
- Got Karma for Is there any way to use different Splunk Web ports specific for different users?. 06-05-2020 12:47 AM
- Got Karma for Re: How to search and only return results for users with more than one recorded IP address (src_ip) against their username?. 06-05-2020 12:47 AM
- Got Karma for Is there any Splunk search command to get the Field Value using just a string token?. 06-05-2020 12:47 AM
- Got Karma for Is there any Splunk search command to get the Field Value using just a string token?. 06-05-2020 12:47 AM
- Got Karma for Re: How to write one search find the count for three different time frames without using append or multisearch?. 06-05-2020 12:47 AM
- Got Karma for Re: How to write one search find the count for three different time frames without using append or multisearch?. 06-05-2020 12:47 AM
- Got Karma for Re: how to display a range in color (Good or Fault). 06-05-2020 12:47 AM
- Got Karma for Re: How to combine results of a search with a csv file in a table?. 06-05-2020 12:47 AM
- Got Karma for Re: When creating a statistical table using the table command, is there a way to disable sorting of data on click of table column headers?. 06-05-2020 12:47 AM
- Got Karma for Re: When creating a statistical table using the table command, is there a way to disable sorting of data on click of table column headers?. 06-05-2020 12:47 AM
- Got Karma for Re: When creating a statistical table using the table command, is there a way to disable sorting of data on click of table column headers?. 06-05-2020 12:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 2 | |||
| 1 | |||
| 1 | |||
| 0 | |||
| 0 |
05-13-2015
11:33 PM
Repeat question of http://answers.splunk.com/answers/235160/how-to-pass-the-values-from-django-view-to-python-1.html
... View more
05-13-2015
10:34 PM
Hi,
As you are constructing week and month from now, following case will be always true
now < week < month
Also, for all the events, you will get same values for now, week, and month.
Can you please explain what is required? If possible, share some sample events and what is the expected output.
Thanks!!
... View more
05-13-2015
10:27 PM
Hi,
Can you please validate is the predic1 is numeric? You can check it by command isnum.
Thanks!!
... View more
05-13-2015
05:17 AM
Hi,
You can try the answer mentioned @ http://answers.splunk.com/answers/232781/find-all-events-of-type-x-that-do-not-have-an-even.html#answer-234747
Its possible to generate the dynamic query depending on subsearches.
Thanks!!
... View more
05-13-2015
05:11 AM
1 Karma
Hi,
Rather than storing the results as CSV, you can add the data directly in the splunk index by using DBConnects DBMonitor configuration. You can use the above query along with a rising_column (which is used to identify what all records are fetched).
If not, you can use outputlookup command to create the CSV file as a lookup. You can schedule a search (which will run every 30 mins) by using DBConnect command dbquery and outputlookup command.
Something like:
| dbquery "SELECT Volume,SERVER_ID,SERVICE_NAME,To_char(END_TIME-START_TIME,'HH24:MI:SS.FF') AS process_time from xxx" | outputlookup xyz.csv
Use this lookup for your dashboard.
Thanks!!
... View more
05-11-2015
04:30 AM
Can you please try any solution listed @ http://stackoverflow.com/questions/24528211/refused-to-execute-script-from-because-its-mime-type-application-json-is
... View more
05-11-2015
04:18 AM
This looks ok. What about stanza [mimetype-extension-map]? Can you please share the configuration?
... View more
05-11-2015
02:19 AM
Can you please share the server.conf settings for stanza [httpServer]? server.conf can be found @ splunk/etc/system/default folder.
... View more
05-10-2015
11:02 PM
HI,
How about finding the different time ranges for every occurance of X and then use this to find all the events which do not have the occurance of Y within specified time range (i.e. 1 min in your case). Following query can give you some idea:
index=_internal [ search index=_internal log_level="ERROR" | eval latestTime = (strptime(strftime(_time,"%m/%d/%Y:%H:%M:%S"),"%m/%d/%Y:%H:%M:%S") + (1* 60) ) | eval earliestTime = (latestTime-(1 * 60)) | table latestTime earliestTime | eval QueryToken = "(earliest=".earliestTime." latest=".latestTime.") OR" | stats values(QueryToken) as QueryValues | makemv delim="||" QueryValues | eval QueryFilter = substr(QueryValues , 1, len(QueryValues)-3) | return $QueryFilter] log_level!="WARNING" |chart count over _time by log_level usenull=f
Following is the logic:
Search for events which has log_level as ERROR (using subsearch) (this is filer X).
Find out the latest time and earliest time for every event ( 1 min early an 1 min later).
Construct the dynamic query filter which will have the different earliest and latest times (depending on the events from point 1)
Use this dynamic query along with log_level!="WARNING" filter (i.e. not Y filter) for the main search.
Hope this will help to solve the problem.
Thanks!!
... View more
05-08-2015
04:57 AM
Can you verify if the result is missing due to subsearch limits? This can be verified from Search Job Inspector.
Thanks!!
... View more
05-08-2015
03:36 AM
1 Karma
HI,
This can be done using Field aliasing. More details @ http://docs.splunk.com/Documentation/Splunk/6.2.3/Knowledge/Addaliasestofields
Thanks!!
... View more
05-08-2015
03:13 AM
Can you try running the entire query against these 20 results? Ideally, the join should give you some result.
... View more
05-08-2015
02:59 AM
Hi,
The app bar is loaded by AJAX calls. Can you please check if any JS error is coming? This can be tested in Chrome - console tab.
... View more
05-08-2015
01:41 AM
Can you please check if both the searches are returning valid results? Try to limit the result to 10 rows for testing.
... View more
05-08-2015
01:26 AM
Hi,
The first query and subquery should have a field named audit. Also, there should be some correlation between these searches. Try outer join to see if there is any correlation between the data returned by both the searches.
Thanks!!
... View more
05-06-2015
02:55 AM
Can you please provide the search query (which you executed mannually) along with the search which needs lookup changes?
... View more
05-06-2015
02:50 AM
Hi,
You can try using eventstats instead of stats. Ideally, the join command expects one or many common fields on both sides of the command. i.e. first query should have "audit" field and the subsearch should also have "audit" field.
Thanks!!
... View more
05-06-2015
12:59 AM
Is there any value of the CurrentPrice which is lesser than any of the VendorPrices? In current example, the current price value .3345 is largest among all the prices.
Thanks!!
... View more
05-06-2015
12:13 AM
Can you please share the expected output?
Thanks!!
... View more
05-05-2015
10:55 PM
Can you please share the sample table generated and what additional column you want to add (i.e. the table output from above query and expected table)?
Thanks!!
... View more
05-05-2015
09:27 PM
Hi,
You can try using addcoltotals command? More details @ http://docs.splunk.com/Documentation/Splunk/6.2.2/SearchReference/Addcoltotals
Thanks!!
... View more
05-05-2015
09:24 PM
Subsearch has a limit. If you are looking at large data set (events more thant 50,000), then subsearch will not work. Any specific reason why you want to use subsearch?
... View more
05-05-2015
02:05 AM
1 Karma
Hi,
You can index the UserDirectory records (assuming that its size is small and will not consume too much splunk license). Then, you can set up a scheduled search to take the latest unique records from UserDirectory (i.e. latest unique 70,000 records). This schedule search will have outputlookup command at the end which will generate the lookup dynamically.
Thanks!!
... View more
05-04-2015
11:49 PM
Hi,
Do you want to display the raw events in the table? Normally, _raw field has the raw event. See if following query helps:
index=Logs_idx Cricket HOST=India "Top 10 Overs Average"
| table Player _time StrikeRate Score _raw
Thanks!!
... View more
05-04-2015
03:47 AM
Hi deepthi5,
What output you are getting? And what is the expected output?
Thanks.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
