Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About cbhattad
cbhattad
Path Finder
Member since:
10-10-2019
06-05-2020
Community Statistics
| Posts | 13 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 3 |
| Member Since | 10-10-2019 |
Activity Feed
- Karma Re: Timechart question:- combining two values for plotting timechart for gcusello. 06-05-2020 12:50 AM
- Karma Re: Timechart question:- combining two values for plotting timechart for to4kawa. 06-05-2020 12:50 AM
- Karma Re: Cumulative Distinct over time from the start of the selected time range for renjith_nair. 06-05-2020 12:50 AM
- Karma Re: Cumulative Distinct over time from the start of the selected time range for wmyersas. 06-05-2020 12:50 AM
- Got Karma for Google Sheet import/export app - Setup. 06-05-2020 12:50 AM
- Got Karma for Cumulative Distinct over time from the start of the selected time range. 06-05-2020 12:50 AM
- Got Karma for Re: Cumulative Distinct over time from the start of the selected time range. 06-05-2020 12:50 AM
- Karma Re: Timechart with multiple fields and calculating percentage for jonuwz. 06-05-2020 12:46 AM
- Posted Re: How do I use my Splunk data to create charts on Google Sheets? on All Apps and Add-ons. 10-27-2019 04:19 AM
- Posted Re: How to import Google spreadsheet that is in a Team Drive? on All Apps and Add-ons. 10-27-2019 04:13 AM
- Posted Google Sheet import/export app - Setup on All Apps and Add-ons. 10-27-2019 03:23 AM
- Tagged Google Sheet import/export app - Setup on All Apps and Add-ons. 10-27-2019 03:23 AM
- Tagged Google Sheet import/export app - Setup on All Apps and Add-ons. 10-27-2019 03:23 AM
- Tagged Google Sheet import/export app - Setup on All Apps and Add-ons. 10-27-2019 03:23 AM
- Posted Re: Timechart question:- combining two values for plotting timechart on Splunk Search. 10-23-2019 05:57 AM
- Posted Re: Timechart question:- combining two values for plotting timechart on Splunk Search. 10-23-2019 03:44 AM
- Posted Re: Timechart question:- combining two values for plotting timechart on Splunk Search. 10-23-2019 12:57 AM
- Posted Re: Timechart question:- combining two values for plotting timechart on Splunk Search. 10-23-2019 12:30 AM
- Posted Re: Timechart question:- combining two values for plotting timechart on Splunk Search. 10-23-2019 12:22 AM
- Posted Re: Timechart question:- combining two values for plotting timechart on Splunk Search. 10-22-2019 11:35 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 1 |
10-27-2019
04:19 AM
How to do the 3rd Step?
Is there any UI for it?
... View more
10-27-2019
04:13 AM
Hi @yahuja
I have set up google import/export app.
What is the process of importing a google drive file in Splunk as inputlookup?
... View more
10-27-2019
03:23 AM
1 Karma
I installed the Google Import/Export App from https://splunkbase.splunk.com/app/2630/
I set it up by adding the json key from this tutorial https://lukemurphey.net/projects/splunk-google-docs/wiki/How_to_setup_app
Now, I am not able to see any sheets in the google drive as input lookup in Splunk
Is there any other setting needed to do this?
... View more
10-23-2019
05:57 AM
One more thing, as shown in the image, for 2:00 am it shows 0.79, actually, the value should be it should be for 3:00 am. Somehow, splunk searches in reverse way and scans for events in from 3:00 am to 2:00 am and then assigns the value for 2:00 am as in the below image.
I want it in other way round. the value should be shown at 3:00 am
Any idea how can we do it?
... View more
10-23-2019
03:44 AM
Thank you so much @to4kawa
you saved my day
... View more
10-23-2019
12:57 AM
index = "A" | timechart dc(user_id) as active | appendpipe [ | inputlookup users.csv | fields user_id | stats dc(user_id) as total ] | stats values(active) As active values(total) AS total BY _time | eval ratio = active/total
Tried the above, in this "total" column is always empty
... View more
10-23-2019
12:30 AM
Hi @gcusello
The other index only stores the realtime activity, not the totals.
The lookup is updated by a different process which maintains the totals in lookup.
... View more
10-23-2019
12:22 AM
Oh, now I get it.
inputlookup just stores the total count and does not have a time column.
It's like a static value.
... View more
10-22-2019
11:35 PM
Actually one of them is inputlookup and other is an index.
... View more
10-22-2019
04:38 AM
My query is something like below
index = "A" | table x | stats dc(x) as total | appendcols [search index = "B" earliest="d" latest="@now" | table y | stats dc (y) as active ] | eval ratio = active/total
index "B" consists of real time events and we get distinct user counts in variable "active".
index "A" consists of total user count
I want to plot ratio over a period of time (span = 1h)
Tried few queries but couldn't get to the result
... View more
10-17-2019
04:28 AM
Is it possible to do this per user/role?
We want some users to have the export feature but not for others
... View more
10-10-2019
05:46 AM
1 Karma
Actually it wont help. It will sum the distinct users over hours, and the sum of distinct users might not be the actual count of "distinct users".
Eg:
10-11am 54
11-12 46
Your answer will give distinct as 100, where as distinct users can be just 65. because few of the same users might have logged in for 11-12 also
... View more
10-10-2019
01:47 AM
1 Karma
Hi,
I need to find out distinct number of users over time per hour.
I have managed to reach the below query:
| timechart span=1h dc(user_id)
What the above query does is that, it finds distinct users for each one hour.
So it returns:
time . distinct_users
12:00 am - 152
1:00 am - 50
2:00 am - 64
and so on..
What I expect is, the counts should be always increasing.
so at 2:00 am above, I expect distinct users from 12:00 am to 2:00am
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
