Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About indeed_2000
indeed_2000
Motivator
Member since:
11-24-2019
07-13-2024
Community Statistics
| Posts | 528 |
| Solutions | 7 |
| Karma Given | 95 |
| Karma Received | 3 |
| Member Since | 11-24-2019 |
Activity Feed
- Got Karma for issue with "_time" after using fit command in DLTK. 07-08-2024 12:44 AM
- Posted Re: Compare resp code count of two dates for each servername on Splunk Search. 02-23-2024 10:28 AM
- Karma Re: Compare resp code count of two dates for each servername for ITWhisperer. 02-23-2024 10:26 AM
- Posted Re: Compare resp code count of two dates for each servername on Splunk Search. 02-23-2024 04:00 AM
- Posted Compare resp code count of two dates for each servername on Splunk Search. 02-23-2024 12:34 AM
- Posted Re: compare two result on Splunk Search. 02-21-2024 09:18 PM
- Karma Re: compare two result for bowesmana. 02-21-2024 09:18 PM
- Posted Re: compare two result on Splunk Search. 02-20-2024 08:57 AM
- Posted compare two result on Splunk Search. 02-19-2024 08:41 PM
- Karma Re: splunk 8.0.4 support mpreview? for PickleRick. 01-22-2024 09:27 AM
- Posted splunk 8.0.4 support mpreview? on Splunk Search. 01-21-2024 08:50 PM
- Posted Re: Need to create summary index continuously realtime on Splunk Search. 01-18-2024 02:19 AM
- Posted Re: Need to create summary index continuously realtime on Splunk Search. 01-18-2024 12:03 AM
- Posted Re: Need to create summary index continuously realtime on Splunk Search. 01-17-2024 11:31 AM
- Posted Re: Need to create summary index continuously realtime on Splunk Search. 01-17-2024 11:28 AM
- Posted Re: Need to create summary index continuously realtime on Splunk Search. 01-15-2024 11:26 AM
- Posted Need to create summary index continuously realtime on Splunk Search. 01-15-2024 09:49 AM
- Posted Re: issue with "_time" after using fit command in DLTK on Splunk Search. 01-09-2024 04:42 AM
- Posted issue with "_time" after using fit command in DLTK on Splunk Search. 01-09-2024 03:55 AM
- Posted Re: Download splunk apm on premises on Splunk Search. 12-20-2023 09:59 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-23-2024
10:28 AM
@ITWhisperer thanks work perfectly. is there any way to show resp count numbers like this: 10,1K, 2M, …?
... View more
02-23-2024
04:00 AM
@ITWhisperer Here is the current query, and when i add _time in xyseries it will show resp ode as columns instead row:: index="myindex" | rex field=source "\/.*\/log\.(?<servername>\w+)." | rex "R(?<Respcode>\[\d+\]\[\d+\])" | bin _time span=1d | stats count as Respcode_count by Respcode,servername,_time | xyseries Respcode ,servername,Respcode_count Current output: Respcodes Srv1 Srv2 Srv3 Srv4 …. 200 80 10 100 42 400 12 55 11 0 500 11 34 2 8 … expected output: Date. Respcodes Srv1 Srv2 Srv3 Srv4 …. 2024/02/23 200 80 10 100 42 2024/02/24 200 70 19 11 11 2024/02/23 400 12 55 11 0 2024/02/24 400 44 14 46 89 2024/02/23 500 11 34 2 8 2024/02/24 500 11 34 2 9 … any idea?
... View more
02-23-2024
12:34 AM
Hi I have query that return count of different resp codes of servers for 2 days now need to find different between these two days. current output: Respcodes Srv1 Srv2 Srv3 Srv4 …. 200 80 10 100 42 400 12 55 11 0 500 11 34 2 8 … expected output: Date. Respcodes Srv1 Srv2 Srv3 Srv4 …. 2024/02/23 200 80 10 100 42 2024/02/24 200 70 19 11 11 2024/02/23 400 12 55 11 0 2024/02/24 400 44 14 46 89 2024/02/23 500 11 34 2 8 2024/02/24 500 11 34 2 9 … if there is delta that calculate count of each server for two dates will be great! any idea? thanks
... View more
02-21-2024
09:18 PM
@bowesmana thanks, Chart is slow on my data, after several try and error find solution. first using “stats” to extract count, then use “xyseries”.
... View more
02-20-2024
08:57 AM
@bowesmana Thanks, Try what you mentioned but not work as I expected, Change my mind, Is it possible to create table like this? PF Host1 Host2 Host3 red. 50. 20. 89 purple. 30. 80. 1 green. 80. 12. -
... View more
02-19-2024
08:41 PM
Hi I have a query that need to compare count of PF field for two log file: on splunk I have two query that create this table, the issue is need to "PF" that equal in query1 and query2 show in same row: current result: hostname1 PF1 count1 hostname2 PF2 count2
host1 red 50 host2 yellow 90
host1 green 40 host2 green 90
host1 purple 50 host2 red 90 expected result: hostname1 PF1 count1 hostname2 PF2 count2
host1 red 50 host2 red 90
host1 green 40 host2 green 90
host1 purple 50 host2 - -
host1 - - host2 yellow 90 here is the query: index="myindex" "mymodule*:" AND "P[" AND "F[" source="/tmp/*/log.srv23.*.bz2"
| rex field=source "\/.*\/log\.(?<servername>\w+)."
| rex "P(?<PF>\[\d+\]\[\d+\])"
| stats count as _PF by PF,servername | stats list(_PF) as count list(PF) as PF by servername
| appendcols
[search index="myindex" "mymodule*:" AND "P[" AND "F["
source="/tmp/*/log.srv24.*.bz2"
| rex field=source "\/.*\/log\.(?<servername>\w+)."
| rex "P(?<PF2>\[\d+\]\[\d+\])"
| stats count as _PF2 by PF2,servername | stats list(_PF2) as count
list(PF2) as PF2 by servername ] Any idea? Thanks
... View more
01-21-2024
08:50 PM
01-18-2024
02:19 AM
@isoutamo Hi, forgot about elastic, and separated index. need to send raw log via forwarder to splunk and create dashboard that work with metrics that exist in log. what is the most effective performance solution in splunk that work realtime and historical data? Need to load dashboard quickly and accurately e.g span in timechart is 1s. FYI:data coming from several servers and it is lots of log lines in each second.
... View more
01-18-2024
12:03 AM
@PickleRick thanks, how about this part: 1-run splunk forwarder on client and logs send to splunk server, in each lines lots of data exist so need to create the summary index as soon as log received and store summary of line on that summary index continuously realtime.
... View more
01-17-2024
11:31 AM
@gcusello Is there any other technique that work with this condition?
... View more
01-17-2024
11:28 AM
@PickleRick So what is your suggestion for this?
... View more
01-15-2024
11:26 AM
Hi @gcusello in each day there are lots of datapoints that’s why i need to break it down into the multiple index, probably it will increase speed of search like sharing mechanism in elasticsearch or influxdb.
... View more
- Tags:
- c
01-15-2024
09:49 AM
Need to create summary index continuously realtime, now have two questions: 1-run splunk forwarder on client and logs send to splunk server, in each lines lots of data exist so need to create the summary index as soon as log received and store summary of line on that summary index continuously realtime. 2-is it possible Automatically Create new index for each day like this myindex-20240115, myindex-20240116, as data comings from forwarder? Thanks
... View more
Labels
- Labels:
-
field extraction
-
fields
-
rex
01-09-2024
04:42 AM
@pdrieger_splunkany idea?
... View more
01-09-2024
03:55 AM
1 Karma
Hi here is the default spl of App: Splunk App for Data Science and Deep Learning (Time Series Anomalies with STUMPY -Time Series Anomaly Detection with Matrix Profiles) | inputlookup cyclical_business_process.csv | eval _time=strptime(_time, "%Y-%m-%dT%H:%M:%S") | timechart span=15m avg(logons) as logons | fit MLTKContainer algo=stumpy m=96 logons from _time into app:stumpy_anomalies | table _time logons matrix_profile | eventstats p95(matrix_profile) as p95_matrix_profile | eval anomaly=if(matrix_profile>p95_matrix_profile,1,0) | fields - p95_matrix_profile now want to run this command for my data, here is the sample log: 2022-11-30 23:59:00,122,124 2022-11-30 23:58:00,113,112 2022-11-30 23:57:00,144,143 2022-11-30 23:56:00,137,138 2022-11-30 23:55:00,119,120 2022-11-30 23:54:00,103,102 2022-11-30 23:53:00,104,105 2022-11-30 23:52:00,143,142 2022-11-30 23:51:00,138,139 2022-11-30 23:50:00,155,153 2022-11-30 23:49:00,100,102 timestamp: 2022-11-30 23:59:00 logons: 122 here is the spl that i run: | rex field=_raw "(?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}),(?<logons>\d+)" | eval _time=strptime(time, "%Y-%m-%d %H:%M:%S") | timechart span=15m avg(logons) as logons | fit MLTKContainer algo=stumpy m=96 logons from _time into app:stumpy_anomalies | table _time logons matrix_profile | eventstats p95(matrix_profile) as p95_matrix_profile | eval anomaly=if(matrix_profile>p95_matrix_profile,1,0) | fields - p95_matrix_profile before fit command _time show correctly, but after fit command it's empty! FYI: logon, matrix_profile, anomaly return correctly but _time is empty! Any idea?
... View more
Labels
- Labels:
-
eval
-
field extraction
-
rex
12-20-2023
09:59 AM
Main question is: is there any splunk apm on-premises available or it just available in cloud version?
... View more
12-20-2023
08:59 AM
Hi What is the different between Extract fields in query with rex or in config file. Pros and cons? how about performance? Thanks,
... View more
Labels
- Labels:
-
field extraction
-
regex
-
rex
12-20-2023
08:53 AM
@gcusello currently i have installed Splunk enterprises, now need to install APM product or app on it. Here is the link https://www.splunk.com/en_us/products/apm-application-performance-monitoring.html
... View more
12-19-2023
11:11 AM
Hi how can I download splunk apm on premises? FYI: I don’t want use cloud version Thanks
... View more
11-04-2023
11:20 AM
@ITWhisperer you miss main question and I tell you step by step main question! Would you please check main question? And tell me is there any way to do that? thanks
... View more
11-04-2023
07:49 AM
@ITWhisperer #txn1 16:30:53:002 moduleA ID[123] 16:30:54:002 moduleA ID[123] 16:30:55:002 moduleB ID[123]T[A] 16:30:56:002 moduleC ID[123] #txn2 16:30:57:002 moduleD ID[987] 16:30:58:002 moduleE ID[987]T[B] 16:30:59:002 moduleF ID[987] 16:30:60:002 moduleZ ID[987]
... View more
11-03-2023
02:04 PM
@ITWhisperer i mean id, t , … key value extracted not transaction.
... View more
11-03-2023
01:01 PM
@ITWhisperer How about other part? FYI: i mean extract key value one by one with rex command not whole transaction.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-13-2024
12:53 PM
|
Karma given to
