Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About IRHM73
IRHM73
Motivator
Member since:
07-08-2015
06-05-2020
Community Statistics
| Posts | 554 |
| Solutions | 23 |
| Karma Given | 58 |
| Karma Received | 41 |
| Member Since | 07-08-2015 |
Activity Feed
- Got Karma for Re: Why am I unable to multiply two fields fields with my current search syntax?. 06-11-2024 10:44 AM
- Got Karma for Re: Append Non Matching Results to Lookup Table. 04-24-2022 05:14 PM
- Got Karma for Re: Stats Values and Count. 11-03-2021 12:34 PM
- Karma Re: Stats Count Eval If for cvssravan. 06-05-2020 12:50 AM
- Karma Re: Stats Count Eval If for renjith_nair. 06-05-2020 12:50 AM
- Karma Re: Subtotals with Sum for woodcock. 06-05-2020 12:50 AM
- Karma Re: Can you help me incorporate my search into a summary Index? for ashajambagi. 06-05-2020 12:50 AM
- Got Karma for Use Timepicker Token With Field. 06-05-2020 12:50 AM
- Karma Re: Stats values Into timechart -- I can't get timechart to work for cmerriman. 06-05-2020 12:49 AM
- Karma Re: Replace First Two Digits for gcusello. 06-05-2020 12:49 AM
- Got Karma for How to display zero count in a stats table?. 06-05-2020 12:49 AM
- Got Karma for Transpose Multiple Column Headers. 06-05-2020 12:49 AM
- Got Karma for Re: Hide/Display Panels Using Multiselect. 06-05-2020 12:49 AM
- Got Karma for Hide/Display Panels Using Multiselect. 06-05-2020 12:49 AM
- Karma Re: How to Update a Lookup Table for DMohn. 06-05-2020 12:48 AM
- Karma Re: Different Results From Similar Queries for somesoni2. 06-05-2020 12:48 AM
- Karma Re: What configuration file contains app version numbers so I can propagate version numbers from GitHub to Splunk? for javiergn. 06-05-2020 12:48 AM
- Karma Re: Why am I getting no results from my saved search with append when I extend the range on the dashboard time picker? for woodcock. 06-05-2020 12:48 AM
- Karma Re: Extract Searches Performed for somesoni2. 06-05-2020 12:48 AM
- Karma Re: Eval If Statement for dwaddle. 06-05-2020 12:48 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
05-28-2020
06:55 AM
I'm having the same issue with the above, 1 hour is added to the value.
Did you ever get a working solution?
... View more
02-04-2016
04:39 AM
Hi @javiergn, thank you for this, I knew it would be something simple.
Many thanks and kind regards
Chris
... View more
02-02-2016
01:46 AM
Hi @javiergn, thank you very much for taking the time to help me with this.
The solution works great!
Kind Regards
Chris
... View more
02-01-2016
12:59 PM
Chris, keep in mind please that you can use the Field Extractor feature for such cases - most powerful.
... View more
01-29-2016
07:43 AM
Hi thank you for this and point taken 🙂
All the best and kind regards
Chris
... View more
01-30-2017
07:17 AM
On Splunk 6.5 I can't find that path anymore :
which dashboardpage.js should we edit?
Thanks.
... View more
02-14-2017
11:07 PM
Best way is to set up development environment e.g. user's own workstation or in some development server if needed.. If you have valid splunk license and support contract you could ask development license from Splunk. Just fulfill this request: https://www.splunk.com/en_us/resources/personalized-dev-test-licenses.html
... View more
01-12-2016
02:00 AM
Sincere thanks for the confirmation. You will see, probably while you were writing, that I tried the code and amended my response.
Many thanks and kind regards
Chris
... View more
12-17-2015
05:58 AM
Many thanks and kind regards.
Chris
... View more
12-09-2015
11:35 PM
Hi, like I said I'm very new to the admin role, in fact there are actually a few of us sharing the role and unfortunately I'm one of the admin personnel without the hardware to search the logs. Yes I know it's a little crazy! however I'll be working with someone who has both more knowledge than I and has the correct hardware to do this.
Many thanks and kind regards
Chris
... View more
09-14-2016
02:02 PM
Is there any workaround to get the panels to refresh based off a token value?
... View more
12-08-2015
04:18 AM
Hi many thanks for taking the time to reply to my post.
Unfortunately the auditType!=FormSubmission element wasn't working, but please see my answer with the solution.
Any yes 'subsearches' are a pain!
Many thanks and kind regards
Chris
... View more
12-07-2015
10:56 PM
Hi, I have been able to solve the problem with this query:
index=main auditSource=for-frontend auditType=FormSaved
| eval generatedAt=strptime(generatedAt, "%Y-%m-%dT%H:%M:%S")|convert timeformat="%d/%b/%Y" ctime(generatedAt)
| rename generatedAt As "submissiondate"
| eval testtime=relative_time(now(), "-10m@m" )
| eval c_time=strftime(testtime,"%d/%b/%Y")
| where c_time<=submissiondate
| search NOT[search index=main auditSource=for-frontend auditType=FormSubmission
| table detail.referenceNumber]
| table detail.referenceNumber submissiondate c_time
Many thanks and kindest regards
Chris
... View more
12-01-2015
11:07 PM
All,
After searching the Splunk answers I found the solution here
So my final solution is:
index=main auditSource=for-frontend auditType=FormSaved
| eval generatedAt=strptime(generatedAt, "%Y-%m-%dT%H:%M:%S")|convert timeformat="%d/%b/%Y %H:%M" ctime(generatedAt)
| rename generatedAt As "submissiondate"
| table submissiondate detail.referenceNumber
| search NOT[search index=main auditSource=for-frontend auditType=FormSubmission
| table submissiondate detail.referenceNumber]
Many thanks and kind regards
Chris
... View more
11-29-2015
07:42 AM
Hi gcato, if you would like to change your comment to an answer I can accept this for you.
Many thanks and kind regards
Chris
... View more
11-25-2015
06:19 AM
Hi @woodcock thank you for coming back to me with the solution.
Kind regards
Chris
... View more
12-03-2015
05:52 AM
Hi @jeffland, I very much appreciate you coming back to me with this.
Unfortunately I'm on leave now without access to my Splunk account. But I will come back to you when I return to work on Monday.
Many thanks and kind regards
Chris
... View more
11-25-2015
06:14 AM
@IRHM73, Converted to answer. I used gentimes (http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchReference/Gentimes) only to provide a run-anywhere example. It has not relevance to your search.
... View more
11-13-2015
06:14 AM
HI @jkat54, thank you very much for the explanation, really very useful.
Kind Regards
Chris
... View more
11-12-2015
10:20 PM
Hi, thank you very much for this piece of useful information.
Kind regards
Chris
... View more
11-12-2015
12:07 AM
HI @iguinn, thank you very much for taking the time to come back to me with this.
I needed to make a very minor tweak changing *100 to 1 and it works great.
Once many thanks for your help and kind regards
Chris
... View more
11-11-2015
10:35 PM
Hi @aljohnson, thank you for taking the time to come back to me with this. Another really useful piece of information.
Many thanks and kind regards
Chris
... View more
11-11-2015
01:52 AM
Hi, that's really very interesting about the '.' It now works perfectly!
Many thanks and kind regards
Chris
... View more
11-10-2015
11:11 PM
Hi @esix, thank you very much for taking the time to come back to me with this and for the explanation.
Kind Regards
Chris
... View more
11-10-2015
10:13 PM
1 Karma
Hi @DMohn, thank you very much for taking the time to reply to my post and for the explanation.
Very helpful indeed!
Kind Regards
Chris
... View more
