×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
rajkumar_2
New Member
Member since: ‎12-21-2016
‎06-05-2020
Community Statistics
Posts 9
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-21-2016
Activity Feed
View All

Re: splunk metrics collection

by in Splunk Dev
‎02-23-2017 04:13 PM
‎02-23-2017 04:13 PM
Thank you. The Distributed Management Console we have doesn't show such info. we're using splunk 6.4.0. ... View more

splunk metrics collection

by in Splunk Dev
‎02-23-2017 03:46 AM
‎02-23-2017 03:46 AM
Hi, we have to prepare splunk usage report. we would like to have data such as Which app creates load? App wise usage, ie how many users are accessing which app? Number of concurrent users logged in hourly basis for 24 hours? which savedsearch /alerts consumes resources? Which user consumes resources? current storage of each index? This will give us a clear picture how splunk is used and whether we require to add more resources to splunk clusters. Can you please provide the queries? Thanks Raj ... View more

Re: diff between same field between two iterations

by in Knowledge Management
‎02-02-2017 02:45 AM
‎02-02-2017 02:45 AM
Thank you. The query fits the purpose. ... View more

Re: diff between same field between two iterations

by in Knowledge Management
‎01-31-2017 09:47 PM
‎01-31-2017 09:47 PM
Thank you. I've only sample data mentioned. Need a query to calculate diffCN. ... View more

diff between same field between two iterations

by in Knowledge Management
‎01-31-2017 03:43 AM
‎01-31-2017 03:43 AM
Hi, I have the below sample data collected after process and using table command every 24 hours. for each time, db, id, we need to calculated the difference. For example the output should be: prevtime latesttime DB ID diffCN diffSYM diffIS diffSED diffSEC diffSCR diffSCRSYM diffSCRIS diffSCRSED 2017-01-30T02:15:16.000-0800 2017-01-31T02:15:22.000-0800 yods 10019488 0 0 0 0 0 0 0 2017-01-30T02:15:16.000-0800 2017-01-31T02:15:22.000-0800 yods 10000004 0.95 1.38 0.8 1.42 1.32 -1.52 1.48 in above 2 row, for db yods(id 10000004) diffCN value 0.95 came from subtracting 83.24-82.29. We need to get same for the remaining rows too. Please help. Sample Data: _time DB ID CN SYM IS SED SEC SCR SCRSYM SCRIS SCRSED 2017-01-30T02:15:16.000-0800 yods 10019488 0 0 100 0 0 0 0 100 0 2017-01-30T02:15:16.000-0800 yods 10000004 82.29 84.89 78.98 76.53 82.21 34.35 82.56 2.1 0.44 2017-01-30T02:15:16.000-0800 pnrb02 10010160 38.17 54 56.85 32.13 39.47 0 25.35 55 0 2017-01-30T02:15:16.000-0800 caun2 10019060 86.5 84.41 81.37 62.74 90.87 35.74 80.04 0.19 0 2017-01-30T02:15:16.000-0800 cana1s 10018996 0 0 0 0 0 0 0 0 0 2017-01-30T02:15:16.000-0800 produc1 10010352 81.35 88.38 90.54 81.62 81.35 33.24 88.38 11.08 2.43 2017-01-30T02:15:28.000-0800 casn20 10013160 84.07 86.51 78.63 61.84 89.19 28.23 79.32 0.15 0.08 2017-01-31T02:15:22.000-0800 yods 10019488 0 0 100 0 0 0 0 100 0 2017-01-31T02:15:22.000-0800 yods 10000004 83.24 86.27 79.78 77.95 83.53 32.83 84.04 1.51 0.33 2017-01-31T02:15:22.000-0800 pnrb02 10010160 83.24 82.08 92.92 73.87 83.52 0 3.08 92.61 0 2017-01-31T02:15:22.000-0800 caun2 10019060 89.15 89 84.46 64.81 91.94 39.44 85.78 0.15 0 2017-01-31T02:15:22.000-0800 cana1s 10018996 0 0 0 0 0 0 0 0 0 2017-01-31T02:15:22.000-0800 produc1 10010352 92.09 96.33 90.55 89.68 92.06 6.88 96.33 0.96 0.26 2017-01-31T02:15:58.000-0800 casn20 10013160 83.69 86.27 78.11 61.34 88.87 27.78 79.14 0.19 0.1 ... View more

Re: How to filter non repeating events?

by in Splunk Search
‎01-02-2017 05:20 AM
‎01-02-2017 05:20 AM
Thank you. It works fine and this would be enough now to start with. Appreciate your help on this. ... View more

Re: How to filter non repeating events?

by in Splunk Search
‎12-27-2016 11:34 PM
‎12-27-2016 11:34 PM
Hi, Thank you for your reply. The stats is not working as I'm working on summary index. the summary index "summary_exceptions" is populated using, "...| sistats count by index, host, cobrand_port, exceptions, threshold". Now to send alert, we use: index="summary_exceptions" | eval time=_time | convert timeformat="%Y-%m-%d %H:%M:%S" ctime(time) | stats count by time, orig_index, orig_host, cobrand_port, exceptions, threshold | where count > threshold | lookup exceptions exceptions OUTPUT severity | rename cobrand_port as port orig_host as ip| eval severity=if(severity=1, "Critical", "Warning") | where severity="Critical" The output is: time orig_index ip port exceptions threshold count severity 2016-12-27 04:05:00 fe_server 172.17.22.107 9743 ORA-00028 1 2 Critical 2016-12-27 04:05:00 fe_server 172.17.22.146 9943 ALERT:Price GET Request - Method failed 1 8 Critical 2016-12-27 04:05:00 fe_server 172.17.22.147 9843 ALERT:Price GET Request - Method failed 1 10 Critical 2016-12-27 04:05:00 fe_server 172.17.22.147 9943 ALERT:Price GET Request - Method failed 1 4 Critical 2016-12-27 04:10:00 fe_server 172.17.22.146 9943 ALERT:Price GET Request - Method failed 1 8 Critical 2016-12-27 04:10:00 fe_server 172.17.22.147 9843 ALERT:Price GET Request - Method failed 1 4 Critical 2016-12-27 04:10:00 fe_server 172.17.22.147 9943 ALERT:Price GET Request - Method failed 1 4 Critical We need to send recovery alert now for ORA-00028 since it din't occur at 4:10 with all other info like ip, port etc. Can you please update the query and let me know. ... View more

Re: How to filter non repeating events?

by in Splunk Search
‎12-21-2016 10:34 PM
‎12-21-2016 10:34 PM
Thank you. appreciate your help. this is the query we need. Can you please let me know how to add the corresponding orig_index, ip and port too?. This is used for sending recovery alert(since the exception not happened again), we need to provide details like for which ip, port and index, the exception recovered. ... View more

How to filter non repeating events?

by in Splunk Search
‎12-21-2016 10:27 AM
‎12-21-2016 10:27 AM
Hi, This an output from a summary index. From this table, we need to filter based on which exception not occurred continuously. i.e. at 9:25, ORA-17002 and Connection Unavailable not occurred. Pls help us to find out how to filter only those events as of latest time. _time orig_index ip port exceptions 2016-12-21T09:15:00.000-0800 applog 192.168.168.146 9900 GET Request - Method failed 2016-12-21T09:15:00.000-0800 applog 192.168.168.147 9800 GET Request - Method failed 2016-12-21T09:15:00.000-0800 applog 192.168.168.147 9900 GET Request - Method failed 2016-12-21T09:15:00.000-0800 applog 192.168.168.27 9300 Connection Unavailable 2016-12-21T09:15:00.000-0800 applog 192.168.168.27 9300 ORA-17002 2016-12-21T09:20:00.000-0800 applog 192.168.168.146 9900 GET Request - Method failed 2016-12-21T09:20:00.000-0800 applog 192.168.168.147 9800 GET Request - Method failed 2016-12-21T09:20:00.000-0800 applog 192.168.168.27 9300 Connection Unavailable 2016-12-21T09:25:00.000-0800 applog 192.168.168.146 9900 GET Request - Method failed 2016-12-21T09:25:00.000-0800 applog 192.168.168.147 9800 GET Request - Method failed 2016-12-21T09:25:00.000-0800 applog 192.168.168.147 9900 GET Request - Method failed ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM