Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About splunkin11
splunkin11
Path Finder
Member since:
07-29-2016
06-05-2020
Community Statistics
| Posts | 28 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 5 |
| Member Since | 07-29-2016 |
Activity Feed
- Got Karma for Is there an alternative to the stats list and values functions to get my expected result?. 06-05-2020 12:48 AM
- Got Karma for Is there an alternative to the stats list and values functions to get my expected result?. 06-05-2020 12:48 AM
- Got Karma for Is there an alternative to the stats list and values functions to get my expected result?. 06-05-2020 12:48 AM
- Got Karma for Why is Splunk removing spaces in my field?. 06-05-2020 12:48 AM
- Got Karma for Why is Splunk removing spaces in my field?. 06-05-2020 12:48 AM
- Posted Re: Why is Splunk removing spaces in my field? on Dashboards & Visualizations. 12-05-2016 03:23 PM
- Posted Why is Splunk removing spaces in my field? on Dashboards & Visualizations. 12-05-2016 02:04 PM
- Tagged Why is Splunk removing spaces in my field? on Dashboards & Visualizations. 12-05-2016 02:04 PM
- Tagged Why is Splunk removing spaces in my field? on Dashboards & Visualizations. 12-05-2016 02:04 PM
- Posted Re: Is there a way to change the time duration calculated to a more readable format? on Splunk Search. 11-18-2016 06:54 AM
- Posted Is there a way to change the time duration calculated to a more readable format? on Splunk Search. 11-17-2016 03:30 PM
- Tagged Is there a way to change the time duration calculated to a more readable format? on Splunk Search. 11-17-2016 03:30 PM
- Tagged Is there a way to change the time duration calculated to a more readable format? on Splunk Search. 11-17-2016 03:30 PM
- Posted Re: How to add final total count of results without adding another column? on Splunk Search. 11-01-2016 01:47 PM
- Posted Re: How to add final total count of results without adding another column? on Splunk Search. 11-01-2016 01:31 PM
- Posted Re: How to add final total count of results without adding another column? on Splunk Search. 11-01-2016 01:22 PM
- Posted How to add final total count of results without adding another column? on Splunk Search. 11-01-2016 01:13 PM
- Tagged How to add final total count of results without adding another column? on Splunk Search. 11-01-2016 01:13 PM
- Tagged How to add final total count of results without adding another column? on Splunk Search. 11-01-2016 01:13 PM
- Tagged How to add final total count of results without adding another column? on Splunk Search. 11-01-2016 01:13 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 2 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 3 | |||
| 0 | |||
| 0 |
12-05-2016
03:23 PM
I'm using Win7 with IE11.
I tried editing the XML directly myself to resolve the issue but that didn't work - well it works once and when I either exit the dashboard or hit 'refresh' in IE, it reverts back.
Yes, search head clustering is being used.
... View more
12-05-2016
02:04 PM
2 Karma
I keep having issues where Splunk will remove the space after: field - ... which then messes up the query.
I edit the source and place one or two spaces between 'field' and '-' and which will then show correct output but then when I close the dashboard, it reverts back and removes the spaces to | field-
Am I missing something or is there a way to fix this issue? I suppose I could do a |fields and list all the fields I want to keep but that shouldn't be the answer.
Any suggestions as to why this is occurring? I have several dashboards doing this.
... View more
11-18-2016
06:54 AM
Excellent! Thank you.
... View more
11-17-2016
03:30 PM
Is there a way to change the time duration calculated to a more readable format?
Trying to go from something like this : "40+09:01:43" to something more like "40 days + 09:01:43"
... View more
11-01-2016
01:47 PM
wowzers ... I'm not even sure how to incorporate that into my simple dashboard 🙂 There must be a simpler way to get the same result such as with an |appendpipe or some other feature.
... View more
11-01-2016
01:31 PM
ok ... I don't have a need to total columns of numbers so this wouldn't apply. I know I can add a column to my output for the sake of using one of these functions but I don't want to add a column that displays a '1' for every record just so I can get a grand total count at the bottom.
... View more
11-01-2016
01:22 PM
No, that only totals up columns. I have no column to total that will give a total count.
... View more
11-01-2016
01:13 PM
I can't seem to figure out a way to add a bottom row for a total count of results (records) to the end of the results without adding another column for a count and then totaling that column. There must be an easier way.
I can't use |stats count which is the number I'm looking for because that suppresses the details of the results.
Using |stats count by ....(all my fields needed in output) works but it adds an unwanted column for the count. If I try to use |fields - count that breaks the total count.
I know there must be a way for this - please help!
... View more
10-25-2016
01:00 PM
cool - thank you sir!
... View more
10-25-2016
12:44 PM
.. one small addition if you don't mind .. is there also a way to add a label for the last totals row produced from :
| appendpipe [stats avg(*) as * | foreach * [eval "<>"=round('<>') ] ]
... View more
10-25-2016
12:28 PM
Wowzers! That's something I've never seen or heard of before ... you're awesome!
... View more
10-25-2016
12:16 PM
Would there be a way to round the final totals from using [stats avg(*) as * ] ?
... View more
10-25-2016
11:29 AM
Great!! Your final answer fixes everything - thanks!
... View more
10-25-2016
11:04 AM
Almost there. I found a way to add the correct total for each column with another appendcols but noticed that the final totals were lost - with the |appendpipe [stats avg(* ) as *]
Here's what I have now but missing the final totals:
index=
| bucket _time span=1d
|convert ctime(_time) AS date timeformat="%Y/%m/%d"
| stats count by host date
| appendpipe [| stats avg(count) as count by host | eval date="Host Avg" ]
| xyseries host date count
| appendcols [search index=
| stats count as "Total Count" by host ]
| appendpipe [stats avg(* ) as *]
... View more
10-25-2016
10:21 AM
I see - it's including the avg(count) # into the total count but how can I exclude the avg count from the total?
... View more
