Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About pradeepkumarg
pradeepkumarg
Influencer
Member since:
09-22-2012
10-20-2021
Community Statistics
| Posts | 541 |
| Solutions | 84 |
| Karma Given | 140 |
| Karma Received | 223 |
| Member Since | 09-22-2012 |
Activity Feed
- Got Karma for Re: What does "show source" under "event actions" do?. 06-03-2024 04:52 PM
- Got Karma for Re: How can I bypass the License Agreement on startup after a new install?. 05-27-2024 03:01 AM
- Got Karma for Re: How to list all lookup files from an app?. 12-06-2023 01:41 PM
- Got Karma for Re: How can I bypass the License Agreement on startup after a new install?. 03-04-2023 01:16 PM
- Got Karma for Re: How can I bypass the License Agreement on startup after a new install?. 09-23-2022 04:00 AM
- Got Karma for Re: see users logging in from more than one country. 06-09-2022 12:33 PM
- Got Karma for Re: How can I verify if the boot-start is already enabled?. 03-09-2022 02:45 AM
- Got Karma for Re: Search to get the license usage per a single host?. 01-19-2022 12:09 PM
- Got Karma for Re: How can I identify which dashboards include a specific string?. 11-03-2021 07:20 AM
- Got Karma for Re: How to remove columns from search results table?. 10-27-2021 07:56 AM
- Got Karma for Re: Why is my search skipping?. 10-06-2021 11:00 AM
- Got Karma for Re: How to increment the field based on the previous value based on the condition?. 08-09-2021 06:27 AM
- Got Karma for Re: How to track the bundle size on indexers over time. 04-16-2021 06:56 AM
- Got Karma for Re: Does the splunk_archver app need to be distributed to the search peers via the knowledge bundle?. 02-09-2021 12:27 AM
- Got Karma for How to add custom message in place of "Search is waiting for input" for a dashboard panel?. 10-02-2020 08:35 AM
- Got Karma for Re: How to remove columns from search results table?. 09-17-2020 05:04 AM
- Got Karma for Re: How to count by DIFFERENT values of a field?. 08-27-2020 06:07 AM
- Posted Re: Data Onboarding Strategy on Getting Data In. 08-10-2020 09:17 AM
- Posted Data Onboarding Strategy on Getting Data In. 08-08-2020 10:41 AM
- Karma Re: rex - matching everything until a tab for Ayn. 07-25-2020 09:06 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 |
12-08-2014
11:49 AM
Yes, that is configurable. More details here..
http://docs.splunk.com/Documentation/Splunk/6.2.0/admin/Configureusertimeouts
... View more
10-29-2014
01:22 PM
Below is my query
...stats count by flag | sort flag
flag has values as N and Y
Below is my config for pie chart coloring
"charting.seriesColors": "[0x33CC33,0xFF3300]"
While my result set order is always N and Y due to sorting, the above mentioned colors toggle between N and Y. Some times I get 0x33CC33 for Y and 0xFF3300 other times. Why isn't the order fixed?
... View more
10-10-2014
01:12 PM
set below property in props.conf
TRUNCATE =
* Change the default maximum line length (in bytes).
* Although this is in bytes, line length is rounded down when this would
otherwise land mid-character for multi-byte characters.
* Set to 0 if you never want truncation (very long lines are, however, often a sign of
garbage data).
* Defaults to 10000 bytes.
More details here
http://docs.splunk.com/Documentation/Splunk/6.1.4/Admin/Propsconf
... View more
10-03-2014
10:10 AM
You can check the same by running ./splunk list monitor command on the forwarder
... View more
10-03-2014
07:56 AM
Is there a reason why you want to use different index for the same data in different hosts?
... View more
09-28-2014
06:46 AM
I've never tried with HTML, but there are nice examples in web framework tool kit if you can build your apps with django
https://apps.splunk.com/app/1613/
... View more
09-27-2014
11:23 PM
Yes, you can. Post process is the solution
http://docs.splunk.com/Documentation/Splunk/6.1.3/AdvancedDev/PostProcess
... View more
09-27-2014
07:06 PM
Transpose it is..
...| transpose
http://docs.splunk.com/Documentation/Splunk/6.1.3/SearchReference/Transpose
... View more
09-25-2014
06:00 PM
You can control the search run time of user queries from authorize.conf
Define srchMaxTime attribute for the desired roles.. More details below.
http://docs.splunk.com/Documentation/Splunk/6.1.3/admin/Authorizeconf
... View more
09-25-2014
10:57 AM
Thanks much Pat. I never thought it would work and didn't give it a try. Looks like its working 🙂
You can convert this to answer, I'll accept it.
... View more
09-25-2014
10:25 AM
2 Karma
In my below query, I want to load sourcetypeA for last 13 weeks, however I want to restrict sourcetypeB for last 7 days without using earliest
The below trick now()-_time is not working for me. I'm getting " Comparator '<' has an invalid term on the left hand side. " error
index=my_index (sourcetype=sourcetypeA AND FILE_ID=100002 ) OR (sourcetype=sourcetypeB AND ((now()-_time)<691220) )
I don't want to filter after the base query, as the data in sourcetypeB is very huge and is drastically hindering the performance of the query
Using the second query (sourcetypeB) as sub query or Join is not an option currently for me
Is there a way I can achieve this?
Thanks,
Pradeep
... View more
09-24-2014
01:52 PM
Thank you.. overlooked tostring() function 🙂
... View more
09-24-2014
01:35 PM
1 Karma
I have a field on which I am doing ltrim function to remove the leading 0's
eval fieldA = ltrim(fieldA ,"0")
000000104020471991 is being converted to 1.0402e+11.
How can I get just 104020471991 ?
... View more
09-22-2014
08:59 AM
If I understood it correct, what you are looking for is 'auto lookup'. More details here
http://docs.splunk.com/Documentation/Splunk/6.1.3/SearchTutorial/Usefieldlookups
... View more
09-22-2014
08:20 AM
Yes, you should be able to do it.. You can also try to extract just Gbps and Mbps into a field before the condition and try the comparison on that field.
... View more
09-22-2014
07:17 AM
4 Karma
You can club if and eval as below.
eval email=if(mycondition,"address1","address2")
... View more
09-20-2014
03:42 PM
if the value exists in both the sourcetypes do they exist more than once in each sourcetype? If not, below query might help you
sourcetype=sourcetypeA OR sourcetype=sourcetypeB | stats count by consecutive | search count < 2
... View more
09-19-2014
01:56 PM
1 Karma
It all comes down to how your events look and what you consider as a hit for your application from your events.
Post some sample events and what is expected out of it, and I'm sure you'll get help
... View more
09-19-2014
01:23 PM
If you want to create a index as "input1" you have to create it in indexes.conf. More details here
http://docs.splunk.com/Documentation/Splunk/6.1.3/admin/Indexesconf
... View more
09-19-2014
12:34 PM
After you change the index to main, you have to make sure new events are returned for your query. I would suggest creating a new database inputs rather than modifying the existing one.
... View more
09-19-2014
12:15 PM
1 Karma
I don't think there is any index which is called as 'index', you can try 'main' index or create your own index and then configure dbinputs for that index .
... View more
09-19-2014
11:28 AM
the index that you specified in your database inputs, did you create that index in indexes.conf?
... View more
09-19-2014
10:48 AM
Did you try just with the source filter and see?
source will be your dbmon input like below
source=dbmon-tail://*
... View more
09-19-2014
10:08 AM
Awesome.. worked like a champ. Thank you so much 🙂
... View more
09-19-2014
09:18 AM
Ahh, I removed iseval=true and it worked. But I'm unable to use it before the first pipe. If I have to use it after the pipe, I don't need a macro in first place.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-20-2021
03:38 PM
|
Karma given to
