Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About paragvidhi
paragvidhi
Engager
Member since:
06-19-2019
06-04-2021
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 06-19-2019 |
Activity Feed
- Posted Re: Need get last event occurred time of each day on Splunk Search. 03-25-2021 12:05 PM
- Posted Re: Need get last event occurred time of each day on Splunk Search. 03-25-2021 09:41 AM
- Posted Need get last event occurred time of each day on Splunk Search. 03-25-2021 09:22 AM
- Karma Re: Remove extension from filepath in field value dynamically. for renjith_nair. 06-05-2020 12:50 AM
- Posted Re: Average of stats two fields values on Splunk Search. 05-19-2020 06:32 AM
- Posted Average of stats two fields values on Splunk Search. 05-18-2020 09:01 AM
- Tagged Average of stats two fields values on Splunk Search. 05-18-2020 09:01 AM
- Posted Create new fields based on value of another fields. on Splunk Search. 05-08-2020 08:17 AM
- Tagged Create new fields based on value of another fields. on Splunk Search. 05-08-2020 08:17 AM
- Posted Re: How to compare two field values, and dynamically create new field based on search result on Splunk Search. 07-01-2019 10:25 AM
- Posted How to compare two field values, and dynamically create new field based on search result on Splunk Search. 06-25-2019 07:18 AM
- Tagged How to compare two field values, and dynamically create new field based on search result on Splunk Search. 06-25-2019 07:18 AM
- Tagged How to compare two field values, and dynamically create new field based on search result on Splunk Search. 06-25-2019 07:18 AM
- Tagged How to compare two field values, and dynamically create new field based on search result on Splunk Search. 06-25-2019 07:18 AM
- Tagged How to compare two field values, and dynamically create new field based on search result on Splunk Search. 06-25-2019 07:18 AM
- Tagged How to compare two field values, and dynamically create new field based on search result on Splunk Search. 06-25-2019 07:18 AM
- Posted Re: Remove extension from filepath in field value dynamically. on Splunk Search. 06-19-2019 06:30 AM
- Posted Remove extension from filepath in field value dynamically. on Splunk Search. 06-19-2019 03:14 AM
- Tagged Remove extension from filepath in field value dynamically. on Splunk Search. 06-19-2019 03:14 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
03-25-2021
12:05 PM
I got my query result in another way but its partial. Here I use below query. search A | eval Date=strftime(_time, "%d/%m/%Y") | stats latest(_time) AS Latest by Date | eval Endtime_mail=strftime(Latest,"%Y/%m/%d %H:%M:%S") | join Date [search search B | eval Date=strftime(_time, "%d/%m/%Y") | stats earliest(_time) AS Earliest by Date | eval starttime_mail=strftime(Earliest,"%Y/%m/%d %H:%M:%S") ] | table starttime_mail,Endtime_mail Now I am not able get date-time difference between starttime_mail and Endtime_mail. Difference should be like 1 day ,3 hour, 43 minute.
... View more
03-25-2021
09:41 AM
Actually I need use that data to another search. so if i give you more details. so I would like to get total time taken. I have two search A and B . In search A I will get only single event for each day. so I am consider event time as starttime. In search B I will get multiple event in a day. so the last event occurred on that day I consider endtime of that event. Now I need to display result like below. Date starttime endtime timetaken(starttime-endtime)
... View more
03-25-2021
09:22 AM
Hi All, I would like to get last event occurred time of each day, my searching window area is last 30 days. For example : If my query return 3 events for day1 and 5 events for day 2 than I need only two event in output. last event time of day 1 and last event time of day 2 and so on. I tried to get that with help of table command. it works for me. but I need to do that without using of table command. worth if you could help me to find rename or create duplicate field of date_mday and _time search | table date_mday, _time | dedup date_mday | sort date_mday.
... View more
Labels
- Labels:
-
Other
05-19-2020
06:32 AM
it doesn't work for me, I need to use data that I got from stats result, and based on that result I need Average_time_taken.
... View more
05-18-2020
09:01 AM
I have Below Splunk query to get some data from my logs
index=myindex sourcetype=mysourcetype "search string"
| stats sum(TotalRecords) As "Total Records", sum(TotalTime_Taken) As "Total Time Taken" by Content
Below is the result of the above query
Content_Type Total Records Total Time Taken
========== ============= ===========
Documents 13 25
Blogs 25 120
Events 2 5
I want another column in my result Average_time_taken
Average_time_taken = Total Time Taken / Total Records
The result should be as below
Content_Type Total Records Total Time Taken Average_time_taken
========== ============= =========== ====================
Documents 13 25 1.9230
Blogs 25 120 4.8
Events 2 5 2.5
... View more
- Tags:
- splunk-enterprise
05-08-2020
08:17 AM
Hi All,
In my log, I have one field called ServerName. Below are some values of that field.
DAAPP2aBANG2
DFAPP20bLON2
UATSER1aUS1
UATSER1bUS2
We differentiate the above server with node A and node B based on the first character we got after the first occurrence of one or more digit.
DAAPP2aBANG2 -- its node a
DFAPP20bLON2 --- its node b
UATSER1aUS1 --- its node a
UATSER1bUS2 --- its node b
Here I want to create two fields called NodeA, and NodeB
In NodeA it should contain DAAPP2aBANG2 ,UATSER1aUS1
In NodeB it should contain DFAPP20bLON2, UATSER1bUS2
... View more
- Tags:
- splunk-enterprise
07-01-2019
10:25 AM
source=xyz | stats values(login_session), values(logout_session) by client
... View more
06-25-2019
07:18 AM
Hi All,
I am new to Splunk, I am looking for dynamic field creation based on a comparison between two fields value.
I have two fields in my search which named login_session and logout_session
login_session contains value like below:
0343547092129730B6AA6C2367ABA709
07CF0EDE89760D3D16AA009B05B26942
096E6160F6C77B19A8FC486D9552CE79
0DA20333C8F2E602AFB0A5453D8A42EA
0E0FDC4D83637F3B88B679884CB7F553
0F37F388296DDFCD2D30A0E4DCE2C295
logout_session contains value like below
07CF0EDE89760D3D16AA009B05B26942
0DA20333C8F2E602AFB0A5453D8A42EA
0E0FDC4D83637F3B88B679884CB7F553
So I need to create new field named active_session in this field value should be:
0343547092129730B6AA6C2367ABA709
096E6160F6C77B19A8FC486D9552CE79
0F37F388296DDFCD2D30A0E4DCE2C295
So in simple words, I need to create new field active_session and this field contains the value of login_session which is not present in logout_session.
... View more
06-19-2019
06:30 AM
@renjith.nair ,
Thanks for your help it's working for me
thanks a lot
... View more
06-19-2019
03:14 AM
I have a field in my Splunk search name filepath which contains the base path of file like below
repository/2650/document/960891_1.pdf
repository/357/document/96_1.wordx
I need to extract below string from my already existing field.
filepath value : repository/2650/document/960891_1.pdf
extract value : repository/2650/document/960891_1
filepath value : repository/357/document/96_1.wordx
extract value : repository/357/document/96_1
in short, I need to remove file extension from field value dynamically
... View more
- Tags:
- splunk-enterprise
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-04-2021
05:48 AM
|
