×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
guilpink
New Member
Member since: ‎01-18-2017
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-18-2017
Activity Feed
View All

Re: Splunk strange bug with the command "Fields" a...

by in Splunk Search
‎02-06-2017 12:40 AM
‎02-06-2017 12:40 AM
Hello Graham, Thank you for your Help, I will try this and post the XML if it doesnt work. Thank you again. Have a good day. ... View more

Splunk strange bug with the command "Fields" and s...

by in Splunk Search
‎02-02-2017 02:21 AM
‎02-02-2017 02:21 AM
Hello Community, I have a strange behavior with a command when it is on the search field of a Dashboard. In my command from a dashboard: sourcetype=blabla ...... | fields - RPTMois When I load the Dashboard, 1/2 times the end of the command become: fields-RPTMois , for every Graphic of the Dashboard. Of course because of that, the Graphic doesn't display anything. Is it a known bug? Thank you ... View more

Re: How do stack multi search in a result

by in Splunk Search
‎01-19-2017 11:34 PM
‎01-19-2017 11:34 PM
Ok, understood! Thank you for your help 😉 ... View more

Re: How do stack multi search in a result

by in Splunk Search
‎01-19-2017 12:47 AM
‎01-19-2017 12:47 AM
Hello team, Really good, the last one works perfectly, I'm just wondering why the stats sum(*) as * by RPTMois Mois is needed. Is sum(X) not only to "Returns the sum of the values of the field X"? What I understand is sum() add both values for "January" of the col "Total Dysfonctionnements". Thank you again! ... View more

How do stack multi search in a result

by in Splunk Search
‎01-18-2017 07:30 AM
‎01-18-2017 07:30 AM
Hello team, I'm a splunk beginner and i'm looking for a solution. My research is: sourcetype="itsm_extract" Environement="Production" metier="Ass" groupe_proprietaire="MOE ASS FCT*" categorisation_produit_3="*ECH*" | eval _time=strptime(date_creation,"%d/%m/%Y") | eval RPTMois=strftime(_time, "%m") | eval Mois=strftime(_time, "%B") | stats count as "Total Incidents" by Mois,RPTMois | sort RPTMois | fields - RPTMois | append [search sourcetype="itsm_extract" Environement="Production" metier="Ass" groupe_proprietaire="PIL CC05 OPEN CIB IS RB N1" analyse_technique="Autre erreur batch" | fields + resume + date_creation | rex field=resume "(?:[A-Z0-9\-]*\_){4}[A-Z0-9]{2}(?<code_app>[A-Z0-9]{3})" | rex field=code_app "(?<car2>[A-Z0-9]{2})(?<car3>[A-Z0-9])" | eval code_app_final=if(isint(car3),car2,code_app) | join code_app_final [search sourcetype="ref_application" | fields + Code_Application,Affectation,Domaine | rename Code_Application as code_app_final] | eval _time=strptime(date_creation,"%d/%m/%Y") | eval RPTMois=strftime(_time, "%m") | eval Mois=strftime(_time, "%B") | search Domaine="*ECH*" | stats count(Domaine) as "Total Dysfonctionnements" by RPTMois,Mois | fields - RPTMois] image? Link: http://www.hostingpics.net/viewer.php?id=797097splunkanw.png My question is: how should i do to merge my events by month in order to have only one occurence of each month? This way to be able to do a stacked histogram. I have tried append, appendcols, multisearch.... Thank you for your help and sorry for this english. Kévin ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM