Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About zebu14
zebu14
Explorer
Member since:
07-15-2014
06-05-2020
Community Statistics
| Posts | 14 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 1 |
| Member Since | 07-15-2014 |
Activity Feed
- Karma Re: How do you do an outer join of two stats searches? for kmaron. 06-05-2020 12:50 AM
- Got Karma for How to show more than 50 events on a page in 7.x ?. 06-05-2020 12:50 AM
- Karma Re: How to find the average, min, and max values per minute for a 7 day search? for somesoni2. 06-05-2020 12:47 AM
- Posted Re: How to show more than 50 events on a page in 7.x ? on Splunk Search. 11-14-2018 01:46 AM
- Posted How to show more than 50 events on a page in 7.x ? on Splunk Search. 11-13-2018 11:49 PM
- Tagged How to show more than 50 events on a page in 7.x ? on Splunk Search. 11-13-2018 11:49 PM
- Tagged How to show more than 50 events on a page in 7.x ? on Splunk Search. 11-13-2018 11:49 PM
- Posted Re: How do you do an outer join of two stats searches? on Splunk Search. 11-06-2018 08:07 AM
- Posted Re: How do you do an outer join of two stats searches? on Splunk Search. 11-06-2018 06:19 AM
- Posted Re: How do you do an outer join of two stats searches? on Splunk Search. 11-06-2018 06:05 AM
- Posted How do you do an outer join of two stats searches? on Splunk Search. 11-06-2018 05:40 AM
- Tagged How do you do an outer join of two stats searches? on Splunk Search. 11-06-2018 05:40 AM
- Tagged How do you do an outer join of two stats searches? on Splunk Search. 11-06-2018 05:40 AM
- Posted Re: How do you display events that match a condition but don't match another (full join without intersection)? on Dashboards & Visualizations. 11-06-2018 12:42 AM
- Posted How do you display events that match a condition but don't match another (full join without intersection)? on Dashboards & Visualizations. 11-05-2018 06:02 AM
- Tagged How do you display events that match a condition but don't match another (full join without intersection)? on Dashboards & Visualizations. 11-05-2018 06:02 AM
- Posted Re: How to obtain a visualisation based on time (x-axis) for a multi series search (table)? on Dashboards & Visualizations. 07-12-2018 12:52 AM
- Posted How to obtain a visualisation based on time (x-axis) for a multi series search (table)? on Dashboards & Visualizations. 07-11-2018 08:03 AM
- Tagged How to obtain a visualisation based on time (x-axis) for a multi series search (table)? on Dashboards & Visualizations. 07-11-2018 08:03 AM
- Tagged How to obtain a visualisation based on time (x-axis) for a multi series search (table)? on Dashboards & Visualizations. 07-11-2018 08:03 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-14-2018
01:46 AM
On the splunk search page, yes.
I tried to edit the following files :
./share/splunk/search_mrsparkle/exposed/js/views/search/results/eventspane/controls/Master.js
./share/splunk/search_mrsparkle/exposed/js/views/search/searchhistory/historycontent/Master.js
./share/splunk/search_mrsparkle/exposed/js/views/dataset/tablecontainer/results/DatasetControls.js
With no success for the moment.
... View more
11-13-2018
11:49 PM
1 Karma
Hello,
In Splunk previous versions (5.x) there was an editable file to be able to add more choices for the number of displayed events (10/20/50 per page)
I want to display more events on each page (100 / 200) because my logs are quite verbose.
The question has already been asked for Splunk 6.x, but I am searching for a solution on version 7.1.
Any idea ?
Thank you
... View more
11-06-2018
08:07 AM
This update seems to do the job.
As I still obtain many results, let me check that everything is correct and I'll validate your solution ASAP.
Thanks
... View more
11-06-2018
06:19 AM
No more success with your update
It's probably even worse (2 more results : 872 at first and 874 then)
I'm supposed to obtain 126 customers (I've already done the job through Excel to compare results)
... View more
11-06-2018
06:05 AM
Just tried and it gives me a lot of customers that are present in each independant search, so NOK.
... View more
11-06-2018
05:40 AM
Hello,
I am trying to do an outer join of two searches.
I have 2 server groups (Gateway="opaxvgw1" OR Gateway="opaxvgw2") and (Gateway="opaxvgw3" OR Gateway="opaxvgw4")
For each group, I list the customers by the term "Penta_source".
Then I want to extract the customers that are only present in one of the groups (and eliminate all the customers that are present in both)
Here is my search job, but it doesn't work :
index="axwaydb-prd" sourcetype=AXWAY-Stats Direction=I Gateway="opaxvgw1" OR Gateway="opaxvgw2" | stats count by Penta_source | join type=outer Penta_source [search index="axwaydb-prd" sourcetype=AXWAY-Stats Direction=I Gateway="opaxvgw3" OR Gateway="opaxvgw4" | stats count by Penta_source]
Any idea ?
... View more
- Tags:
- join
- outer_join
11-06-2018
12:42 AM
Hello,
Thanks for your proposal.
I obtain two columns in which some partners are common and others are not...
It doesn't seem to work.
Maybe I didn't explained my need correctly.
If i consider two columns 1 and 2 :
1: 2:
AAA AAA
BBB CCC
CCC EEE
DDD
I want the search to give me this answer
BBB
DDD
EEE
And not the events thare are present in each colomn (or independant search)
Maybe it is possible to do through the function "Join type=outer" but I can't find a suitable syntax for my search job.
... View more
11-05-2018
06:02 AM
Hello,
I have events that are emitted by many parters to 4 different servers
My goal is to find events for each partner that are received on two servers but NEVER on the others (and vice versa).
Actually, I'm doing a search for events that match with server1 or server2. Then, I do another search for events that match with server3 or server4. And finally I export everything in a CSV and I am doing the list of partners that are only present on one of the groups
What I am trying to obtain is like an SQL "Full Join without intersection"
My actual search is like :
index="XXX" Direction=I Gateway=server1 or server2| stats count by Partner
Is it possible to obtain what I need in an only search ?
Thank you
... View more
- Tags:
- splunk-enterprise
07-12-2018
12:52 AM
Thanks for the tip.
I usually use timechart function, but I'm still a beginner and I still don't manage the use of timechart with multiple parameters
... View more
07-11-2018
08:03 AM
Hello,
I am using a table type search with visualisation with multiple fields to render.
The purpose of this search is to match two events in a transaction (incoming file and outgoing file) and calculate some infos (bandwidth, duration...)
My search is :
index="" sourcetype= | transaction file_component maxpause=5m |eval debit=Size/duration | table file_component,Size,duration,debit
This give me a multi series visualisation in which "file_component" (the transaction id) is the x-axis, so events are sorted with transaction id but not with time.
I tried to add:
index="" sourcetype= | transaction file_component maxpause=5m |eval debit=Size/duration | table file_component,Size,duration,debit,_time | sort by _time
This worked for sorting the results by time, but X-axis is still based on transaction id and I can't find the date and time of a transfer by just hovering the mouse on the graphs.
Any idea?
Thanks
... View more
12-05-2016
01:27 AM
Hello,
And if I want to do so on a 7 day timechart (the max, min and avg value, for each day of the last 7 days)
How do I modify this request please ?
Moreover, the above solution (the first one) gives me a chart with only two columns :
max column
avg column
... but min is on absciss axis ans is not shown as a dedicated column.
I have to hover my mouse onto one of the columns to see the min value (or look in the table below)
Any idea ?
Thank you
... View more
07-15-2014
06:59 AM
Hello,
My log files looks like this :
"1","I","R","140406 233102","E","0","1341874",[...]
I want Splunk to recognize the date and time from this log.
The date uses the following format : "YYMMDD HHMMSS"
("140406 233102" ==> 2014 June 6th, 23h31m02s)
Can someone help me to find the regex ?
Thanks
... View more
- Tags:
- date
- regex
- time-format
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
