Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About smazzatenta
smazzatenta
New Member
Member since:
01-06-2016
06-05-2020
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 01-06-2016 |
Activity Feed
- Posted Re: I am trying to write a query that displays how long an application has been running? So far I have the following string. on Splunk Search. 01-19-2016 06:11 AM
- Posted Re: I am trying to write a query that displays how long an application has been running? So far I have the following string. on Splunk Search. 01-19-2016 03:29 AM
- Posted Re: I am trying to write a query that displays how long an application has been running? So far I have the following string. on Splunk Search. 01-15-2016 03:38 AM
- Posted Re: I am trying to write a query that displays how long an application has been running? So far I have the following string. on Splunk Search. 01-15-2016 03:38 AM
- Posted Re: I am trying to write a query that displays how long an application has been running? So far I have the following string. on Splunk Search. 01-14-2016 09:37 AM
- Posted Re: I am trying to write a query that displays how long an application has been running? So far I have the following string. on Splunk Search. 01-14-2016 05:43 AM
- Posted Re: I am trying to write a query that displays how long an application has been running? So far I have the following string. on Splunk Search. 01-13-2016 08:59 AM
- Posted I am trying to write a query that displays how long an application has been running? So far I have the following string. on Splunk Search. 01-13-2016 07:03 AM
- Tagged I am trying to write a query that displays how long an application has been running? So far I have the following string. on Splunk Search. 01-13-2016 07:03 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
01-19-2016
06:11 AM
I double checked the field and it is named New_Process_Name. When I take "_time" out of the search, New_Process_Name shows up in the display. This actually is what I want but I still need to display what time the application was launched. Can that be displayed as well?
Thanks,
Steve
... View more
01-19-2016
03:29 AM
Hello,
The first search using "table" does not show the New_Process_Name in the display. It shows the time (2016-01-13T05:06:52.000-5:00) and usage in minutes (528). I am not sure I understand the time.
When I use "timechart" I receive the following error:
Error in 'timechart' command: The specifier 'Usage_In_Minutes' is invalid. It must be in form (). For example: max(size)
Thanks,
Steve
... View more
01-15-2016
03:38 AM
Once again. Thanks for the quick response. I will not be a work for a couple of days but will give it a try when I return on Tuesday. Thanks again for all the help.
... View more
01-15-2016
03:38 AM
Once again. Thanks for the quick response. I will not be a work for a couple of days but will give it a try when I return on Tuesday. Thanks again for all the help.
... View more
01-14-2016
09:37 AM
Hi again, I have been working on this query for a couple days. To clarify, I am trying to write a query that tracks application launch time and duration. Rather than give you a sample of the query, like I did in my previous post, below is the exact query I am using and it does not give me the correct results. Any assistance would be helpful. Thanks.
host="WKSDC-0004" EventCode=4688 OR EventCode=4689 | transaction New_Process_ID Process_ID Process_Name New_Process_Name startswith="EventCode=4688" endswith="EventCode=4689" | search New_Process_Name="C:\Program Files (x86)\ExtendSim9\ExtendSim.exe" OR New_Process_Name="C:\GAMS\win64\24.0\gamside.exe" OR New_Process_Name="Netica.exe" OR New_Process_Name="C:\Programs Files (x86)\Vitech\CORE 8\core80.exe" | chart values(eval(duration/60)) as Usage_In_Minutes by New_Process_Name
... View more
01-14-2016
05:43 AM
Thank you. Would you be able to assist in helping me display the numerical values (seconds, minutes, hours)? I tried working on that yesterday and was unsuccessful.
Thanks again for all your help.
... View more
01-13-2016
08:59 AM
Thank you for the response. To be more specific, I can't seem to display the result correctly on the dashboard. I am trying to show each application on the x-axis and the duration in hours, minutes, seconds on the y-axis. Also, I would like display the time when application was launched. Would you mind pointing out which OR I am missing in my filter.
Thank you.
... View more
01-13-2016
07:03 AM
host="server" EventCode=4688 OR EventCode=469 | transaction New_Process_Name startswith=(EventCode=4688) endswith=(EventCode=4689) | where duration > 1 | search New_Process_Name="extend.exe" New_Process_Name="excel.exe"
... View more
- Tags:
- query-string
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
