Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About rob3770
rob3770
Explorer
Member since:
01-27-2015
06-05-2020
Community Statistics
| Posts | 15 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 01-27-2015 |
Activity Feed
- Got Karma for IOSTAT How do i get Disk iops out?. 06-05-2020 12:47 AM
- Posted Splunk Predict App: Why is the app excluding step changes in data? on All Apps and Add-ons. 02-20-2018 07:01 AM
- Tagged Splunk Predict App: Why is the app excluding step changes in data? on All Apps and Add-ons. 02-20-2018 07:01 AM
- Tagged Splunk Predict App: Why is the app excluding step changes in data? on All Apps and Add-ons. 02-20-2018 07:01 AM
- Posted Re: Adding 2 searches together sounds easy on Splunk Search. 02-01-2018 02:28 PM
- Posted Re: Adding 2 searches together sounds easy on Splunk Search. 02-01-2018 09:42 AM
- Posted Re: Adding 2 searches together sounds easy on Splunk Search. 02-01-2018 09:09 AM
- Posted Adding 2 searches together sounds easy on Splunk Search. 02-01-2018 08:33 AM
- Tagged Adding 2 searches together sounds easy on Splunk Search. 02-01-2018 08:33 AM
- Posted Re: Is there a way to refresh just the tick on a radial gauge within a panel? on Dashboards & Visualizations. 09-23-2015 08:02 AM
- Posted Missing Dashboards on Dashboards & Visualizations. 09-23-2015 07:45 AM
- Tagged Missing Dashboards on Dashboards & Visualizations. 09-23-2015 07:45 AM
- Tagged Missing Dashboards on Dashboards & Visualizations. 09-23-2015 07:45 AM
- Posted Re: Is there a way to refresh just the tick on a radial gauge within a panel? on Dashboards & Visualizations. 06-15-2015 07:55 AM
- Posted Re: Is there a way to refresh just the tick on a radial gauge within a panel? on Dashboards & Visualizations. 06-10-2015 12:57 AM
- Posted Is there a way to refresh just the tick on a radial gauge within a panel? on Dashboards & Visualizations. 06-09-2015 07:12 AM
- Tagged Is there a way to refresh just the tick on a radial gauge within a panel? on Dashboards & Visualizations. 06-09-2015 07:12 AM
- Tagged Is there a way to refresh just the tick on a radial gauge within a panel? on Dashboards & Visualizations. 06-09-2015 07:12 AM
- Tagged Is there a way to refresh just the tick on a radial gauge within a panel? on Dashboards & Visualizations. 06-09-2015 07:12 AM
- Posted Re: Predict stops working when eval used on Splunk Search. 04-09-2015 08:27 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 |
02-20-2018
07:01 AM
Hi, I'm creating a simple chart that displays disk space but Predict doesn't handle a step change very well. When space is filling up it successfully predicts but if any space has been freed up and these a sharp change in the data, Predict freaks out.
index=perfmon sourcetype="Perfmon:LogicalDisk" host=xxxxx counter="Free Megabytes" instance=E:
| timechart span=24h max(Value) usenull=f | predict max(Value) future_timespan=90
Also can it be run against multiple host or disks?
Cheers
... View more
02-01-2018
02:28 PM
index=wpap source="E:\\Logfiles\\OneClick\\Operations.log" ("TokenStatus=*Success*") ServiceName=BILLDESK
| eval TotalSuccess = if(TokenStatus=Success,1,0)
This provides the correct number of successes, the line concerning failures is a red herring and was left over by the original person.
stats distinct_count(CorrelationId) as TotalA |
This is the line which counts the number of unique ID's and should be used in the calculation against the Success number (ID*100/Success)
... View more
02-01-2018
09:09 AM
index=ABC source="E:\\Logfiles\\OneClick\\Operations.log" ServiceName=DEF |
stats distinct_count(CorrelationId) as TotalA |
appendcols [search "TokenStatus=*Success*" ServiceName=DEF | stats distinct_count(CorrelationId) as TotalSuccess ]|
appendcols [search TokenSubStatus=*error* ServiceName=DEF | stats distinct_count(CorrelationId) as TotalFailure ]|
eval Total=(TotalSuccess*100)/TotalA | fields Total
Hi i have added the query as requested
I have amended the index and sources for security but the sources are all the same
The output is always 0
I have tried eval Total=(TotalSuccess+100)/TotalA | fields Total and get 100
Many thanks
... View more
02-01-2018
08:33 AM
index=ABC source="ABC" ServiceName=ABC |
stats distinct_count(CorrelationId) as TotalA |
appendcols [search "TokenStatus=*Success*" ServiceName=ABC | stats distinct_count(CorrelationId) as TotalSuccess ]|
appendcols [search TokenSubStatus=*error* ServiceName=ABC | stats distinct_count(CorrelationId) as TotalFailure ]|
eval Total=(TotalSuccess*100)/TotalA | fields Total
I have been given the above query to troubleshoot and i've already pulled my hair out.
I can see that line 4 is not required but this always returns 0. Let's say TotalA is 100 & TotalSuccess is 10 I would expect the output to = 10% or at least 10.
Am I missing something simple?
Cheers
... View more
- Tags:
- splunk-enterprise
09-23-2015
08:02 AM
Is this possible within the dashboard?
... View more
09-23-2015
07:45 AM
I had 2 custom dashboards that have now gone 'missing'.
I know that i haven't deleted them, is there any way back from this abyss?
Cheers
... View more
06-15-2015
07:55 AM
Hi, Does anyone know if the animation of the dials pointer is actually possible?
... View more
06-10-2015
12:57 AM
Hi, we have this bit of XML in place already.
It refreshes the panel.
What we would like is the gauges tick arm to move every time the refresh occurred, just like a real gauge.
The dashboard is going to be displayed on a wall for all to see and the panel refresh is ugly when done every minute for TPS.
Cheers
... View more
06-09-2015
07:12 AM
Hi,
I have a radial gauge with TPS metrics being displayed and refreshing every minute. Each refresh redraws the whole gauge within the panel. Is there a way to just redraw the tick or the arm of the gauge, like a real gauge would do?
... View more
04-09-2015
08:27 AM
That did it!
The lower95 line is dropping to -25, can this be contained as -25% CPU utilization isn't really possible?
Cheers
... View more
04-09-2015
07:22 AM
Hi,
Looking to start using Splunk to do trending and forecasting (predict).
index=os sourcetype=cpu host=ukdc1-xxx-xxx* earliest=-1w | eval Total=(pctSystem+pctUser) | timechart avg(Total) span=1h | predict Total future_timespan=168 algorithm=LL
Getting the old 'Too few data points' error.
This works, but i need the two cpu fields added together to get the total amount of CPU busy time...
index=os sourcetype=cpu host=ukdc1-xxx-xxx* earliest=-1w | timechart avg(pctSystem) span=1h AS AVG | predict AVG future_timespan=168 algorithm=LL
... View more
03-26-2015
08:02 AM
Im now running this...
index=os OR index=wpg (sourcetype=cpu OR sourcetype=our_java) host=servername* "Elapsed time for this payment" NOT "HealthCheck" | transaction CPU host maxspan=7m | timechart count(cpu) by host span=5m
Thousands of Events are found and highlighted "Elapsed time for this payment" but the Statistics tab is showing zeros.
Sourcetype=cpu isnt found either, only Sourcetype=our_java.
... View more
03-26-2015
02:37 AM
I'm creating what at first seemed a simple search criteria, but here goes...
I have multiple servers and displaying CPU by host, but also scanning each server's log file for transaction numbers. I need to display the CPU stats by host, but add all the transactions and have that sum overlaying the CPU area graph.
Hope you're still with me and here is my code so far (sanitized)...
index=os OR index= (sourcetype=cpu OR sourcetype=) host= source=/opt/ OR TXN="Elapsed time for this payment" | multikv fields pctSystem | timechart span=5m count(TXN) avg(pctSystem)
Cheers Splunkers
... View more
03-24-2015
06:43 AM
1 Karma
Im hoping this is a simple one but its driving me mad!
Comparing CPU usage against Disk iops.
Using iostat as the sourcetype and the only fields are...
avgSvcMillis
avgWaitMillis
bandwUtilPct
None of these give disk iops stats, am i missing something?
Cheers
... View more
- Tags:
- iostat
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
