Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Nikita_Danilov
Nikita_Danilov
Path Finder
Member since:
04-23-2014
06-05-2020
Community Statistics
| Posts | 21 |
| Solutions | 1 |
| Karma Given | 9 |
| Karma Received | 0 |
| Member Since | 04-23-2014 |
Activity Feed
- Karma Re: How to make case InSensitive search everywhere by default? for martin_mueller. 06-05-2020 12:47 AM
- Karma Re: Cumulative counters with "slice" logic for martin_mueller. 06-05-2020 12:46 AM
- Karma Re: Cumulative counters with "slice" logic for somesoni2. 06-05-2020 12:46 AM
- Karma Re: How to get position of a not constant char/substring in another string? for martin_mueller. 06-05-2020 12:46 AM
- Karma Re: Few SearchTemplate's in Dashboard for optimization? for nfilippi_splunk. 06-05-2020 12:46 AM
- Karma Re: How to make a search case-sensitive? for cyue_splunk. 06-05-2020 12:45 AM
- Karma Re: How to make a search case-sensitive? for jburman123. 06-05-2020 12:45 AM
- Karma Re: Search Macro error in Stats Command for jason_hubbard. 06-05-2020 12:45 AM
- Posted Re: How to make case InSensitive search everywhere by default? on Splunk Search. 07-02-2014 05:53 AM
- Posted Re: How to make case InSensitive search everywhere by default? on Splunk Search. 07-02-2014 05:34 AM
- Posted Re: How to make a search case-sensitive? on Splunk Search. 07-02-2014 05:08 AM
- Posted How to make case InSensitive search everywhere by default? on Splunk Search. 07-02-2014 04:52 AM
- Tagged How to make case InSensitive search everywhere by default? on Splunk Search. 07-02-2014 04:52 AM
- Tagged How to make case InSensitive search everywhere by default? on Splunk Search. 07-02-2014 04:52 AM
- Tagged How to make case InSensitive search everywhere by default? on Splunk Search. 07-02-2014 04:52 AM
- Tagged How to make case InSensitive search everywhere by default? on Splunk Search. 07-02-2014 04:52 AM
- Posted Re: Few SearchTemplate's in Dashboard for optimization? on Dashboards & Visualizations. 06-11-2014 09:49 AM
- Posted Re: Few SearchTemplate's in Dashboard for optimization? on Dashboards & Visualizations. 06-11-2014 09:47 AM
- Posted Few SearchTemplate's in Dashboard for optimization? on Dashboards & Visualizations. 06-11-2014 07:46 AM
- Tagged Few SearchTemplate's in Dashboard for optimization? on Dashboards & Visualizations. 06-11-2014 07:46 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-02-2014
05:53 AM
Does match(,) have better performance than lower() ?
... View more
07-02-2014
05:34 AM
Martin, thanks, but what about count(eval(log_level=info)) ? I need to use everywhere lower() ? Where I can find information about this "exceptions"? This case surprised me, because in other Answers people say that "Splunk is case InSensitive".
... View more
07-02-2014
04:52 AM
Hi all,
I need to make by default all searches in Splunk 6.1.1 as case InSensitive.
For example, this search are case InSensitive:
index=_internal log_level=info
But this search are case Sensitive:
index=_internal | where log_level=info
Hm, strange... Why? Maybe it's bug and I need to report about it? How can I set default case InSensitive search everywhere? I know about function lower() , but it's just particular solution.
Thanks.
... View more
06-11-2014
09:49 AM
Ok, thanks!
Unfortunately, AdvancedXML it's not acceptable for me, because TimePicker in AdvancedXML has not so handy style as in SimpleXML (http://answers.splunk.com/answers/139525/can-i-apply-default-style-for-timerangepicker-in-advancedxml).
... View more
06-11-2014
09:47 AM
Thanks! But as I understand, it's not PostProcess, it's just shared base search string?
... View more
06-11-2014
07:46 AM
Hi all!
How can I declare few different SearchTemplate's in one Dashboard with SimpleXML? I need it for optimization. Or I can do it only with AdvancedXML?
In documentation (http://docs.splunk.com/Documentation/Splunk/6.1/Viz/PanelreferenceforSimplifiedXML) I found that can be declared not only in Form, in Table/Chart/Events/... too. But, I need to declare in and use results in few Charts (maybe as PostProcess).
Thanks!
... View more
05-05-2014
11:05 PM
In the end, we decided to create an internal cumulative index and accumulate therein summary statistics using scheduled search (http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Usesummaryindexing).
Thank you all for your help!
... View more
05-05-2014
11:01 PM
This example works only for cases when the "error" has been corrected in adjacent periods. With a larger gap in time, it will not work. However, the example is useful for another task, thank you!
... View more
04-29-2014
05:19 AM
Martin, if there are functions "len" and "substring", why not add another one function for strings as "indexof".
... View more
04-28-2014
11:43 PM
yannK, thanks, but I need it in basic search, not only in Forms. I've used Martin's solution.
... View more
04-28-2014
11:39 PM
Martin, it works fine for me:
| eval replaced = replace(haystack, "(.*?)".needle.".*", "\1")
| eval position = if(match(haystack, needle), length(replaced), -1)
Thanks!
Strange to me that there is no special built-in functions.
... View more
04-28-2014
06:42 AM
Hi all!
As I understand, Splunk doesn't have any special functions for normal work with string.
I need to get index of a not constant char/substring in another string.
Substring is not constant, it's value from another field.
Solution for constant substring: http://answers.splunk.com/answers/66496/how-to-get-index-of-a-particular-letter-in-string
But, it has not work for dynamic substring. I tried to form regular expression:
index="b2b_integration_oss"
| eval string="Some long string"
| eval regExString=".*(?<substring>\b" + searchField + "\b).*"
| rex field=string regExString
Then, I got next error:
Error in 'rex' command: The regex 'regExString' does not extract anything. It should specify at least one named group. Format: (?<name>...).
Why doesn't exist in Splunk any analogs for SQL CHARINDEX function?
Anyone can guide me please on this?
Thanks!
... View more
04-24-2014
07:51 AM
Somesin2, thanks for this question, I forgot to say about this case: "Success" it's a final Status for each ID.
If already exists event with Status=Success and ID=1, then new event with Status=Error and ID=1 will not be added.
... View more
04-24-2014
07:13 AM
More detailed example.
Events in index:
ID Status StatusDateTime
--------------------------------------
1 Error 0:30
2 Success 0:30
1 Success 1:30
3 Error 1:30
4 Error 2:30
3 Success 3:30
4 Success 4:30
5 Error 4:30
6 Success 5:30
Required overall result:
Slice Success Error
------------------------------------
1:00 1 1
2:00 2 1
3:00 2 2
4:00 3 1
5:00 4 1
6:00 5 1
Main issue - correctly calculate total Error's count.
If added new event, with the same ID and status "Success" (that before then had "Error"), total Error's count must decrease.
"Success" it's a final Status for each ID.
If already exists event with Status=Success and ID=1, then new event with Status=Error and ID=1 will not be added.
I have to get this result in one search, is it realizable?
Thanks!
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
Karma given to
