cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
echambervisa
Observer
Member since: ‎02-02-2017
‎10-29-2021
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-02-2017
Activity Feed
View All

Re: Getting a time series Ratio of data from two d...

by in Splunk Search
‎10-29-2021 01:06 PM
‎10-29-2021 01:06 PM
I do see one error in the eval expression which is corrected below.  common_field !=NULL ("success" common_field as successes) OR ("error" common_field as errors) | stats count(errors) as errorCount count(successes) as successCount by common_field | eval ratio=(100*errorCount)/(1+errorCount+successCount) | timechart avg(ratio) by common_field  However, that is not where the mystery lies!  ... View more

Re: Getting a time series Ratio of data from two d...

by in Splunk Search
‎10-29-2021 01:01 PM
‎10-29-2021 01:01 PM
I do not understand how the field_from_search1 is designated in the (Conditions for search1) and, likewise, for the search2.   Assuming the string "success" and "error" are the indicators in the lines pulled, I tried the following and it did not work: common_field !=NULL ("success" common_field as successes) OR ("error" common_field as errors) | stats count(errors) as errorCount count(successes) as successCount by common_field | eval ratio=(100*errorCount)/1+errorCount+successCount | timechart avg(ratio) by common_field  The "1+" is to avoid division by zero.  What is wrong with the above?  I think I have the field-extraction in the first line wrong but, if so, I do not know the correct syntax to use there. ... View more

Getting a time series Ratio of data from two diffe...

by in Splunk Search
‎10-29-2021 11:08 AM
‎10-29-2021 11:08 AM
I have two different data files which are related by a single named field.   Lets call that field common_field.  From one set of data files, I can get the count per common_field and from the other set of data files I can get the count of errors per common_field. I want to create a query which will give me the ratio of error count to total count per common_field.  I have tried to use subsearches but it is not working.  ... View more
Labels

How do I diagnose cycles in event types and tags?

by in Dashboards & Visualizations
‎05-24-2019 02:22 PM
‎05-24-2019 02:22 PM
In several of the widgets on one of my dashboards I see a red triangle in the upper right corner. Clicking on that, I see several complaints of the forms Expanding (splunk query here) failed due to cycle detected when expanding tag=xxx Expanding (splunk query here) failed due to cycle detected when expanding eventtype=yyy How does one troubleshoot the tags and event types to find and eliminate the cycles? We have many tags and many event types defined. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-29-2021 07:33 PM