×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jbethmont
Explorer
Member since: ‎08-29-2018
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎08-29-2018
Activity Feed
View All

Re: Google Apps for Splunk: Gsuite HttpError

by in All Apps and Add-ons
‎09-20-2018 09:50 PM
‎09-20-2018 09:50 PM
I'm facing the exact same issue. Have you been able to solve it yet ? ... View more

Re: How to chart a list of key/value pair fields o...

by in Splunk Search
‎09-03-2018 08:35 PM
‎09-03-2018 08:35 PM
Thanks for your help @renjith.nair So if I go back to my initial question, I would like to chart the average value of a field02 only if this average is above a threshold. So this works fine for 1 field (threshold is 70): | stats avg(field02) as avg_c5x02 | where avg_c5x02 > 70 But this doesn't work if my field contains a wildcard: | stats avg(field*) as avg_c5x* | where avg_c5x* > 70 ... View more

Re: How to chart a list of key/value pair fields o...

by in Splunk Search
‎08-29-2018 05:20 PM
‎08-29-2018 05:20 PM
Based on @renjith.nair 's comment the solution was to use the transpose function. <search> | stats last(field*) as field* | transpose | rename "column" as key "row 1" as value | where value > 20 This works fine for a snapshot of the values at a given time (last events basically). However, If I'd like to graph them over time, the issue remain the same as the table will be composed of multiple columns per time bucket. And I will need again to deal with a * in my where command. alarm value1 value2 value3 value4 value5 Time 10:33:23 AM 10:36:23 AM 10:36:28 AM 10:37:23 AM 10:37:28 AM field01 43 46 47 47 48 field02 5 5 5 5 5 field03 2 2 2 2 [...] field64 .... Maybe a combination of transpose and foreach command ? ... View more

Re: How to chart a list of key/value pair fields o...

by in Splunk Search
‎08-29-2018 04:58 PM
‎08-29-2018 04:58 PM
Thanks a lot!!! This is much more simpler using transpose! ... View more

How to chart a list of key/value pair fields only ...

by in Splunk Search
‎08-29-2018 06:30 AM
‎08-29-2018 06:30 AM
Hi Splunk'az, I have events composed of 64 key/value pairs that are being extracted into fields at indexing time: "d" : { "field01" : [ 0 ], "field02" : [ 5 ], "field03" : [ 2 ], "field04" : [ 3 ], [...] "field64" : [ 38] } I would like to chart the "value" of the field "only if" it is above a certain threshold. I was initially thinking using 'where': | stats count last(field*) | where field* > 100 But the above doesn't work as 'where' can't contain a wildcard... Then I was looking at the 'foreach' function. And trying something like: | foreach c5x* [eval new_<>=if(<> > 0, <>, null)] | table new_* But the above doesn't work either, and still, I would have to get rid of the 'null' values from fields using a wildcard again. So the problem would remain the same. So, how can I chart a set of fields values only if the value is above a certain threshold? And without having to hardcode to complete list of fields obviously 😉 Thanks in advance! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to