×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
magenta
New Member
Member since: ‎03-30-2016
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-30-2016
Activity Feed
View All

Re: How do I aggregate events using 2 different ti...

by in Splunk Search
‎04-12-2016 10:34 AM
‎04-12-2016 10:34 AM
Each event has both OPENDATETIME & CLOSEDDATETIME so i'm looking to actually create a table by business process that includes the following fields: 1) changes opened in march (based on opendate) 2) changes opened in march leading to errors (based on opendate) 2) changes opened in march (based on closeddate) All shown by Business process - so the question is can i use STATS to count by OPENDATE (using _time=OPENDATETIME) and then index by CLOSEDDATETIME and count again? ... View more

How do I aggregate events using 2 different timest...

by in Splunk Search
‎04-11-2016 10:06 AM
‎04-11-2016 10:06 AM
I am looking to "segment" operational changes(events) based on both the CLOSEDDATE & OPENDATE and essentially calculate the total number of changes in the month of March based on CLOSEDATE into one column and then OPENDATE for another column I have created a stats table based on OPENDATE where I segment the events into different time buckets: | eval _time=strptime(OPENDATETIME,"%Y-%m-%d %H:%M:%S") Can I run a stats command on the events indexed using OPENDATE and then use appendcols to filter events that occurred in the last month using CLOSEDDATE? Or is there a better way to do this? ... View more

Re: Whats the best way to classify events as being...

by in Splunk Search
‎04-04-2016 09:48 AM
‎04-04-2016 09:48 AM
Thanks i didn't realize lookups could be time based so i think this should work! ... View more

Whats the best way to classify events as being "No...

by in Splunk Search
‎03-30-2016 02:42 PM
‎03-30-2016 02:42 PM
I have historical events that i'm looking to classify as having occurred during an exception period or not. The challenge is that there are 12+ categories of events and each type of event has 4 slightly different "Exception Periods" each year. For some of the categories, the exceptional time period can be defined based on # of work days before and after the end of the quarter. Is there a good way of doing this outside of writing many many IF statements? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM