Activity Feed
- Posted Re: How do you represent SQL case and sum/count in a search query? on Splunk Search. 06-20-2013 09:40 AM
- Posted Re: How do you represent SQL case and sum/count in a search query? on Splunk Search. 06-20-2013 06:56 AM
- Posted How do you represent SQL case and sum/count in a search query? on Splunk Search. 06-19-2013 07:46 PM
- Tagged How do you represent SQL case and sum/count in a search query? on Splunk Search. 06-19-2013 07:46 PM
- Posted Re: accessing saved report data in json/xml from Splunk RESTful API on Getting Data In. 06-13-2013 10:05 AM
- Posted accessing saved report data in json/xml from Splunk RESTful API on Getting Data In. 06-13-2013 09:08 AM
- Tagged accessing saved report data in json/xml from Splunk RESTful API on Getting Data In. 06-13-2013 09:08 AM
- Tagged accessing saved report data in json/xml from Splunk RESTful API on Getting Data In. 06-13-2013 09:08 AM
- Tagged accessing saved report data in json/xml from Splunk RESTful API on Getting Data In. 06-13-2013 09:08 AM
Topics I've Started
06-20-2013
09:40 AM
OK. I checked. That didn't work. The count worked for the case part (pass and fail) didn't work. I swear I searched the documentation and until just now I found the eval/where and there is a case. The case I found yesterday was for case insensitivity/sensitivity for strings. Anyway, I tried this but I get 0's for the pass and fail but I know that is wrong as the total has a number greater than 0.
count(eval Pass=case(fault==Y,1)), count(eval Fail=case(fault==N,1)),
... View more
06-20-2013
06:56 AM
I don't know. But I will surely try it and post my findings here. THanks for the reply.
... View more
06-19-2013
07:46 PM
I am using the Splunk web service to get data that was previously gotten from a database table that stored log information. I have no idea how t hey got the info into the databases. However, I am trying to replicate it.
I cannot find a way to get the sum and count when the "fault" field" is "N" or "y". Can anyone help? Here is the SQL I am trying to translate:
select
name,
sum(case when fault = 'N' then 1 else 0 end) as pass,
sum(case when fault = 'Y' then 1 else 0 end) as fail,
count(*) total,
. . . . .
... View more
- Tags:
- search
06-13-2013
10:05 AM
OK. Thanks. I was just trying to access the report/saved search via the browser, not curl or php or whatever. Can this not be done just as a quick proof of concept? I found the saved search, not report, from your information above. However, it apepars that that is just to see the configuration or delete it or whatever. I just want the search's output. So I saw this->search/search/jobs/export/ . . . I just don't know how to feed it my search string. I see that your documentation provides Curl examples. But again I just want to do this in a browser with a http request.
... View more
06-13-2013
09:08 AM
I have tried to access a saved report through a browser URL using Splunk's RESTful API. I cannot seem to accomplish this. I am using my_domain:8089/servicesNS/my_user/my_app/ but from there I am lost. Where are the reports in the endpoints? I can't find anything in the documentation. I am using Splunk 4.3.6
... View more
