×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
gccyuen
New Member
Member since: ‎12-20-2012
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-20-2012
Activity Feed
View All

Re: Compare object position with last position wit...

by in Splunk Search
‎02-19-2015 10:27 PM
‎02-19-2015 10:27 PM
I finally work out the solution and your information is critically for solving it! ... View more

Re: Compare object position with last position wit...

by in Splunk Search
‎01-23-2015 09:50 AM
‎01-23-2015 09:50 AM
OK, every minutes I got positions of thousands of objects that are moving around, and I have an arbitrary straight line drawn on the floor, now I need to count the events of objects crossing that line. So if for an object, its last position is on the 'A' side of the line and the current position is on the 'B' side of the line, then it has just crossed the line, right? The calculation is a bit complex but I did figure it out, and put the algorithm in a custom search command. The problem now is at search time I cannot reliably get the last position when I have the current event at hand, because Splunk seemed to pass the events in bunches. ... View more

Re: Compare object position with last position wit...

by in Splunk Search
‎01-23-2015 02:26 AM
‎01-23-2015 02:26 AM
Thanks for your reply, I will take deeper look into the streamstats. However, I have to check if the object has crossed some line, therefore I have to do it with custom search command. Then I found the custom search command seemed to be invoke multiple times, each time ( bunch) process only a subset of all the events (perhaps for running the search in parallel??). Between two bunches I had a gap and cannot reliably compare the current position with the last position.... ... View more

Compare object position with last position with se...

by in Splunk Search
‎01-21-2015 08:12 AM
‎01-21-2015 08:12 AM
I tried to write a search command to track object position, and compare the current position from last position, the date are like: Obj, x, y A, 1.1, 2.2 B, 1.1, 2.0 A, 1.2, 2.0 B, 1.3, 2.0 ... So each record of obj 'A' need to compare with the last record of 'A', except for the first record. However, I found that Splunk push the search result in bunches to the search command, and I will have gaps in between records. For example when a plain search return 3,148 events, I wrote a pipe search command and find the events arrived in bunches of 50, 449, 2500, 149, 0, 0, 0, the code of the pipe search command is listed below. import sys from splunklib.searchcommands import \ dispatch, StreamingCommand, Configuration, Option, validators @Configuration() class CountMatchesCommand(StreamingCommand): def stream(self, records): i = 0 for record in records: i += 1 yield record self.logger.error('CountMatchesCommand error: %d' % i) dispatch(CountMatchesCommand, sys.argv, sys.stdin, sys.stdout, __name__) Can anyone advise what is the best solution to handle the 'bunch arrival' problem so I can reliably compare position with last one? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM