Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Clovisa
Clovisa
Path Finder
Member since:
03-09-2018
06-05-2020
Community Statistics
| Posts | 25 |
| Solutions | 0 |
| Karma Given | 9 |
| Karma Received | 0 |
| Member Since | 03-09-2018 |
Activity Feed
- Karma Re: Is it safer to create separate indexes than to add search restrictions ? for p_gurav. 06-05-2020 12:49 AM
- Karma Re: Is it safer to create separate indexes than to add search restrictions ? for robgora_deloitt. 06-05-2020 12:49 AM
- Karma Re: How do I get the 1st day on the current year ? for cmerriman. 06-05-2020 12:49 AM
- Karma Re: Heavy forwarder - routing to different indexes depending on field value for hortonew. 06-05-2020 12:49 AM
- Karma Re: How to modify timewrap legend? for niketn. 06-05-2020 12:49 AM
- Karma Re: How can I concatenate tables from the same search at different time periods ? for renjith_nair. 06-05-2020 12:49 AM
- Karma Re: How to build a srchFilter when two indexes are allowed? for kmorris_splunk. 06-05-2020 12:49 AM
- Karma Re: splunk license warnings?? for DalJeanis. 06-05-2020 12:48 AM
- Karma Re: throttle alert once per day for jplumsdaine22. 06-05-2020 12:47 AM
- Posted Re: How to build a srchFilter when two indexes are allowed? on Splunk Search. 07-17-2018 06:55 AM
- Posted How to build a srchFilter when two indexes are allowed? on Splunk Search. 07-17-2018 06:20 AM
- Tagged How to build a srchFilter when two indexes are allowed? on Splunk Search. 07-17-2018 06:20 AM
- Posted Re: How to do a timechart of a week with a timewrap on the previous year? on Splunk Search. 07-06-2018 08:07 AM
- Posted How to do a timechart of a week with a timewrap on the previous year? on Splunk Search. 07-06-2018 07:38 AM
- Tagged How to do a timechart of a week with a timewrap on the previous year? on Splunk Search. 07-06-2018 07:38 AM
- Tagged How to do a timechart of a week with a timewrap on the previous year? on Splunk Search. 07-06-2018 07:38 AM
- Posted Re: How to build a two way table? on Splunk Search. 07-04-2018 01:03 AM
- Posted How to build a two way table? on Splunk Search. 07-04-2018 12:40 AM
- Tagged How to build a two way table? on Splunk Search. 07-04-2018 12:40 AM
- Tagged How to build a two way table? on Splunk Search. 07-04-2018 12:40 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-17-2018
06:55 AM
Perfect thanks 🙂
... View more
07-17-2018
06:20 AM
Hello,
I am trying to build a role that would allow the users to access to two indexes (index1 and index2). The index1 has a field called parameter and I want the role to restrict search filter to parameter=value . But when I do this (see code below), I don't have access anymore to my index2. How could I avoid this ?
Thanks !
[role_test]
cumulativeRTSrchJobsQuota = 0
cumulativeSrchJobsQuota = 0
importRoles = user
srchIndexesAllowed = index1, index2
srchIndexesDefault = index1
srchFilter = parameter=value
srchMaxTime = 0
... View more
07-06-2018
08:07 AM
I think the week numbers are different from one year to the other in my case so it doesn't work
... View more
07-06-2018
07:38 AM
Hi ! I am trying to display a timechart that gives the data of a week, and the data of the same week but one year earlier.
I have done something with timechart and timewrap that gives me that comparison, but also gives me the comparison of all the rest of the year. How can I just isolate a specific week ? Thanks !
My current request :
index="sales_2017" OR index="sales_2018"
| timechart span=d count
| timewrap y
What I got :
What I would like to have :
... View more
07-04-2018
12:40 AM
Hi !
I am trying to build a two way table like :
| | Male | Female | Total |
| Child | 2 | 3 | 5 |
| Teenager | 2 | 1 | 3 |
| Adult | 10 | 11 | 21 |
I see how to count by gender or by age but I don't see how I can have both in the same table. Your help will be very appreciated, thanks!
... View more
07-03-2018
08:19 AM
It is perfect, thanks a lot 😄
... View more
07-03-2018
05:36 AM
Hi, I am trying to compare the top sales of the latest week to the top sales of the previous week.
I am trying to get a table that looks like :
Product | Rank | Rank previous week
Table | 1 | 2
Chair | 2 | 1
index=sales earliest=-2w latest=-w
| stats count as Sales by Product| sort -Sales
| table Product
| streamstats count as Rank
I succeeded in having the latest rank or the previous rank (see query above) but I don't see how I can combine them. Do you know how I could do this ? Thanks !
... View more
- Tags:
- splunk-enterprise
06-26-2018
12:31 AM
Hi ! I am trying to modify the legend generated by the timewrap command. I saw that we could slightly change it with the parameter "series" but it's not really giving me what I want.
Let's say I want to have a sum of prices from this request :
index=sandbox earliest=-13d | timechart sum(prices) as "Sum of the prices" span=d | timewrap 1w series=relative
The legend will be Sum of the prices_1week_before and Sum of the prices_latest_week . I would like to have something like Sum of the prices for the week before and Sum of the prices for the latest week .
How can I get this ? Thanks !
... View more
05-23-2018
02:11 AM
Hi, I am having the same issue as this one (https://answers.splunk.com/answers/27128/directory-and-config-file-permissions-keep-getting-reset-by-splunk-need-744.html) : my config files permissions keep being reset by Splunk.
It is pretty old and seems unresolved, do you know if there is a way to avoid this ? Thanks !
... View more
05-11-2018
08:09 AM
No problem, thanks for trying 🙂
In fact I have very few duplicate events, but I can't avoid them more by playing with the data source.
... View more
05-11-2018
07:53 AM
Thanks for your help. I receive the events via an HTTP entrypoint, and it is json. An simplified equivalent of the requests that are sent is :
curl -k "splunk:8088/services/collector" \
-H "Authorization: Splunk 1c0afd4d-d802-gg2c-9fc2-0f428217adf7" \
-d '{"event": {"Owner": "Toto", "Title": "Hello", "Date":"2018-02-02 11:45:23"}, "sourcetype": "sales", "time":"2018-02-02 11:45:23"}'
I will use dedup if it is my last option, but I feel like it will be redundant to write this for every request
... View more
05-11-2018
07:34 AM
Hi,
I noticed that if I send two times the exact same event, _time included, they are not merged. While investigating, I discoverd the _indextime field that could explain why they are considered as two different events.
Is it possible to set the _indextime with the value of _time ? Will it "merge" my identical events ? And if not, is there a way to do it at indexation time ?
Thanks !
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
Karma given to
