Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About msalaverry
msalaverry
New Member
Member since:
08-10-2015
06-05-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 08-10-2015 |
Activity Feed
- Posted Re: Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table? on Splunk Search. 08-27-2015 11:41 AM
- Posted Re: Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table? on Splunk Search. 08-27-2015 07:49 AM
- Posted Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table? on Splunk Search. 08-26-2015 09:00 AM
- Tagged Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table? on Splunk Search. 08-26-2015 09:00 AM
- Tagged Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table? on Splunk Search. 08-26-2015 09:00 AM
- Tagged Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table? on Splunk Search. 08-26-2015 09:00 AM
- Tagged Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table? on Splunk Search. 08-26-2015 09:00 AM
- Posted Re: How to find the difference between the results of two different searches in one search to display in a table panel? on Splunk Search. 08-10-2015 02:16 PM
- Posted Re: How to find the difference between the results of two different searches in one search to display in a table panel? on Splunk Search. 08-10-2015 01:35 PM
- Posted Re: How to find the difference between the results of two different searches in one search to display in a table panel? on Splunk Search. 08-10-2015 01:27 PM
- Posted Re: How to find the difference between the results of two different searches in one search to display in a table panel? on Splunk Search. 08-10-2015 12:27 PM
- Posted Re: How to find the difference between the results of two different searches in one search to display in a table panel? on Splunk Search. 08-10-2015 12:20 PM
- Posted How to find the difference between the results of two different searches in one search to display in a table panel? on Splunk Search. 08-10-2015 11:24 AM
- Tagged How to find the difference between the results of two different searches in one search to display in a table panel? on Splunk Search. 08-10-2015 11:24 AM
- Tagged How to find the difference between the results of two different searches in one search to display in a table panel? on Splunk Search. 08-10-2015 11:24 AM
- Tagged How to find the difference between the results of two different searches in one search to display in a table panel? on Splunk Search. 08-10-2015 11:24 AM
- Tagged How to find the difference between the results of two different searches in one search to display in a table panel? on Splunk Search. 08-10-2015 11:24 AM
Topics I've Started
08-27-2015
11:41 AM
Hey somesoni2... You were right, I updated the query and I missed to change appendcols to appen ...
Seems to be ok now... Thanks a lot!
... View more
08-27-2015
07:49 AM
Tried, but didn't work 😞 .. Why is this happening?
... View more
08-26-2015
09:00 AM
Hi,
I have this search:
host="myhost.com" NOT source=*access_log* AND "SearchA" | timechart span=1d dc(App) as NotAssigned
| eval NotAssigned=NotAssigned+0 | appendcols [search SearchB
| timechart span=1d sum(Count) as Assigned ]
| eval Time=strftime(_time, "%d-%m") |table Time, Assigned, NotAssigned
This seems to work ok, but sometimes one of those variables is shown with no time for some events, and I don't know why.
This is the case:
When I made the searches individually, this was displayed correctly. But in some moments, it looks like there are some _time values missing.
Like in the attached image, today is 26-08, but the table is showing until 25-08, and one of the variables was displaced a couple of days.
Do you know how to fix it? ...
... View more
08-10-2015
02:16 PM
Awesome!. That's exactly what I need... Thanks somesoni2 ...
Also thanks to everyone else. You guys rock!.
... View more
08-10-2015
01:35 PM
"New apps retreived" OR "New apps generated" | stats count values(Apps_retrieved) values(Apps_generated)
returns:
count | Apps_retrieved | Apps_generated
88 | |
Looks like "count" contains the sum of retrieved and generated. But we're not getting them separately.
... View more
08-10-2015
01:27 PM
transaction startswith="Apps_Assignment: New apps retrieved" doesn't return anything. Even, I don't know what's this command. 😞
... View more
08-10-2015
12:27 PM
Maybe I didn't explained correctly.
As I said to richgalloway:
the log statements I'm looking for are:
- Apps_Assignment: New apps retrieved. Count={}
- Apps_Assignment: apps generated in {} millis. Count={}
This process will shown the first log at the begining, and the second one at the end. And I want to get difference between the initial value of count and the final. This process run once every hour.*
... View more
08-10-2015
12:20 PM
Hi richgalloway,
Well the log statements I'm looking for are:
- Apps_Assignment: New apps retrieved. Count={}
- Apps_Assignment: apps generated in {} millis. Count={}
This process will shown the first log at the begining, and the second one at the end. And I want to get difference between the initial value of count and the final. This process run once every hour.
... View more
08-10-2015
11:24 AM
Hi,
I hope you can help me with this,
I have 2 search results and I want to get the difference between both in the same search to display it in a table panel.
So..
search events 1:
New apps retrieved | stats values(Count) as Apps_retrieved | Table _time, Apps_retrieved
search events 2:
Apps_Assignment: apps generated in | stats values(Count) as Apps_generated | Table _time, Apps_generated
So, basically what I need is to get:
{(search events 1) - (search events 2)} | timechart span=1h count
or some way to expose this difference in 1h intervals.
Thanks in advance,
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
