cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
thiagarajan
Explorer
Member since: ‎09-22-2013
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎09-22-2013
Activity Feed
View All

Re: How to calculate Average duration based on Tim...

by in Getting Data In
‎06-17-2014 01:49 PM
‎06-17-2014 01:49 PM
Thank you somesoni2. I'm bit confused here. Whether we have to calculate avg of duration or myTime. ... View more

Re: How to calculate Average duration based on Tim...

by in Getting Data In
‎06-17-2014 01:46 PM
‎06-17-2014 01:46 PM
Thank you very much MuS. I'm bit confused here. Whether we have to calculate avg of duration or myTime. ... View more

How to calculate Average duration based on Timesta...

by in Getting Data In
‎06-15-2014 11:47 PM
‎06-15-2014 11:47 PM
My log looks something similar to this. I will have at least 100 different durations per hour. (Duration is the time which is taken to complete one transaction). My requirement is to create a table/chart with the average duration per hour. Expected 06/09/2014 | 12:00:00 AM - 12:59:59 AM | 15 ms | i.e (10+20)/2 06/09/2014 | 01:00:00 AM - 01:59:59 AM | 20 ms | i.e (20+20+20)/3 . . I should get only 24 results always. The time mentioned in log is not the time indexed by Splunk. It comes from the application logs. I tried lot of things but nothing is working. can someone help me in solving the problem. Log format MYTIME,DURATION 06/09/2014 12:01:16 AM 10ms 06/09/2014 12:05:51 AM 20ms .. 06/09/2014 01:01:16 AM 20ms 06/09/2014 01:05:51 AM 20ms 06/09/2014 01:05:51 AM 20ms .. 06/09/2014 02:01:11 AM 70ms 06/09/2014 02:03:11 AM 20ms ... 06/09/2014 03:01:14 PM 74ms 06/09/2014 03:01:16 PM 87ms ... ... View more

Re: Extracting from multiple fields and group by D...

by in Splunk Search
‎09-23-2013 10:16 PM
‎09-23-2013 10:16 PM
This is what I expected. Thank you for the quick reply. But can u tell how I am getting the domain name without any group by. Is it because domain name is unique. ... View more

Re: Extracting from multiple fields and group by D...

by in Splunk Search
‎09-23-2013 09:58 PM
‎09-23-2013 09:58 PM
This is what I expected. Thank you very much for the quick reply. Can you explain why I am able get the host name without group by. ... View more

Extracting from multiple fields and group by Domai...

by in Splunk Search
‎09-23-2013 08:48 PM
‎09-23-2013 08:48 PM
My logs looks like this Tue Aug 27 2013 00:34:47 [DEV][MyTest][error] mpgw(IntegrationGateway): tid(372165969)[error][10.11.12.123]: Either service is down or transaction timed out for Service:WorkspaceData UUID:4c4b1672-9af1-4f95-a28b-d78611bd6a6 Backend:lprva1234.test.com:6090 Domain:SpaceK Tue Aug 27 2013 00:35:28 [DEV][MyTest][error] mpgw(IntegrationGateway): tid(379832419)[error][10.14.24.263]: Either service is down or transaction timed out for Service:MyList UUID:8f3dc371-845c-4768-928b-35938dacffb6 Backend:lprva4567.test.com:6087 Domain:SpaceH Tue Aug 27 2013 00:54:39 [DEV][MyTest][error] mpgw(IntegrationGateway): tid(327317173)[error][10.11.12.123]: Either service is down or transaction timed out for Service:WorkspaceData UUID:99dafd8f-9639-4d8e-ac5d-5d0d5a35ae77 Backend:lprva7891.test.com:6090 Domain:SpaceK Sun Sep 01 2013 00:23:27 [DEV][MyTest][error] mpgw(IntegrationGateway): tid(112725141)[error][10.11.12.123]: Either service is down or transaction timed out for Service:MyConnnect UUID:2e57e791-e6fe-4b0e-b401-77de0a2ba511 Backend:lprva8225.test.com:6091 Domain:SpaceL Sun Sep 01 2013 00:23:37 [DEV][MyTest][error] mpgw(IntegrationGateway): tid(112727877)[error][10.11.12.123]: Either service is down or transaction timed out for Service:MyConnnect UUID:523b378f-14d3-41c2-8357-e8642a595c5d Backend:lprva8228.test.com:6091 Domain:SpaceL The regex for timedoutservice is -> (?i)^(?:[^:]*:){5}(?P<timedoutservice>[^\s]+) Search query is -> sourcetype="MyLog" ("transaction timed out for Service:" MyTest) |stats count as errorcount by timedoutservice I am getting result something similar to this timedoutservice errorcount WorkspaceData 2 MyList 1 MyConnnect 2 Expected result timedoutservice errorcount Domain WorkspaceData 2 SpaceK MyList 1 SpaceH MyConnnect 2 SpaceL UUID and Backend will be changing but the domain name remains same for all the services. The regex for domainName is -> (?i)\tDomain:(?P<Domain>.+) I just tried to combine both the results ((?i)^(?:[^:]*:){5}(?P<timedoutservice>[^\s]+)(?i)\tDomain:(?P<Domain>.+)) I am getting the exception "Invalid regex: no named extraction at position 0 (i.e., "((?i)^(?:[..."). Expected "(?P pattern)" Do i need to use group by. How to extract from multiple fields. Any help is appreciated. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All