Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About vtsguerrero
vtsguerrero
Contributor
Member since:
07-04-2014
06-05-2020
Community Statistics
| Posts | 149 |
| Solutions | 1 |
| Karma Given | 38 |
| Karma Received | 21 |
| Member Since | 07-04-2014 |
Activity Feed
- Karma Re: How to configure props.conf to index txt files as one new event when text "~~CTRL AS~~:" appears, not by timestamps? for richgalloway. 06-05-2020 12:47 AM
- Karma Re: Is it possible to update a table with a drilldown value from another table's field in the same browser tab? for strive. 06-05-2020 12:47 AM
- Karma Re: Is it possible to update a table with a drilldown value from another table's field in the same browser tab? for somesoni2. 06-05-2020 12:47 AM
- Karma Re: Is it possible to update a table with a drilldown value from another table's field in the same browser tab? for nfilippi_splunk. 06-05-2020 12:47 AM
- Karma Re: How Do I Filter A Query By A Dynamic Created Eval Field? for wpreston. 06-05-2020 12:47 AM
- Karma Re: How to filter events based on event's datetime as current date? for MuS. 06-05-2020 12:47 AM
- Karma Re: Help with regex for a highly confusing field extraction for richgalloway. 06-05-2020 12:47 AM
- Karma Re: How To Generate A Fixed Eval Field? for somesoni2. 06-05-2020 12:47 AM
- Karma Re: Clean All Filter Inputs With A Button? for somesoni2. 06-05-2020 12:47 AM
- Karma Re: How to write the regex to extract the date fields and another key-value pair from my sample data? for richgalloway. 06-05-2020 12:47 AM
- Karma Re: How To Use Tokens For A Dynamic Drilldown? for tom_frotscher. 06-05-2020 12:47 AM
- Karma Re: How Can I Cut With Regex An Indexing Part Of A Txt File? for DavidHourani. 06-05-2020 12:47 AM
- Karma Re: How To Limit Panel Height? for masonmorales. 06-05-2020 12:47 AM
- Karma Re: How to search and table count for multiple fields? for Ayn. 06-05-2020 12:47 AM
- Karma Re: Why am I unable to filter by any regex extracted field? for woodcock. 06-05-2020 12:47 AM
- Karma Re: Why my app is not upgrading/updating? for woodcock. 06-05-2020 12:47 AM
- Karma Re: Need Regex Help - Works Inline Search, Doesn't Work On Field Extractor. for Runals. 06-05-2020 12:47 AM
- Karma Re: Need Regex Help - Works Inline Search, Doesn't Work On Field Extractor. for jkat54. 06-05-2020 12:47 AM
- Karma Re: How to get the average of two fields and compare with last event? for woodcock. 06-05-2020 12:47 AM
- Karma Re: How Can I use Stats Avg() On a Datetime Field? for acharlieh. 06-05-2020 12:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 |
11-23-2015
03:57 AM
Hello @fredkaiser , I have tried this css, changing the "=" sign to ":" in css file, hit CtrlF5 and still, no difference at all...
I just found out that Splunk's last version has updated the example "single_decorations.css" to "custom_decorations.css".
I'm still checkin' it out to see if this new release will work on my previous panel.
But thanks in advance!
... View more
11-13-2015
09:11 AM
Yeap, still not working, restarted splunk server, and tried with !important as well..
... View more
11-13-2015
06:17 AM
This is how my single looks like, letters are too big and the icon is at the wrong place since Splunk updated.
I think the tag is correct, cuz I've changed it in execution time with Chrome...
... View more
11-13-2015
06:13 AM
It's already inside the dashboard tag reference css = single-decorations.css...
I used this:
.single-result { font-size:20px }
Nothing changed, not even restarting splunk instance..
... View more
11-13-2015
05:15 AM
I'm currently using <dashboard stylesheet="single_decorations.css"> from another app, which shows green, yellow and red indicators, but the text is too big, and the icon is goin' above the letters. I know that can be done via css.
But how will I get this specific text inside each Single Value ?
Thanks in advance!
... View more
11-12-2015
10:14 AM
Well, this person asked us to get a deviation of average status error / success, I'm not acctually sure if this is possible. He wants a red/yellow/green light indicator to show if the deviation is higher less then 30%, less then 50% or higher then 50% deviation
... View more
11-12-2015
10:11 AM
This pretty much solves the problem, just need to get the average of errors and success now...
... View more
11-12-2015
09:41 AM
My data is similar to this line:
05112015ZK00S09MAIN
05112015ZK00S14MAIN
05112015ZK00E65MAIN
05102015ZK00E22MAIN
05102015ZK00S01MAIN
Where the "S" or "E" stands for Status.
So I should get the average of events with Success, the average of Errors.
They were both extracted positional regex as "Status"
How can I get the average of'em ?
... View more
11-12-2015
09:07 AM
I have a simple search like
index=main sourcetype=performance Status=*
| eval Status = if(Status=="S","Success","Error")
Then I should have a count for each status, example 50 Success and 20 Errors.
Then get the average of those two counts, and finally compare this average to last event so I can get the average difference to the last event.
How can achieve this?
Thanks in advance!
... View more
11-06-2015
09:16 AM
Did u have any in-app concern version-related over updates?
... View more
11-06-2015
08:49 AM
Haha lol
I don't wanna regret upgrading the version, also cuz my project app was being developed in 6.1 and the server uses 6.3. Now my props conf has [EXTRACT] tags and also [REPORT] tags, kinda confusing, hope I don't loose previous regex fields, not sure if this update came to help when it comes to field extractions...
... View more
11-06-2015
08:32 AM
Thanks @jkat54 and @Runals!
We've just upgraded Splunk's version, so we're kinda new to this new field extractor.
Seems the older one was working faster and easier.
But I guess that'll do it!
... View more
11-06-2015
08:21 AM
It worked for the first field, but when I go back to the field extractor, I get this message:
" The extraction failed. If you are extracting multiple fields, try removing one or more fields. Start with extractions that are embedded within longer text strings. "
... View more
11-06-2015
06:12 AM
RegExr says:
"http://www.regexr.com/v1/"
" ." = " Matches any character, except for line breaks if dotall is false. "
So, it should work passing the amount of positions inside {size} as a substring for example but in a regex, right?
... View more
11-06-2015
06:02 AM
I have this simple data:
Wich will be cut by fixed positions.
201508150015002060HHTTP090E0000000085CHAN5050
I need to cut this into 8 new fields
1 field - length 8
2 field - length 6
3 field - length 2
4 field - length 3
5 field - length 3
6 field - length 1
7 field - length 10
8 field - lenght 12
I've been tryin' to use regex positional, it works inline, but not in field extractor, why?
This is my current regex:
rex field=_raw "(?P<FIELDNAME>\.{8}" | table _raw FIELDNAME
Thanks in advance!
... View more
11-04-2015
05:32 AM
Thanks @woodcock that's exactly what has happening.
Now I just gotta figure out which one does Splunk edit as latest version to consider in directory.
... View more
10-30-2015
06:38 AM
I'm using cmd> spluck package app myApp
Then, when I go to main server and upload .tgz or .tar, dashboards doesn't change at all...
... View more
10-30-2015
04:29 AM
I used to develop in an old server Splunk instance and deliver it to the official server instance by exporting the app.
Then, we had to change the old server to a new server, but all backups were made (indexes, sources, and apps) to the new server.
I developed some changes in the new server, but now, when I export the official server, it doesn't show any new dashboard in the view.
Does anybody know a possible cause of this? Thanks in advance!
... View more
10-26-2015
10:57 AM
Worked fine....
Thanks a lot @woodcock !
... View more
10-26-2015
10:52 AM
This is an example of my data:
( it's a fixed position data )
20151022TX04100089450096950042E0000008301
20151022ZX04100016720099920072E0000001304
20151022FX04100012340099970056E0000004504
20151020CAAB2584 0067970056E0000009804
20151018CAAD2260 0409750103W0000000211
20151021CHAC1941 0356750001W0000002209
20151021CHAB1941 0023390098W0000002209
As it's a fixed position, I matched the regex like this: "\d+(?P.{12})"
And other cases, for example the letter wich stands for W=working E=error
I used ".{30}(?P.{1})"
I was able to extract these fields, but I'm unable to filter them, it only works with =*
... View more
10-26-2015
10:41 AM
Yeap, still shows "No results found."
Filters are "Preset: All Time" and "Smart Mode".
Although Verbose mode didn't work as well...
... View more
10-26-2015
10:20 AM
Hey folks, sup?
Can anyone tell me if this is something about software licensing or sorta?
I have just extracted like 3 or 4 fields using regex, data fixed position ".{20}", ".{10}"".
Fields seem to be extracted correctly, considering spaces.
But when I try to filter by any of these, no results are found.
If I used for example channel=* , I can see the channel table list.
But If I use like channel=ABC it doesn't work, but it's there...
What could cause this?
Thanks in advance!
... View more
08-17-2015
09:38 AM
I have ran into the same problem, the only difference, is that, I need to consider date_hour of event not the splunk time, how can I achieve that?
| eval Today = strftime(now(), "%Y-%m-%d")
| eval HOUR_INI_WINDOW = strptime("06:00:00","%H:%M:%S")
| eval HOUR_END_WINDOW = strptime("20:00:00","%H:%M:%S")
| WHERE DataCampanha = Today
| eval HOUR_INI = strptime(HOUR_INI_WINDOW ,"%H:%M:%S")
| eval HOUR_END = strptime(HOUR_END_WINDOW ,"%H:%M:%S")
| WHERE HOUR_INI > HOUR_INI_WINDOW OR HOUR_END > HOUR_END_WINDOW
I need to filter events NOT inside this window ( 06:00:00 - 20:00:00 ), considering these datetimes are a field of each event, not using _time of splunk...
... View more
08-14-2015
01:21 PM
Is it possible to filter between datetimes of event date?
For example, I need to filter a window between 23:00:00 and 06:00:00 but of the current day.
Considering current day as event date, is it possible to achieve this datetime window?
Thanks in advance @ MuS ♦
... View more
08-12-2015
01:02 PM
Hello! Sup?
I've been into some trouble when comparing datetimes to strings, I know I should convert'em.
Logs I've received are in this format:
CAMPAIGN_START_TIME
00:01:05
CAMPAIGN_END_TIME
00:06:12
CAMPAIGN_DATE
04/08/2015
So, what I did, was create a datetime based on these fields:
| eval CAMPAIGN_COMPLETE_DATE = (CAMPAIGN_DATE+ " " + CAMPAIGN_START_TIME)
The thing is, I need to make splunk filter results, based on this date, not the acctual _time filter.
So I was gonna compare CAMPAIGN_COMPLETE_DATE to "Today"
| eval Today = strftime(now(), "%d/%m/%Y %H:%M:%S")
But I'm having some issues due to string comparisson to datetime.
Does anyone know how can I solve this?
Thanks in advance!
- Vinicius Guerrero
... View more
