Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About asarran
asarran
Path Finder
Member since:
08-02-2016
06-05-2020
Community Statistics
| Posts | 32 |
| Solutions | 0 |
| Karma Given | 14 |
| Karma Received | 6 |
| Member Since | 08-02-2016 |
Activity Feed
- Karma Re: Counting Events and then finding the sum? for somesoni2. 06-05-2020 12:48 AM
- Karma Re: After using outputcsv in a Splunk search, where is this CSV file located? for Raghav2384. 06-05-2020 12:48 AM
- Karma Re: After using outputcsv in a Splunk search, where is this CSV file located? for somesoni2. 06-05-2020 12:48 AM
- Karma Re: Field Extraction Problem for sundareshr. 06-05-2020 12:48 AM
- Karma Re: Field Extraction Problem for skoelpin. 06-05-2020 12:48 AM
- Karma Re: Field Extraction Problem for skoelpin. 06-05-2020 12:48 AM
- Karma Re: Field Extraction Problem for skoelpin. 06-05-2020 12:48 AM
- Karma Re: How to edit my regular expression to extract a field from my sample data? for richgalloway. 06-05-2020 12:48 AM
- Karma Re: How to edit my regular expression to extract a field from my sample data? for skoelpin. 06-05-2020 12:48 AM
- Karma How to get an "eval if else" condition to continue a search depending on the resulting field? for gamification. 06-05-2020 12:48 AM
- Karma Re: How to implement math calculations? for MuS. 06-05-2020 12:48 AM
- Karma Re: How to implement math calculations? for jkat54. 06-05-2020 12:48 AM
- Karma Re: How and where do I customize my dashboard via XML? for rjthibod. 06-05-2020 12:48 AM
- Karma Re: How can I edit the XML for a dashboard I created that will not load properly? for cmerriman. 06-05-2020 12:48 AM
- Got Karma for Field Extraction Problem. 06-05-2020 12:48 AM
- Got Karma for Re: Field Extraction Problem. 06-05-2020 12:48 AM
- Got Karma for What is props.conf in splunk?. 06-05-2020 12:48 AM
- Got Karma for How to list all values of an Extracted Field?. 06-05-2020 12:48 AM
- Got Karma for How to list all values of an Extracted Field?. 06-05-2020 12:48 AM
- Got Karma for How to list all values of an Extracted Field?. 06-05-2020 12:48 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 3 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
12-13-2016
01:41 PM
Hey Fellow Splunkers
I would like to total multiple values for the same fields.
field="Fruits"
Within this field, I have multiple values:
Values:
-Oranges = 10
-Apples = 3
-Grapes = 90
-Pears = 4
index="random" host="xxxxxx" Fruits=*"Apple" |stats count(Fruits)
I would like to count each value within the field and output the content in a table with its corresponding total.
Thank You,
... View more
11-29-2016
09:53 AM
I have a field [B] that consists of some numbers and strings.
10 gb
20 gb
30 gb
I would like to implement a eval statement that would convert the numerical values into MB.
B=*"GB"| eval GB=*/1024 | table GB
I'm not sure what is incorrect about this statement?
... View more
11-22-2016
08:47 AM
3 Karma
Good Morning, Fellow Splunkers
I'm looking to list all events of an extracted field one time.
Example:
Extracted Field= [Direction]
However, I don't know all the possible outcomes, so I would like to list out all the values
North
West
South East
North East
East
Does anyone have an idea how I can generate this list for further reports?
Thank You,
... View more
11-22-2016
08:18 AM
Good Morning, Fellow Splunkers
I have a field extraction that outputs four possible values [Example]:
Field Extraction: [Direction]
[North]
[South]
[East]
[West]
I would like to count each of event within a period of time.
I'm thinking:
index=xxxx host=xxxx Direction="*"| Stat Count ("North" "South" "East" "West")
... View more
11-03-2016
12:38 PM
Hey, Fellow Splunkers
I have multiple duplicated events, all data on the event is identical to the exception of the time. I'm attempting to filter based on Alert ID; however, both events have the same alert id, but different times and Duration: for example:
Oct 31 00:16:50 alert: 123 Duration 200
Oct 31 00:18:50 alert: 123 Duration 300
Does Splunk have a compare operator to SORT the differences between the time or Duration which will help me eliminate the duplicates? The only concept the Duration could be random.
Thank You,
... View more
11-03-2016
07:57 AM
Good Morning, Fellow Splunkers
I'm interested in counting events per hour for a 24 hr period. I would also like to have a sum total count for the end of the period. So within that hour how many alerts have been generated?
Time Alert
1h.............3
2h.............3
3h.............2
4h.............2
5h.............9
.
.
.
.
24h............(19) Sum
My search Query:
index=* host=* myalert=* |timechart span=1h count by host
... View more
10-17-2016
10:19 AM
Good Morning, Splunkers
I currently have multiple panels within ONE Main Panel:
I would like to have that one main panel emailed reoccurring. Would that be possible?
Thank You,
... View more
10-17-2016
08:44 AM
Good Morning,
I'm having issues with a Dashboard I created. I made some changes to the XML code, but unfortunately, the XML is not valid. I saved the results in the Dashboard, but now I'm unable to revisit the Dashboard. I believe it's attempting to load the incorrect XML script. Would there be away to edit the XML prior to loading?
... View more
10-17-2016
07:21 AM
Yes, I have multiple panels within my dashboard and at times it can be overwhelming. I would like to implement a dropdown solution.
... View more
10-17-2016
07:02 AM
Good Morning, Fellow Splunkers
I have a few questions pertaining implementation of drop down menu to help manage multiple panels within Dashboard? I don't have admin access to install any variations of scripts. Would it be possible to create a drop down menu from the dashboard options? If so what would be the process?
... View more
- Tags:
- splunk-enterprise
10-13-2016
01:31 PM
awesome I was able to get both the color changed on the graph as well as grouping multiple panels into one panel.
I have a second question how can i change the color to the title screen?
... View more
10-13-2016
12:19 PM
Hey, Splunkers
I would like to change the colors to my dashboard, unfortunately I don't have admin access to add a CSS file to the directory. I would like to know if it's possible to edit via XML option? and if so how would I go about and make those changes?
Thank You, T
... View more
10-13-2016
11:05 AM
Hey Fellow Splunkers
I'm interested in changing the colors and layout of my dashboard, the only place I see where those changes can be made is in "Edit" then "Edit Source"?
Thank You, Anthony, S.
... View more
08-15-2016
02:10 PM
hey, thx
the answer was correct, however it was off by a bit had to enter another \d +\d for other decimal values.
I greatly appreciate your response,
thank you, asarran
... View more
08-11-2016
06:22 PM
Hey, Fellow Splunkers
I'm curious to know if it's possible to preform math calculations on a set of "refined" data; for example:
Let's say I extracted a field that presents the values of a gigabit into megabit? meaning I have 5 gig it would then be converted into 5120.
so ideally I would like to take an entire field of data and multiple it by 1024? and have that information be presented when I call the field into a table?
intial
5gb
4gb
3gb
output
5120mb
4096mb
3072mb
... View more
- Tags:
- splunk-enterprise
08-11-2016
04:32 PM
Hey, fellow Splunkers,
When I actually attempted to conduct multiple rename fields using that method, I receive the following error: rename [old_name AS/TO/-> new_name]+
... View more
08-10-2016
12:59 PM
1 Karma
Hey, Fellow Splunkers
I'm fairly new to Splunk, I was wandering what exactly is the props.conf?, Where is it located?, and Why is it important? My thoughts of the props.conf is similar to a router configuration? I'm wandering are my thoughts correct in respect to the props.conf?
Thank You,
... View more
- Tags:
- splunk-enterprise
08-10-2016
07:02 AM
Sorry, Skoelpin
I'm sorry, I forgot to provide some sample data
Aug 10 09:53:40 SomeHost SuperTrooper: 2-04-2015 1:4:15 WARNING 344 Errors "THE ERROR IS 1 MORE THAN EXPECTED"
I created a simple field extraction for WARNING. Ideally I had wanted to use WARNING for the field and 344 Errors "THE ERROR IS 1 MORE THAN EXPECTED" as the value, but I wasn't able to figure that out.
So I would like to extract the field ERRORS and have multiple complex strings within quotes.
... View more
08-09-2016
02:54 PM
Hey Fellow Splunkers
Still no luck, I wasn't able to utilize any regular expression to solve my issue. So I decided to break it up.
Sample Data:
WARNING 344 Errors "THE ERROR IS 1 MORE THAN EXPECTED"
WARNING 210 Errors "THE ERROR IS 5 LESS THAN EXPECTED"
WARNING 122 Errors " SOME ADDITIONAL 1 TEXT"
Warning 344
Warning 210
Warning 122
Warning = Field
I've decided to create a second Field as Errors. However, I'm now having issues correlating Errors to the complex string with quotes.
rex "Errors\s?\((?[^\)]+)" I believe this is emphasis on parenthesis not quotes.
... View more
08-09-2016
12:46 PM
I think this Regular Expression may work, but I cannot figure out the error.
rex field=WARNING "*\s+Anomalies\s+(?+[^"]+)\\"
Sample Data:
WARNING 344 Errors "THE ERROR IS 1 MORE THAN EXPECTED"
WARNING 210 Errors "THE ERROR IS 5 LESS THAN EXPECTED"
WARNING 122 Errors " SOME ADDITIONAL 1 TEXT"
Referencing WARNING field.
rex field=WARNING
Indicating ALL variations and one to some spaces
"*\s+
data along this path after Anomalies
"+Anomalies"
One to Many spaces "AND"
\s+
Call this field warning
(?
AND include " everything inside AND
+[^"]+)
Stop when you see "
\\"
I'm thinking the concept may be accurate, but the syntax for sure is incorrect. I'm not sure what is not working.
... View more
