Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About snabi
snabi
Explorer
Member since:
05-28-2013
06-05-2020
Community Statistics
| Posts | 12 |
| Solutions | 2 |
| Karma Given | 2 |
| Karma Received | 3 |
| Member Since | 05-28-2013 |
Activity Feed
- Karma Re: how to find difference between two "stats count" used in two different saved search for lukejadamec. 06-05-2020 12:46 AM
- Karma Re: how to find difference between two "stats count" used in two different saved search for sideview. 06-05-2020 12:46 AM
- Got Karma for how to find difference between two "stats count" used in two different saved search. 06-05-2020 12:46 AM
- Got Karma for send alert whenever there is certain file(s) created in a server(s). 06-05-2020 12:46 AM
- Got Karma for send alert whenever there is certain file(s) created in a server(s). 06-05-2020 12:46 AM
- Posted Re: How to search and alert on unbalanced load across hosts for a target sourcetype? on Splunk Search. 05-20-2016 12:02 PM
- Posted How to search and alert on unbalanced load across hosts for a target sourcetype? on Splunk Search. 05-19-2016 08:39 AM
- Tagged How to search and alert on unbalanced load across hosts for a target sourcetype? on Splunk Search. 05-19-2016 08:39 AM
- Tagged How to search and alert on unbalanced load across hosts for a target sourcetype? on Splunk Search. 05-19-2016 08:39 AM
- Tagged How to search and alert on unbalanced load across hosts for a target sourcetype? on Splunk Search. 05-19-2016 08:39 AM
- Tagged How to search and alert on unbalanced load across hosts for a target sourcetype? on Splunk Search. 05-19-2016 08:39 AM
- Tagged How to search and alert on unbalanced load across hosts for a target sourcetype? on Splunk Search. 05-19-2016 08:39 AM
- Posted Re: Calculate avg task duration on Splunk Search. 11-27-2014 01:07 PM
- Posted Re: Calculate avg task duration on Splunk Search. 11-27-2014 12:18 PM
- Posted Re: Calculate avg task duration on Splunk Search. 11-27-2014 10:12 AM
- Posted Calculate avg task duration on Splunk Search. 11-27-2014 08:43 AM
- Tagged Calculate avg task duration on Splunk Search. 11-27-2014 08:43 AM
- Tagged Calculate avg task duration on Splunk Search. 11-27-2014 08:43 AM
- Tagged Calculate avg task duration on Splunk Search. 11-27-2014 08:43 AM
- Tagged Calculate avg task duration on Splunk Search. 11-27-2014 08:43 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 2 |
05-20-2016
12:02 PM
Thank you guys for directing me on this search
I gathered ideas from above two answers and put together a query
It calculates target load per host by (total load/host count) then calculates %off (per host) from target load and compares against set threshold which is set to 90 for this search
sourcetype="A" index="B" | stats count by host sourcetype | eventstats avg(count) as avg | eval target=(count/avg)*100 | where target < 90
now i am receiving alerts on un-balanced load for target sourcetype
... View more
05-19-2016
08:39 AM
Hello
I am trying to set up a Splunk search which will alert on unbalanced load across hosts for a target sourcetype.
Scenario:
sourcetype="A" has 4 hosts h1, h2, h3 and h4
Trigger alert for unbalanced load whenever load on 1 host is n% less or more than any other host
sourcetype="A" index="*" | timechart span=8h count by host
h1: 100 hits
h2: 95 hits
h3. 91 hits
h4. 85 hits
Alert: h4 is unbalanced by +/- n%
**I have been searching for something similar in this community, haven't found anything yet, any help will be appreciated
Thanks
... View more
11-27-2014
01:07 PM
Thank you.... found a fix
"Finished embeding fallback task*" sourcetype="Doctrackr" index="staging2" | rex field=_raw "Finished embeding fallback task (?.\d+):(?.\d+):(?.\d+).(?.\d+)" | eval embeding_fallback_task_duration = ((hours*60*60)+(minutes*60)+seconds+(subSeconds/1000000)) | stats avg(embeding_fallback_task_duration)
For...
Finished embeding fallback task 00:00:00.1918088
Finished embeding fallback task 00:00:00.1136647
Out put...
avg(embeding_fallback_task_duration)
0.152737
... View more
11-27-2014
12:18 PM
This seems to be working...
"Finished embeding fallback task*" sourcetype="Doctrackr" index="staging2" | rex field=_raw "Finished embeding fallback task (?.\d+):(?.\d+):(?.\d+)" | eval embeding_fallback_task_duration = ((hours*60*60)+(minutes*60)+seconds) | timechart avg(embeding_fallback_task_duration)
But ..why my output shows 0.00000 ... for following logs?
Finished embeding fallback task 00:00:00.1284716
Finished embeding fallback task 00:00:00.1496968
Out-put i am getting...
avg(embeding_fallback_task_duration)
0.000000
... View more
11-27-2014
10:12 AM
Thanks for the correction.....still not returning any output..
Finished embeding fallback task*" sourcetype="Doctrackr" index="staging2" | rex field=_raw "Finished embeding fallback task (?.d+)" |eval duration=strptime(embeding_fallback_task_duration,"%H:%M:%S")| eval base=strptime("00:00:00.00","%H:%M:%S") | eval secs=duration-base | stats avg(secs) as "(AVG) embeding fallback duration"
... View more
11-27-2014
08:43 AM
Thanks in advance...
- My server log contains the following
xxxxxxxx|xx -> Finished embeding fallback task 00:01:00.0004165
xxxxxxxx|xx -> Finished embeding fallback task 00:00:49.0004062
My goal is to calculate average time spent in seconds on these tasks over last couple hours
Out-put should look like : ** (AVG) embeding fallback duration 54.50041135**
SPLUNK query attempted : Not working......
"Finished embeding fallback task*" sourcetype="Doctrackr" index="staging2" | rex field=_raw "Finished embeding fallback task (?.\d+)" |eval duration=strptime(embeding_fallback_task_duration,"%H:%M:%S")| eval base=strptime("00:00:00.00","%H:%M:%S") | eval secs=duration-base | stats avg(duration) as "(AVG) embeding fallback duration"
... View more
08-26-2013
01:36 PM
sourcetype="X" "Conversion completed" AND source="X.log" | rex field=_raw "Original file size: (? .\d+)" | rex field=_raw "Time spent: (? .\d+)" | stats sum(Original_size) as size1 sum(time_spent) as time1 by date_hour | eval time1=(time1)/1000 | eval conversion_rate=size1/(time1*1024*1024) | chart sum(conversion_rate) as "(MBytes_per_sec)" by date_hour
this one worked for me...
Thanks for all the supports...
... View more
08-26-2013
01:30 PM
sourcetype="x" source="x.log" ("consolidation succeeded" OR "conversion failed") | stats count(eval(searchmatch("consolidation succeeded"))) as attempts count(eval(searchmatch("xconversion failed"))) as failures | eval successes=attempts-failures
this one worked for me...
Thanks for all the supports
... View more
08-20-2013
11:28 AM
I have following query which calculates and charts(hourly) file conversion throughput over last 24 hours however i am not able to range that over "n" number of days.... an attempt to configure that with (-7d to now)...... it charts throughput of each hours ( it seems this query adds up target hour from all seven days) showing only 24 spikes covering all 7 days ( i assume)
What am i doing wrong?
sourcetype="sourceA" "Conversion completed" AND source="/home/services.log" | rex field=_raw "Original file size: (?<Original_size>.\d+)" | rex field=_raw "Time spent: (?<time_spent>.\d+)" | stats sum(Original_size) as size1 sum(time_spent) as time1 by date_hour | eval time1=(time1)/1000 | eval conversion_rate=size1/(time1*1024*1024) | chart sum(conversion_rate) as "(MBytes_per_sec)" by date_hour
... View more
- Tags:
- charts
- rex
- throughput
08-15-2013
11:46 AM
So i have two saved search queries
1. sourcetype="x" "attempted" source="y" | stats count
2. sourcetype="x" "Failed" source="y" | stats count
i need to create a search query which will calculate
Passed item = (sourcetype="x" "attempted" source="y" | stats count) - (sourcetype="x" "Failed" source="y" | stats count)
and display Passed item count by hours
... View more
- Tags:
- difference
08-15-2013
11:46 AM
1 Karma
So i have two saved search queries
1. sourcetype="x" "attempted" source="y" | stats count
2. sourcetype="x" "Failed" source="y" | stats count
i need to create a search query which will calculate
Passed item = (sourcetype="x" "attempted" source="y" | stats count) - (sourcetype="x" "Failed" source="y" | stats count)
and display Passed item count by hours
... View more
- Tags:
- difference
My goal is to send alert whenever there is certain file(s) created in a server(s)
I should be able to use target file names(s)
I should be able to point to a directory where such file will be created
I should be able to add file creation time and file size in those alerts
Thanks for your help
... View more
- Tags:
- alerts
