Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Allampally
Allampally
Explorer
Member since:
05-04-2018
2 weeks ago
Community Statistics
| Posts | 35 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 1 |
| Member Since | 05-04-2018 |
Activity Feed
- Posted Re: Rex field extraction on Splunk Enterprise. 3 weeks ago
- Posted Re: Rex field extraction on Splunk Enterprise. 3 weeks ago
- Posted Help with rex field extraction? on Splunk Enterprise. 3 weeks ago
- Got Karma for How to merge two fields values into a single field?. 10-07-2022 10:30 AM
- Posted Re: Capture peak hour and use the same hour in a sub search on Splunk Search. 10-07-2020 09:56 AM
- Posted Re: Capture peak hour and use the same hour in a sub search on Splunk Search. 10-06-2020 10:26 AM
- Posted Re: Capture peak hour and use the same hour in a sub search on Splunk Search. 10-06-2020 08:20 AM
- Posted Re: Capture peak hour and use the same hour in a sub search on Splunk Search. 10-06-2020 08:03 AM
- Posted Re: Capture peak hour and use the same hour in a sub search on Splunk Search. 10-06-2020 07:32 AM
- Posted Capture peak hour and use the same hour in a sub search on Splunk Search. 10-06-2020 04:33 AM
- Posted How to compare the old and new query of the alert after a modification? on Alerting. 08-19-2020 01:47 AM
- Karma Re: How to trim each event and create a field to extract only particular words? for Sukisen1981. 06-05-2020 12:50 AM
- Karma Re: Split a single field into two fields for cmerriman. 06-05-2020 12:49 AM
- Karma Re: How to write a search where if a certain string is found in a log, set Status=1, else Status=0? for woodcock. 06-05-2020 12:47 AM
- Posted Re: match function is not working on Splunk Search. 04-16-2020 11:15 PM
- Posted match function is not working on Splunk Search. 04-16-2020 09:34 PM
- Tagged match function is not working on Splunk Search. 04-16-2020 09:34 PM
- Posted Re: Tail and head commands for two different values on same field on Splunk Search. 03-20-2020 08:20 PM
- Posted Tail and head commands for two different values on same field on Splunk Search. 03-20-2020 07:06 AM
- Tagged Tail and head commands for two different values on same field on Splunk Search. 03-20-2020 07:06 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
3 weeks ago
I can't post even sample data here. Is there any link or tutorial to use spath for json requests ?
... View more
3 weeks ago
I tried using SPATH but didn't work for me. Could you please help me to write two spaths to extract embedded json requests ?
... View more
3 weeks ago
Hi All,
I have two events as below. In both the events, data format is different. We can observe extra "/" from few events. How to capture the logEntryType from both of them by using rex command ?
,\"logEntryType\":\"SUMMARY\", ,"logEntryType":"Detail",
Field Name should be "logEntryType" and values should be "SUMMARY" and "Detail".
... View more
Labels
- Labels:
-
using Splunk Enterprise
10-07-2020
09:56 AM
I need one more help from you. I am using the query in dashboard with base search. As you know, while using base search, we should replace base query with "search". But in the query, I should use base search two time. One is at the starting and second is within the square bracket. My question is, how can use base search inbetween sqaure bracket ?
... View more
10-06-2020
10:26 AM
Thank you Rock star 🙂 It worked for me
... View more
10-06-2020
08:20 AM
I hope, you had seen my last comment where i have provided a query to find peak hour and written another query which i need to extract Transactions based on time captured
... View more
10-06-2020
08:03 AM
I will simpify my question, Below is the my basic query which captures peak hour volume and _time. index=App | bucket _time span=1h | stats count as CallsByHour by _time | sort - CallsByHour | head 1 Now, I want to write another query based on the captured time in the above query as earliest=_time and latest=_time + 3600. Eg. index=App earliest=_time latest=_time + 3600 | stats count by Transaction. I want to merge above two queries and produce Transactions as final output for the time range which captured from the first query
... View more
10-06-2020
07:32 AM
Somehow, its not working. Are you asking me to write same search query between " search again with wider time period e.g. earliest=-1d@d latest=@d " which i had writeen at starting to fetch data ?
... View more
- Tags:
- sub search
10-06-2020
04:33 AM
I am preparing a volume report for my project. My requirement is to capture the peak hour (hour which has highest calls ) with date and time and pass the same date and time in sub search to get statistical data. My search should be like below (query to get the peak hour) | (sub search with stats command with duration of peak hour) I want to print peak hour and with statistical out put in a single query. Any suggestions, how to get this thing ?
... View more
08-19-2020
01:47 AM
Some of my team mates modified my existing alert and i want to know the query modification which he did. I am able to find who and when he modified the alert but not able to find compare the old and new search query.
Is there any way to find the original query and modified query to compare?
... View more
Labels
- Labels:
-
alert action
-
Other
04-16-2020
11:15 PM
That way, it is working but i have extracted one field using rex. Not sure that is causing any difference.
... View more
04-16-2020
09:34 PM
I have two fields called field1, field2. Both are having same value as "xyz" but when i try to compare them with match function, it is saying that both values are different. Output of below query is "No" but I am expecting the answer "Yes" as both are equal.
eval results1=if(field1=field2,"Yes","No")
If any field format make differ here ?
... View more
03-20-2020
08:20 PM
Hi Wood,
Thanks for looking into it. The count which i have mntioned 50 and 100 are not fixed. Hence, i don't want to use makeresults and also i have a search query to catch the exception. I made changes to your query according to my requirement but seems it is not working. It is not producing exactly 10 events.
... View more
03-20-2020
07:06 AM
Hi Experts,
I have a requirement. I have a field called 'exception' and it has two values. one as 'open file' and another one is 'half open file'.
Exceptions starts with 'half open file' and these events are typically more than 50 and then follows with 'open file'
and this count might be anything more than 100. This count is in just span of 5mins.
Now, my requirement is to display both values for 'open file' and 'half open file'. My output rows should be exactly 10 rows.
'half open file' events should be displayed with tail 5 and 'open file' should display with head 5.
That equals both count to 10 events.
... View more
02-11-2020
12:02 AM
I have field values as below ,
field1=value1 filed2=server1
field1=service/value2/a1 field2=server2
field1=value3 field2=server3
field1=service/value4/a2 filed2=server4
field1=value5 field2=server5
field1=service/value6/a2 filed2=server4
field1=value7 field2=server6
field1=service/value8/a2 filed2=server2
I am getting few extra strings on field1 from server2 and server4. Now i want to check, if log is from server2 or server4, then truncating pre and post random values and save only actual value
My final output field should be like below
field1=value1; value2; value3; value4; value5; value6.. etc
... View more
09-11-2019
03:42 AM
I don't see alert names with thsi query adn also tehre are few instances where alerts are enabled but they don't trigger at all due to chnage in the search query. I want all enabled alerts which are scheduled but not triggered at all in last 1 year or so. Could you please help me ?
... View more
09-11-2019
02:11 AM
We have around 500 alerts and reports cnfigured to our application. I want to know list of alerts/reports which are active and which are not in use. I am not a Splunk admin so i can't get permission to view configuration files. If tehre is any search query to do so, please provide.
... View more
- Tags:
- splunk-enterprise
09-11-2019
02:06 AM
Could you please provide an example
... View more
09-11-2019
12:38 AM
I found below query but want to know, all non-working alerts
index=_audit action="alert_fired" | dedup ss_name | table ss_name, _time
... View more
09-10-2019
11:53 PM
Is there any search query to find all alerts and last triggered date and time for each of the alert ?
... View more
- Tags:
- splunk-enterprise
