Activity Feed
- Karma Re: Timechart with Timewrap and upper and lower bounds for skoelpin. 06-05-2020 12:50 AM
- Got Karma for Re: Timechart with Timewrap and upper and lower bounds. 06-05-2020 12:50 AM
- Posted Re: Timechart with Timewrap and upper and lower bounds on Splunk Search. 05-20-2019 09:23 AM
- Posted Re: Timechart with Timewrap and upper and lower bounds on Splunk Search. 05-17-2019 01:02 PM
- Posted 'where propertyname In (propertyvalue1, propertyvalue2, etc...)' int vs string values on Splunk Search. 04-19-2019 09:22 AM
- Tagged 'where propertyname In (propertyvalue1, propertyvalue2, etc...)' int vs string values on Splunk Search. 04-19-2019 09:22 AM
- Tagged 'where propertyname In (propertyvalue1, propertyvalue2, etc...)' int vs string values on Splunk Search. 04-19-2019 09:22 AM
- Tagged 'where propertyname In (propertyvalue1, propertyvalue2, etc...)' int vs string values on Splunk Search. 04-19-2019 09:22 AM
- Posted Re: Timechart with Timewrap and upper and lower bounds on Splunk Search. 03-26-2019 08:43 AM
- Posted Timechart with Timewrap and upper and lower bounds on Splunk Search. 03-21-2019 08:46 AM
- Tagged Timechart with Timewrap and upper and lower bounds on Splunk Search. 03-21-2019 08:46 AM
- Tagged Timechart with Timewrap and upper and lower bounds on Splunk Search. 03-21-2019 08:46 AM
- Tagged Timechart with Timewrap and upper and lower bounds on Splunk Search. 03-21-2019 08:46 AM
- Tagged Timechart with Timewrap and upper and lower bounds on Splunk Search. 03-21-2019 08:46 AM
- Tagged Timechart with Timewrap and upper and lower bounds on Splunk Search. 03-21-2019 08:46 AM
- Posted Re: Splunk as Datasource for Grafana? on Getting Data In. 03-18-2019 08:46 AM
- Posted Re: Splunk as Datasource for Grafana? on Getting Data In. 03-18-2019 08:14 AM
- Posted Splunk as Datasource for Grafana? on Getting Data In. 03-15-2019 02:37 PM
- Tagged Splunk as Datasource for Grafana? on Getting Data In. 03-15-2019 02:37 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
05-20-2019
09:23 AM
1 Karma
oh there we go i accepted now, i thought that "[checkmark] accepted" meant that it was accepted but actually that meant that i had not yet accepted and "[checkmark] unaccept" means it's accepted lol
... View more
05-17-2019
01:02 PM
yes, thank you very much! I clicked accept on the answer you gave? but i cannot click accept on a response? do you see that it says accept?
... View more
04-19-2019
09:22 AM
Hello, I am having difficulty using the 'where property in (x,y,z,...)' type search filter in Splunk. Specifically, when the property values are strings.
This works for me:
index=indexName | where 'Error.Code' in (5224, 5198)
But this does not:
index=indexName | where 'Error.Type' in (ServConfigError,GetCompFail)
Any idea why that would be? I've tried a lot of combinations of quotes, single and double, around different things, and also trying this kind of construction:
index=indexName 'Error.Type' in (ServConfigError,GetCompFail)
and this
index=indexName | where in ('Error.Type', ServConfigError,GetCompFail)
and so on, and I can't get it to work
thanks for any help
... View more
03-26-2019
08:43 AM
@skoelpin thanks! were you able to find your spl to share?
... View more
03-21-2019
08:46 AM
Hello,
I'm looking to create a query that is a timechart that timewraps every week, for x number of weeks, showing the count of a given field on a variable span within a given set of time on a certain day of the week with upper and lower bounds as overlay lines that are averaged for that hour across all the weeks in the time chart.
I know that sounds super generic, so for example, the chart could say show me the
-average http_response_time every 5 minutes
-from 2-3pm on every Tuesday
-timewrapped weekly over the last 10 weeks
-with upper and lower bounds, say 25th and 75th percentile overlays, where the overlays are the average response time for that hour averaged out across all weeks, to check trends over the entire period
Here is what I have come up with so far, using the eventgen app to generate test data:
index=main /booking
| eval hour=tonumber(strftime(_time,"%H"))
| eval year=tonumber(strftime(_time,"%Y"))
| eval month=tonumber(strftime(_time,"%m"))
| eval dayOfWeek=strftime(_time, "%A")
| where (and here can day day and hour to whatever)
| timechart avg(http_response_time) span=1hour
| timewrap 1day series=relative
| append
[ search index=main /booking
| fields http_response_time
| timechart avg(http_response_time) as SecondAverage
stdev(http_response_time) as StandardDeviation
perc75(http_response_time) as upper_control_limit
perc25(http_response_time) as lower_control_limit span=1d
| eval lowerBound=(SecondAverage-StandardDeviation), upperBound=(SecondAverage+StandardDeviation)
| fields _time lowerBound upperBound upper_control_limit lower_control_limit SecondAverage]
| eval hour=strftime(_time,"%H")
| table hour *
part of the issue with the above is the overlay displays next to the averages, like this:
https://imgur.com/a/YxregbJ
any help is appreciated,
Thanks!
... View more
03-18-2019
08:46 AM
@woodcock that would be great! should I try to pm them do you think? or will they see their mention here?
... View more
03-18-2019
08:14 AM
@niketnilay thanks for the reply. Yes, I mean that plugin.
I need to create a graph that is more or less a timechart count with a 1week timewrap over about 10weeks, with overlay lines for averages and upper 75th and lower 25th percentile lines, averaged across all weeks, to check for unusual activity.
I know that graph can be made in Splunk, it's more like for business reasons that we want the visualization in Grafana.
thanks again!
... View more
03-15-2019
02:37 PM
Hello,
I'd like to import data from Splunk into Grafana so I can use Grafana's visualization and Splunk as a data source. Has anyone managed to do that without purchasing the premium grafana-splunk plugin? It wouldn't need advanced gui functionality like the official plugin, just the ability to feed a splunk search string in and get event data back out.
Thanks
... View more
- Tags:
- splunk-enterprise
