Activity Feed
- Got Karma for Splunk 6.x Dashboard Examples: How to include multiple ID's for different tables (inline icon) in javascript?. 06-05-2020 12:47 AM
- Posted Re: ticket count every open months on Splunk Search. 07-30-2017 07:12 PM
- Posted Re: ticket count every open months on Splunk Search. 07-27-2017 05:48 AM
- Posted ticket count every open months on Splunk Search. 07-27-2017 12:57 AM
- Tagged ticket count every open months on Splunk Search. 07-27-2017 12:57 AM
- Tagged ticket count every open months on Splunk Search. 07-27-2017 12:57 AM
- Posted Splunk DB Connect: How to convert my database input's date and time format? on All Apps and Add-ons. 11-25-2016 03:47 AM
- Tagged Splunk DB Connect: How to convert my database input's date and time format? on All Apps and Add-ons. 11-25-2016 03:47 AM
- Tagged Splunk DB Connect: How to convert my database input's date and time format? on All Apps and Add-ons. 11-25-2016 03:47 AM
- Tagged Splunk DB Connect: How to convert my database input's date and time format? on All Apps and Add-ons. 11-25-2016 03:47 AM
- Tagged Splunk DB Connect: How to convert my database input's date and time format? on All Apps and Add-ons. 11-25-2016 03:47 AM
- Posted Re: how to place commas in the output of a chart with columns that varies depending on the search on Splunk Search. 07-07-2016 12:13 AM
- Posted Re: how to place commas in the output of a chart with columns that varies depending on the search on Splunk Search. 07-06-2016 07:47 PM
- Posted Re: how to place commas in the output of a chart with columns that varies depending on the search on Splunk Search. 07-06-2016 07:41 PM
- Posted Re: how to place commas in the output of a chart with columns that varies depending on the search on Splunk Search. 07-05-2016 04:10 AM
- Posted Re: how to place commas in the output of a chart with columns that varies depending on the search on Splunk Search. 07-05-2016 04:10 AM
- Posted Re: how to place commas in the output of a chart with columns that varies depending on the search on Splunk Search. 07-05-2016 04:09 AM
- Posted Re: how to place commas in the output of a chart with columns that varies depending on the search on Splunk Search. 07-05-2016 04:08 AM
- Posted how to place commas in the output of a chart with columns that varies depending on the search on Splunk Search. 07-04-2016 07:54 AM
- Tagged how to place commas in the output of a chart with columns that varies depending on the search on Splunk Search. 07-04-2016 07:54 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
07-30-2017
07:12 PM
Hi Daljeanis,
thank you for your script.
i have tried using it but the year is 1970, also the months a ticket should be opened is not correct.
Please take note of this example:
"ticket AAA" is created june2017 and resolved Sept2017
therefore months june, july, august, and september should have an open ticket count of 1.
that makes it:
june = 1
july = 1
aug=1
sept = 1 ("ticket AAA" is open for some of the days in sept so i counted it also as open on the resolve date)
... View more
07-27-2017
05:48 AM
Sample:
TICKET NO. Created date Resolved date
Ticket-1 | 2017 / 06 | 2017 / 09
Ticket-2 | 2017 / 01 | 2017 / 04
Ticket-3 | 2017 / 02 | 2017 / 05
Ticket-4 | 2017 / 03 | 2017 / 06
Ticket-5 | 2017 / 05 | 2017 / 08
When i do statistics for the 5 tickets above the result is:
Ticket 1: will only be counted in June(06) and September(09), created and resolved dates respectively
Ticket 2: will only be counted in January(01) and Apr(04), created and resolved dates respectively
Ticket 3: will only be counted in Feb(02) and May(05), created and resolved dates respectively
Ticket 4: will only be counted in March(03) and Jun(06), created and resolved dates respectively
Ticket 5: will only be counted in May(05) and Aug(08), created and resolved dates respectively
For ticket 1 i want it to be counted as well in July and August because it was only resolved on Sept.
Same logic with others.
What i want my statistics to look like:
Year-month = Count
2017-January = 1
2017-February = 2
2017-March = 3
2017-April = 3
2017-may = 3
2017-June = 3
2017-July = 2
2017-August = 2
2017-September = 1
2017-October = 0
2017-November = 0
2017-December = 0
then doing the timechart
... View more
07-27-2017
12:57 AM
how can i count "several" tickets as "OPEN" every month including when it was created(create_date, mmddyyyy) to the month it was resolved(mmddyyyy), only given values are open date and resolve date. the ticket record is not found in between the months of created and resolved dates.
Chart visualization should be like a timechart
example:
ticket 1 : created(07202016), resolved(09222016) -> should be counted in July, august, september months as OPEN
... View more
11-25-2016
03:47 AM
Hi,
im having a problem with database inputs conversion of date and time.
my database table date and time format is YYYY-MM-DD/HH:mm:ss but Splunk was able to read this differently.
sample:
"DB table date and time": 2016-11-25/17:56:00
"Splunk converted date and time":
(Record 1) 2016-11-25 7:59:59:000 AM
(Record 2) 2016-11-25 7:59:59:000 AM
(Record 3) 2016-11-25 7:59:59:000 AM
Can this be solved by revising the SQL? or by regex?
... View more
07-07-2016
12:13 AM
Wow! thanks a lot, it worked!
... View more
07-06-2016
07:47 PM
hi sundareshr thanks for your effort. however using your search does not show the "TYPE" column on the output.
... View more
07-06-2016
07:41 PM
thanks woodcock it worked using manual search.
one problem though, on my dashboard, i have a timerange ticker. the search we have (with dollar sign) does not load on a time range ticker dashboard. maybe the value of the time range ticker is being replaced on our search with dollar signs?
the panel is showing "search is waiting for input..."
... View more
07-05-2016
04:10 AM
to add, the sum of "tostring" values when adding commas are not reflected on totals
... View more
07-05-2016
04:10 AM
to add, the sum of "tostring" values when adding commas are not reflected on totals
... View more
07-05-2016
04:09 AM
did not seem to get the solution applying the above formula. here is my search:
index=indexname | eval YMD=strftime(_time,"%Y-%m-%d") | chart eval(round(count(PRODUCT)2.5,2)) over TYPE by YMD useother=f limit=500 | addtotals col=true 2016- labelfield=TYPE label="Product Type Totals" fieldname="Totals"
i need to place commas on all numeric values inside columns and totals
... View more
07-05-2016
04:08 AM
did not seem to get the solution applying the above formula. here is my search:
index=indexname | eval YMD=strftime(_time,"%Y-%m-%d") | chart eval(round(count(PRODUCT)2.5,2)) over TYPE by YMD useother=f limit=500 | addtotals col=true 2016- labelfield=TYPE label="Product Type Totals" fieldname="Totals"
i need to place commas on all numeric values inside columns and totals
... View more
07-04-2016
07:54 AM
how to place commas in the output of a chart with columns that varies depending on the search (example is date). Sample search would be index=indexname | chart count(fieldname) over xfieldname by date_mday. Results are numerals which i intend to place commas as a thousands separator but was unable to do so because i do not know how would i command a tostring to a variable column name. please help.
... View more
03-31-2015
06:35 AM
Thanks this worked!
... View more
03-25-2015
03:10 AM
Hello baerts, have you tried to use your suggestion? actually i have tried that before but it did not work.
... View more
03-23-2015
08:09 AM
Hello Patient, i am already aware of that script.. problem is i have three tables.. that script i believe does not support 3 table ID's.. if it does can you revise that script to show the right codes. Thanks
... View more
03-23-2015
01:06 AM
1 Karma
Need your help to find the right javascript codes of inline icons under dashboard examples. Need to know how to use multiple ID's for this setup. I understand i need to include the ID name on .xml, but what is the right code for .js?
This is only limited to a single "Table1" ID. how can i include other table ID's (e.g Table2, Table3,etc)?
mvc.Components.get('table1').getVisualization(function(tableView){
// Register custom cell renderer
tableView.table.addCellRenderer(new CustomIconRenderer());
// Force the table to re-render
tableView.table.render();
... View more
02-01-2015
10:21 PM
Thanks MuS!.. it successfully matched a specific field with values on two different sourcetypes. Can you also give the search wherein i could match values on 3 different fields existing on two different sourcetypes under a single query? Basically i should be able to match BATCH_ID, AGENCY_CODE and EMPLOYEE_NO on my report
Sourcetype A
Field BATCH_ID = ABC
Field AGENCY_CODE = XYZ
Field EMPLOYEE_NO = 123
should match:
Sourcetype B
Field BATCH_ID = ABC
Field AGENCY_CODE = XYZ
Field EMPLOYEE_NO = 123
... View more
01-30-2015
05:40 AM
Hello,
Hope you can give an solution to my concern.
There were different sourcetypes under a single index and they have a similar field called BATCH_ID, "Sourcetype A" is coming from a database input (dump) and "Sourcetype B" is from a DB input (tail). is it possible to match UNIQUE values under sourcetype A with sourcetype B and exclude those that were not present in Sourcetype A under a single field without using "join"?
My search below takes time to load results on the browser:
index=AAA sourcetype="star_transaction_logs" BATCH_ID=* AGENCY_CODE=* EMPLOYEE_NO=* SERVICE_CODE=WHTLST SE_RESPCODE=0000 | join BATCH_ID AGENCY_CODE EMPLOYEE_NO [search index=AAA sourcetype=star_employees_history ACTION_TYPE=A BATCH_ID=* AGENCY_CODE=* EMPLOYEE_NO=* | join BRANCH_CODE [search index=mls_index sourcetype="star_branches_sourcetype" BRANCH_CODE=*] ] |dedup BATCH_ID | stats count(BATCH_ID) as COUNT by BRANCH_CODE BRANCH_NAME| addcoltotals label=Total labelfield=category COUNT | fields BRANCH_CODE BRANCH_NAME category COUNT | sort BRANCH_NAME
... View more
