×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- About Allampally
Allampally
Path Finder
Member since:
05-04-2018
04-30-2024
Community Statistics
| Posts | 40 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 1 |
| Member Since | 05-04-2018 |
Activity Feed
- Posted Re: Max of peak hour volume on Getting Data In. 04-29-2024 10:18 AM
- Posted Re: Peak hourly volume monthly wise for last 3 months. on Splunk Search. 03-11-2024 06:59 AM
- Karma Re: Peak hourly volume monthly wise for last 3 months. for ITWhisperer. 03-11-2024 06:58 AM
- Posted Re: Peak hourly volume monthly wise for last 3 months. on Splunk Search. 03-09-2024 08:46 AM
- Posted Re: Peak hourly volume monthly wise for last 3 months. on Splunk Search. 03-09-2024 08:17 AM
- Posted Peak hourly volume monthly wise for last 3 months. on Splunk Search. 03-09-2024 06:25 AM
- Posted Re: Rex field extraction on Splunk Enterprise. 05-10-2023 07:18 AM
- Posted Re: Rex field extraction on Splunk Enterprise. 05-10-2023 06:26 AM
- Posted Help with rex field extraction? on Splunk Enterprise. 05-10-2023 05:36 AM
- Got Karma for How to merge two fields values into a single field?. 10-07-2022 10:30 AM
- Posted Re: Capture peak hour and use the same hour in a sub search on Splunk Search. 10-07-2020 09:56 AM
- Posted Re: Capture peak hour and use the same hour in a sub search on Splunk Search. 10-06-2020 10:26 AM
- Posted Re: Capture peak hour and use the same hour in a sub search on Splunk Search. 10-06-2020 08:20 AM
- Posted Re: Capture peak hour and use the same hour in a sub search on Splunk Search. 10-06-2020 08:03 AM
- Posted Re: Capture peak hour and use the same hour in a sub search on Splunk Search. 10-06-2020 07:32 AM
- Posted Capture peak hour and use the same hour in a sub search on Splunk Search. 10-06-2020 04:33 AM
- Posted How to compare the old and new query of the alert after a modification? on Alerting. 08-19-2020 01:47 AM
- Karma Re: How to trim each event and create a field to extract only particular words? for Sukisen1981. 06-05-2020 12:50 AM
- Karma Re: Split a single field into two fields for cmerriman. 06-05-2020 12:49 AM
- Karma Re: How to write a search where if a certain string is found in a log, set Status=1, else Status=0? for woodcock. 06-05-2020 12:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-29-2024
10:18 AM
@strive , @th1agarajan - My requirement is similar to this but I don't want daily peak hour. I just need to get peak hour from time range. Lets say, If I am searching for last 7 days data, it needs to report only one peak hour of whole hours (out of 24*7) . How can I achieve this ?
... View more
03-11-2024
06:59 AM
Thanks @ITWhisperer - It worked for me
... View more
03-09-2024
08:46 AM
This is the sample stats command for my log. index=company app=abc | stats count by component I don't have field for volume. We have to calculate volume from the stats count.
... View more
03-09-2024
08:17 AM
What is the field used as "volume" ? Is it similar to "count" in stats to get volume ? I tried this but not working and tried a portion of your query | bin _time span=1h | stats sum(count) as volume by _time component Its not reporting anything under volume
... View more
03-09-2024
06:25 AM
Hi Team, I want to calculate peak hourly volume of each month for each service. Each service can have different peak times and first need to calculate peak hour of each component for the month. Likewise calculate for last 3 months. Then calculate the average of 3 months peak hourly volume. Below table is the sample requirement. January-24 February-24 March-24 Avg Volume service1 20 50 20 30 service2 4 3 8 5 service3 20 30 40 30 service4 30000 30000 9000 23000 service5 200 300 400 300
... View more
05-10-2023
07:18 AM
I can't post even sample data here. Is there any link or tutorial to use spath for json requests ?
... View more
05-10-2023
06:26 AM
I tried using SPATH but didn't work for me. Could you please help me to write two spaths to extract embedded json requests ?
... View more
05-10-2023
05:36 AM
Hi All,
I have two events as below. In both the events, data format is different. We can observe extra "/" from few events. How to capture the logEntryType from both of them by using rex command ?
,\"logEntryType\":\"SUMMARY\", ,"logEntryType":"Detail",
Field Name should be "logEntryType" and values should be "SUMMARY" and "Detail".
... View more
Labels
- Labels:
-
using Splunk Enterprise
10-07-2020
09:56 AM
I need one more help from you. I am using the query in dashboard with base search. As you know, while using base search, we should replace base query with "search". But in the query, I should use base search two time. One is at the starting and second is within the square bracket. My question is, how can use base search inbetween sqaure bracket ?
... View more
10-06-2020
10:26 AM
Thank you Rock star 🙂 It worked for me
... View more
10-06-2020
08:20 AM
I hope, you had seen my last comment where i have provided a query to find peak hour and written another query which i need to extract Transactions based on time captured
... View more
10-06-2020
08:03 AM
I will simpify my question, Below is the my basic query which captures peak hour volume and _time. index=App | bucket _time span=1h | stats count as CallsByHour by _time | sort - CallsByHour | head 1 Now, I want to write another query based on the captured time in the above query as earliest=_time and latest=_time + 3600. Eg. index=App earliest=_time latest=_time + 3600 | stats count by Transaction. I want to merge above two queries and produce Transactions as final output for the time range which captured from the first query
... View more
10-06-2020
07:32 AM
Somehow, its not working. Are you asking me to write same search query between " search again with wider time period e.g. earliest=-1d@d latest=@d " which i had writeen at starting to fetch data ?
... View more
- Tags:
- sub search
10-06-2020
04:33 AM
I am preparing a volume report for my project. My requirement is to capture the peak hour (hour which has highest calls ) with date and time and pass the same date and time in sub search to get statistical data. My search should be like below (query to get the peak hour) | (sub search with stats command with duration of peak hour) I want to print peak hour and with statistical out put in a single query. Any suggestions, how to get this thing ?
... View more
Labels
- Labels:
-
subsearch
08-19-2020
01:47 AM
Some of my team mates modified my existing alert and i want to know the query modification which he did. I am able to find who and when he modified the alert but not able to find compare the old and new search query.
Is there any way to find the original query and modified query to compare?
... View more
Labels
- Labels:
-
alert action
04-16-2020
11:15 PM
That way, it is working but i have extracted one field using rex. Not sure that is causing any difference.
... View more
04-16-2020
09:34 PM
I have two fields called field1, field2. Both are having same value as "xyz" but when i try to compare them with match function, it is saying that both values are different. Output of below query is "No" but I am expecting the answer "Yes" as both are equal.
eval results1=if(field1=field2,"Yes","No")
If any field format make differ here ?
... View more
03-20-2020
08:20 PM
Hi Wood,
Thanks for looking into it. The count which i have mntioned 50 and 100 are not fixed. Hence, i don't want to use makeresults and also i have a search query to catch the exception. I made changes to your query according to my requirement but seems it is not working. It is not producing exactly 10 events.
... View more
03-20-2020
07:06 AM
Hi Experts,
I have a requirement. I have a field called 'exception' and it has two values. one as 'open file' and another one is 'half open file'.
Exceptions starts with 'half open file' and these events are typically more than 50 and then follows with 'open file'
and this count might be anything more than 100. This count is in just span of 5mins.
Now, my requirement is to display both values for 'open file' and 'half open file'. My output rows should be exactly 10 rows.
'half open file' events should be displayed with tail 5 and 'open file' should display with head 5.
That equals both count to 10 events.
... View more
02-11-2020
12:02 AM
I have field values as below ,
field1=value1 filed2=server1
field1=service/value2/a1 field2=server2
field1=value3 field2=server3
field1=service/value4/a2 filed2=server4
field1=value5 field2=server5
field1=service/value6/a2 filed2=server4
field1=value7 field2=server6
field1=service/value8/a2 filed2=server2
I am getting few extra strings on field1 from server2 and server4. Now i want to check, if log is from server2 or server4, then truncating pre and post random values and save only actual value
My final output field should be like below
field1=value1; value2; value3; value4; value5; value6.. etc
... View more
09-11-2019
03:42 AM
I don't see alert names with thsi query adn also tehre are few instances where alerts are enabled but they don't trigger at all due to chnage in the search query. I want all enabled alerts which are scheduled but not triggered at all in last 1 year or so. Could you please help me ?
... View more
09-11-2019
02:11 AM
We have around 500 alerts and reports cnfigured to our application. I want to know list of alerts/reports which are active and which are not in use. I am not a Splunk admin so i can't get permission to view configuration files. If tehre is any search query to do so, please provide.
... View more
- Tags:
- splunk-enterprise
09-11-2019
02:06 AM
Could you please provide an example
... View more
09-11-2019
12:38 AM
I found below query but want to know, all non-working alerts
index=_audit action="alert_fired" | dedup ss_name | table ss_name, _time
... View more
09-10-2019
11:53 PM
Is there any search query to find all alerts and last triggered date and time for each of the alert ?
... View more
- Tags:
- splunk-enterprise
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-30-2024
06:19 AM
|
