×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
shresthas
New Member
Member since: ‎05-20-2014
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-20-2014
View All

How to calculate timespan of a field value as sess...

by in Splunk Search
‎08-05-2014 05:44 PM
‎08-05-2014 05:44 PM
I need to extract the session-duration from different BI server logs. Most BI server logs have clearly defined session-duration fields you can extract by defining extraction logic in props.conf but for one server log, I have to calculate the session using transaction with session id as the field and using eval to assign the duration as session-duration. But can I do this for only a specific sourcetype ? If not can I do this in the props.conf ? ... View more

Re: Missing columns when exporting to CSV

by in Getting Data In
‎07-15-2014 10:21 AM
‎07-15-2014 10:21 AM
When I am doing export search using java sdk, I am missing columns when I running this query. search sourcetype=sourcetype_1 OR (sourcetype=sourcetype_2 NOT (Session_Duration="Session Duration"))|rex field=sourcetype "(? [^\W]+)(? [^_\W]+)" |eval client_ip_address = Client_Address|eval Document_Session_Duration = Session_Duration| eval Message=replace(Message, ",","-")| eval Document=replace(Document, ",","-")| iplocation client_ip_address|table Timestamp,User,Document,Message,Document_Session_Duration,server_type, source_log_type, host, client_ip_address, City, Country what gives ? I am using splunk 6.1.1 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM