Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About shreyasathavale
shreyasathavale
Communicator
Member since:
03-26-2014
06-05-2020
Community Statistics
| Posts | 77 |
| Solutions | 2 |
| Karma Given | 4 |
| Karma Received | 6 |
| Member Since | 03-26-2014 |
Activity Feed
- Karma Re: I want to find the difference in count of processes from last 2 months for tiagofbmm. 06-05-2020 12:49 AM
- Got Karma for Re: How to display all host names returned from my search as x-axis labels on a chart?. 06-05-2020 12:48 AM
- Karma Re: Why is my savedsearches.conf configuration not honoring the alert condition of number of events > 10? for somesoni2. 06-05-2020 12:47 AM
- Karma Re: Why are users automatically getting logged out of Splunk the past few days and any running searches have to be re-run? for woodcock. 06-05-2020 12:47 AM
- Karma Re: How to use the result from an index of the 1st search as input to return results from another index in a 2nd search? for woodcock. 06-05-2020 12:47 AM
- Got Karma for Why are users automatically getting logged out of Splunk the past few days and any running searches have to be re-run?. 06-05-2020 12:47 AM
- Got Karma for Why is the Windows perfmon data in Splunk for percentage processor time different from the performance counter value on the server?. 06-05-2020 12:47 AM
- Got Karma for Why is the Windows perfmon data in Splunk for percentage processor time different from the performance counter value on the server?. 06-05-2020 12:47 AM
- Got Karma for Why is the Windows perfmon data in Splunk for percentage processor time different from the performance counter value on the server?. 06-05-2020 12:47 AM
- Got Karma for Unable to find solution for error in splunkd log file. 06-05-2020 12:46 AM
- Posted Re: Send data from file even if there is no change on Getting Data In. 02-24-2020 06:53 AM
- Posted Re: Send data from file even if there is no change on Getting Data In. 02-24-2020 05:51 AM
- Posted Re: Send data from file even if there is no change on Getting Data In. 02-24-2020 04:50 AM
- Posted Send data from file even if there is no change on Getting Data In. 02-24-2020 01:09 AM
- Posted Re: How to continuously monitor a file in splunk even though it is not updated on Getting Data In. 12-26-2019 05:14 AM
- Posted How to continuously monitor a file in splunk even though it is not updated on Getting Data In. 12-24-2019 04:18 AM
- Posted Re: How to add result of search to all rows in lookup? on Splunk Search. 04-22-2019 06:36 AM
- Posted Re: How to add result of search to all rows in lookup? on Splunk Search. 04-22-2019 06:35 AM
- Posted How to add result of search to all rows in lookup? on Splunk Search. 04-22-2019 06:19 AM
- Posted Re: How to compare values in 2 fields and column that show Success/Failure? on Getting Data In. 04-14-2019 11:28 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-24-2020
06:53 AM
That did the trick !!! Thanks!!
... View more
02-24-2020
05:51 AM
Hi, these are the conf files
Inputs.conf is:
[monitor://D:\splunk\abc.csv]
disabled = false
index = main
sourcetype = abccsv
Props.conf:
[labccsv]
BREAK_ONLY_BEFORE = \d\d?:\d\d:\d\d
DATETIME_CONFIG =
LINE_BREAKER = ([\r\n]+)
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
category = Application
description = Output produced by any Java 2 Enterprise Edition (J2EE) application server using log4j
disabled = false
maxDist = 75
pulldown_type = true
CHECK_METHOD = modtime
... View more
02-24-2020
04:50 AM
I tried this but somehow it is not working
... View more
02-24-2020
01:09 AM
I have a file in a directory, whose timestamp is changed everyday using "touch" command. The contents might change after 3 months but not daily.
I need to monitor this file in splunk and read the contents even if they are same.
... View more
- Tags:
- splunk-enterprise
12-26-2019
05:14 AM
yeah, but wanted to continuously monitor it
... View more
12-24-2019
04:18 AM
I want to monitor a cfg/csv file daily. The file does not get updated daily, it gets updated once a month or once a quarter.
Can splunk monitor/read the file daily so that i don't have to specify timestamp like earliest=30d or earliest=90d
File does not have a datetime stamp in it.
... View more
04-22-2019
06:36 AM
Never mind, i found the solution using "filldown"
... View more
04-22-2019
06:35 AM
Never mind, i found the solution using "filldown"
... View more
04-22-2019
06:19 AM
I have a search from where i get a result
i
ndex=abc sourcetype=file|table Name --- Result XYZ
Now my lookup is
Tables
ABC
LMN
I want to append column name with lookup , expected result
Tables Name
ABC XYZ
LMN XYZ
... View more
04-14-2019
11:28 PM
Thanks @HiroshiSatoh , I tried this and it is working as expected!!!
... View more
04-14-2019
03:37 AM
I have 2 fields as below
Field1 Field2
abc abc
def jkl
ghi wxy
jkl
pqr
wxy
I have to compare values in Field1 with all values in Field2 and return "Success" if both are same and "Fail" if both are not same.
Expected Result:
Field1 Field2 Result
abc abc Success
def jkl Fail
ghi wxy Fail
jkl Success
pqr Fail
wxy Success
Index is same with different sourcetypes
... View more
02-25-2019
07:27 AM
Is there anything in splunk for Hadoop monitoring except Hunk?
... View more
11-16-2018
02:13 AM
I want to monitor Hadoop Usage, and Cloudera manager is not that useful. I wanted to know what is the difference between Hadoop Connect and Hunk.
We want to set alerts, check usage, check scheduled Hadoop jobs status etc.
Also, is Hunk installed on Hadoop servers?
... View more
03-19-2018
06:01 AM
Can you help me out with eval command for difference in these 2 months values?
My result looks like:
Month Values
01-Jan-2018 1447
02-Feb-2018 1345
I want to calculate difference of 1447-1345
... View more
03-19-2018
05:21 AM
I added | eval Month=strftime(_time,"%m %b %Y") to the command and it worked.. Thanks!!
... View more
03-19-2018
04:07 AM
This search took too much time to run and finally it gave me 2 values by host and not by Month 😞
... View more
03-19-2018
03:03 AM
My 1st search:
earliest=-2mon@mon latest=-1mon@mon index=linux (host=abc OR host=xyz) COMMAND=LMN|dedup host,PID|stats count(PID) AS Value1
My 2nd search:
earliest=-1mon@mon latest=@mon index=linux (host=abcOR host=xyz) COMMAND=LMN|dedup host,PID|stats count(PID) AS Value2
I want to find Value1-Value2 or difference in count .. When I ran individual searches i got the count as 1441 and 1347 but when i used append the 2nd count reduced to 925 instead of 1347, same happens for join..
How can i find exact difference in counts?
... View more
- Tags:
- splunk-enterprise
03-05-2018
04:54 AM
Thanks a lot mayurr98 !!!
... View more
03-05-2018
04:54 AM
This did not provide any result sadly.. but mayurr98's answer worked. Thanks again!!
... View more
03-05-2018
03:27 AM
index=abc role=xyz sourcetype=cpu cpu=all|eval pctBusy=100-pctIdle|chart avg(pctBusy) by host|eval AvgCPU=round('avg(pctBusy)',2)|rename AvgCPU As "Average CPU" |fields host,"Average CPU"|sort by host
I have set earliest=-30d@d latest=now
... View more
