cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
dayananda7449
New Member
Member since: ‎07-05-2016
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-05-2016
Activity Feed
View All

Re: Splunk replaces zero with null values. Chart A...

by in Splunk Search
‎11-02-2016 10:51 AM
‎11-02-2016 10:51 AM
We resolved this issue by adding showZeroValue = 1 in the inputs.config file for each and every category where we need splunk to captured zero value data while forwarding the data to splunk. ... View more

How to remove consecutive duplicate values by host...

by in Splunk Search
‎11-01-2016 03:31 PM
‎11-01-2016 03:31 PM
Hi There, I am trying to figure out how to remove duplicates in a custom perfmon counters data that is exported to Splunk. We have a custom perfmon counter implemented for a service, which reports response time of a service when ever it is called. Otherwise, it will be returning the same old data from the last service response until the new request is served. The same service is hosted on multiple hosts and all the host report perfmon data. I am trying to find the average by removing all the consecutive duplicates by host and get an average. index=perfmon collection=ServiceBus counter="Response Time" instance="Service" | dedup Value host consecutive=true | chart avg(Value) This search is not accurate. Example Data : Host 1: Time Servicebus/ResponseTime 00:00:01 460 00:00:02 460 00:00:03 520 00:00:04 520 00:00:05 630 Host 2: Time Servicebus/ResponseTime 00:00:01 480 00:00:02 480 00:00:03 590 00:00:04 590 00:00:05 610 Since we are sending data to Splunk every 1s from all the hosts, this is how the data in the Splunk is represented (as per my knowledge). See below. In this case, the above search is not removing the duplicates. Time Servicebus/ResponseTime Host 00:00:01 460 Host 1 00:00:01 480 Host 2 00:00:02 460 Host 1 00:00:02 480 Host 2 00:00:03 520 Host 1 00:00:03 590 Host 2 00:00:04 520 Host 1 00:00:04 590 Host 2 00:00:05 630 Host 1 00:00:05 610 Host 2 Can someone help me on how to remove consecutive duplicates by host? Thanks, Dayananda ... View more

Splunk replaces zero with null values. Chart Avg(v...

by in Splunk Search
‎07-05-2016 06:59 PM
‎07-05-2016 06:59 PM
Hi Everyone, I am a newbie to splunk. We are using splunk to monitor our custom perfmon counters. see the below search query. While performing avg on one of the counters, I am not getting the right result as i expect. I tried with fillnull and so on. Still the same issue. I can fill nulls but i can't those values of zero's in to consideration while calculating average. index=perfmon collection=ServiceBus counter="Sent/sec" instance="ABC" host ="XYZ" | Timechart avg(Value) Result from the above query. 2016-06-27 23:46:00 2016-06-27 23:47:00 10 2016-06-27 23:48:00 10 2016-06-27 23:49:00 2016-06-27 23:50:00 10 2016-06-27 23:51:00 2016-06-27 23:52:00 2016-06-27 23:53:00 10 2016-06-27 23:54:00 2016-06-27 23:55:00 2016-06-27 23:56:00 10 2016-06-27 23:57:00 2016-06-27 23:58:00 2016-06-27 23:59:00 10 2016-06-28 00:00:00 2016-06-28 00:01:00 10 Below is the query that i use to calculate average. index=perfmon collection=ServiceBus counter="Sent/sec" instance="ABC" host ="XYZ" | chart avg(Value) Result from above query is 10 (since i have 7 event where data is non zero, sum all the values and divided by the total events = 70/7 = 10) . This is not the result what i am looking for. Expected Result is 70/16 = 4.375 . (I have 16 instances of data being reported in the timechart) Can someone help me out how to fix this issue? Thanks, Dayananda ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM