cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
martinaire
Explorer
Member since: ‎04-24-2012
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 6
Karma Received 6
Member Since ‎04-24-2012
Activity Feed
View All

Re: Formatting in CSV when using Stats

by in Splunk Search
‎07-10-2013 02:39 PM
‎07-10-2013 02:39 PM
Option #1 Add the following in front of STATS: | eval UserId=UserId." " | eval Email=Email." " | eval SignupIP=SignupIP." " | There is a new line between each set of quotation marks. Use SHIFT+ENTER to insert the new line into the search field. This concatenates (appends) a new line at the end of each of the values. I tested it and noticed inconsistent results (some values disappeared). But when opened in excel, each value in the excel cell is separated by a newline as opposed to just a space. So it works but make sure to validate it for accuracy. Option #2 Install Splunk for Excel Export. I have not tested this but it may work. ... View more

Re: Appending a new line character behind each use...

by in Reporting
‎07-10-2013 12:08 PM
‎07-10-2013 12:08 PM
Option #1 Do the following: | eval user=user." " | There is a new line between the quotation marks. Use SHIFT+ENTER to insert the new line into the search field. This concatenates (appends) a new line at the end of each user value. I tested it and noticed inconsistent results (some values dissappeared). Make sure to validate it. Option #2 Install Splunk for Excel Export. I have not tested this but it may work. ... View more

Re: Find the Distance Between Two or More Geolocat...

by in Reporting
‎06-13-2013 04:01 PM
‎06-13-2013 04:01 PM
I think my question is a little more complex than I initially thought. My current base search only has the src_ip_latitude and src_ip_longitude fields. I want break it up (e.g. latitude1, latitude2, etc.) grouped by the username. I'm thinking I would need alter the end of my search to something like "where (count_country > 1) AND (distance > 100)". That means I likely need to do the distance calculation it within my stats clause. Because after my stats clause, I no longer have access to the latitude and longitude fields. ... View more

Re: Subsearch fields "query" "search" - How do I k...

by in Splunk Search
‎06-12-2013 02:44 PM
‎06-12-2013 02:44 PM
Thanks! The Query field has helped a lot for subsearches! ... View more

Re: Find the Distance Between Two or More Geolocat...

by in Reporting
‎06-11-2013 07:47 AM
1 Karma
‎06-11-2013 07:47 AM
1 Karma
I completely forgot about the fact that that the Earth is round. 🙂 Too bad I can't use the great-circle formula. How can I pull out the latitude and longitude field by username and plug it into the eval? In other words, how can I incorporate the eval into the base search? ... View more

Find the Distance Between Two or More Geolocation ...

by in Reporting
‎06-06-2013 04:50 PM
5 Karma
‎06-06-2013 04:50 PM
5 Karma
I am trying to find the distance between two or more IP geolocations without the use of an external script (not an admin). Here is my base search: tag=login | geoip src_ip | stats distinct_count(src_ip_country_name) AS count_country, values(src_ip_country_name) AS country by username | where count_country > 1 I know I can find the difference in the latitude and longitude fields. Something like the following: sqrt(pow(src_ip_latidude1-src_ip_latidude2,2)+pow(src_ip_longitude1-src_ip_logitude2,2)) But how do I incorporate that into my base search? Would I be able to build a table with the geolocations and the distance grouped by username? Thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to