cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
cbhattad
Path Finder
Member since: ‎10-10-2019
‎06-05-2020
Community Statistics
Posts 13
Solutions 0
Karma Given 5
Karma Received 3
Member Since ‎10-10-2019
Activity Feed
View All

Re: How do I use my Splunk data to create charts o...

by in All Apps and Add-ons
‎10-27-2019 04:19 AM
‎10-27-2019 04:19 AM
How to do the 3rd Step? Is there any UI for it? ... View more

Re: How to import Google spreadsheet that is in a ...

by in All Apps and Add-ons
‎10-27-2019 04:13 AM
‎10-27-2019 04:13 AM
Hi @yahuja I have set up google import/export app. What is the process of importing a google drive file in Splunk as inputlookup? ... View more

Google Sheet import/export app - Setup

by in All Apps and Add-ons
‎10-27-2019 03:23 AM
1 Karma
‎10-27-2019 03:23 AM
1 Karma
I installed the Google Import/Export App from https://splunkbase.splunk.com/app/2630/ I set it up by adding the json key from this tutorial https://lukemurphey.net/projects/splunk-google-docs/wiki/How_to_setup_app Now, I am not able to see any sheets in the google drive as input lookup in Splunk Is there any other setting needed to do this? ... View more

Re: Timechart question:- combining two values for ...

by in Splunk Search
‎10-23-2019 05:57 AM
‎10-23-2019 05:57 AM
One more thing, as shown in the image, for 2:00 am it shows 0.79, actually, the value should be it should be for 3:00 am. Somehow, splunk searches in reverse way and scans for events in from 3:00 am to 2:00 am and then assigns the value for 2:00 am as in the below image. I want it in other way round. the value should be shown at 3:00 am Any idea how can we do it? ... View more

Re: Timechart question:- combining two values for ...

by in Splunk Search
‎10-23-2019 03:44 AM
‎10-23-2019 03:44 AM
Thank you so much @to4kawa you saved my day ... View more

Re: Timechart question:- combining two values for ...

by in Splunk Search
‎10-23-2019 12:57 AM
‎10-23-2019 12:57 AM
index = "A" | timechart dc(user_id) as active | appendpipe [ | inputlookup users.csv | fields user_id | stats dc(user_id) as total ] | stats values(active) As active values(total) AS total BY _time | eval ratio = active/total Tried the above, in this "total" column is always empty ... View more

Re: Timechart question:- combining two values for ...

by in Splunk Search
‎10-23-2019 12:30 AM
‎10-23-2019 12:30 AM
Hi @gcusello The other index only stores the realtime activity, not the totals. The lookup is updated by a different process which maintains the totals in lookup. ... View more

Re: Timechart question:- combining two values for ...

by in Splunk Search
‎10-23-2019 12:22 AM
‎10-23-2019 12:22 AM
Oh, now I get it. inputlookup just stores the total count and does not have a time column. It's like a static value. ... View more

Re: Timechart question:- combining two values for ...

by in Splunk Search
‎10-22-2019 11:35 PM
‎10-22-2019 11:35 PM
Actually one of them is inputlookup and other is an index. ... View more

Timechart question:- combining two values for plot...

by in Splunk Search
‎10-22-2019 04:38 AM
‎10-22-2019 04:38 AM
My query is something like below index = "A" | table x | stats dc(x) as total | appendcols [search index = "B" earliest="d" latest="@now" | table y | stats dc (y) as active ] | eval ratio = active/total index "B" consists of real time events and we get distinct user counts in variable "active". index "A" consists of total user count I want to plot ratio over a period of time (span = 1h) Tried few queries but couldn't get to the result ... View more

Re: Is there a way to remove the "Open in Search, ...

by in Dashboards & Visualizations
‎10-17-2019 04:28 AM
‎10-17-2019 04:28 AM
Is it possible to do this per user/role? We want some users to have the export feature but not for others ... View more

Re: Cumulative Distinct over time from the start o...

by in Splunk Search
‎10-10-2019 05:46 AM
1 Karma
‎10-10-2019 05:46 AM
1 Karma
Actually it wont help. It will sum the distinct users over hours, and the sum of distinct users might not be the actual count of "distinct users". Eg: 10-11am 54 11-12 46 Your answer will give distinct as 100, where as distinct users can be just 65. because few of the same users might have logged in for 11-12 also ... View more

Cumulative Distinct over time from the start of th...

by in Splunk Search
‎10-10-2019 01:47 AM
1 Karma
‎10-10-2019 01:47 AM
1 Karma
Hi, I need to find out distinct number of users over time per hour. I have managed to reach the below query: | timechart span=1h dc(user_id) What the above query does is that, it finds distinct users for each one hour. So it returns: time . distinct_users 12:00 am - 152 1:00 am - 50 2:00 am - 64 and so on.. What I expect is, the counts should be always increasing. so at 2:00 am above, I expect distinct users from 12:00 am to 2:00am ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to