Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About omarka
omarka
New Member
Member since:
07-03-2018
06-05-2020
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 07-03-2018 |
Activity Feed
- Posted Real time Alert on Alerting. 07-13-2018 07:32 AM
- Tagged Real time Alert on Alerting. 07-13-2018 07:32 AM
- Tagged Real time Alert on Alerting. 07-13-2018 07:32 AM
- Tagged Real time Alert on Alerting. 07-13-2018 07:32 AM
- Tagged Real time Alert on Alerting. 07-13-2018 07:32 AM
- Posted Re: In field extraction, how to do the matching between them and increment the result? on Splunk Search. 07-03-2018 08:44 AM
- Posted Re: In field extraction, how to do the matching between them and increment the result? on Splunk Search. 07-03-2018 08:05 AM
- Posted Re: In field extraction, how to do the matching between them and increment the result? on Splunk Search. 07-03-2018 07:39 AM
- Posted Re: In field extraction, how to do the matching between them and increment the result? on Splunk Search. 07-03-2018 07:30 AM
- Posted Re: In field extraction, how to do the matching between them and increment the result? on Splunk Search. 07-03-2018 07:15 AM
- Posted In field extraction, how to do the matching between them and increment the result? on Splunk Search. 07-03-2018 06:50 AM
- Tagged In field extraction, how to do the matching between them and increment the result? on Splunk Search. 07-03-2018 06:50 AM
- Tagged In field extraction, how to do the matching between them and increment the result? on Splunk Search. 07-03-2018 06:50 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
07-13-2018
07:32 AM
Hello,
I'm trying to generate an alert if the result is greater than 2, but i don't have the field Real-Time as shown in the picture:
Is there any other way to generate this alert ?
Thank you
... View more
07-03-2018
08:44 AM
Thank you @DalJeanis for your answer.
However, i want to know if it's possible to switch or transpose this values by having something like that:
Service 00000 02040 06570
CONSULT 1650 150 15
... View more
07-03-2018
08:05 AM
I'll explain how it works and what i want.
I have 2 lines containing each one "TransactionId" & "Service" and "TransactionId" & "Status", so when we find
401 as TransactionId and CONSULT as Service
401 as TransactionId and 000000 as Status
So (for example) this is the first line in results, if we find
453 as TransactionId and CONSULT as Service
453 as TransactionId and 000000 as Status
It will increment the first line as shown in the table at the top and so on ...
... View more
07-03-2018
07:39 AM
Yes it is exactly TransactionId
... View more
07-03-2018
07:30 AM
No i'm running this search : (host=g5d66999 OR g5d66956)
Logger=srvca TLV | rex "(?CONSULT|FIN_GB|FIN_RESERVE|FIN_VENDEUR|AUTHENTIF)"
| rex field=_raw "Tlv Dico : (?.{22}.{27})?"
| rex field=new "2004(?.{5})?"
| stats count(TransactionId) by Service , Status
And yes TransactionID contains data
... View more
07-03-2018
07:15 AM
Well, it tells me: No results found.
... View more
07-03-2018
06:50 AM
Hi everyone,
I'm looking to have this result:
For that I have 2 lines in my file:
Question: Service + IdTransaction
Response: Status + IdTransaction
Until now i can extract the different name of service and different codes but i don't know how to do the matching between them and to increment the result.
| rex "(?<Service>CONSULT|FIN_GB|FIN_RESERVE|FIN_VENDEUR|AUTHENTIF)"
| rex field=_raw "Tlv Dico : (?<new>.{22}.{27})?"
| rex field=new "2004(?<Status>.{5})?"
| stats count(TransactionId) by Service , Status
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
