cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sanjeev
Explorer
Member since: ‎07-02-2020
‎11-02-2020
Community Statistics
Posts 19
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎07-02-2020
Activity Feed
View All

Re: drilldown based on time

by in Splunk Search
‎11-02-2020 05:13 AM
‎11-02-2020 05:13 AM
i am not able to get the drilldown from the x-axis.    This is my code:  (index=hc_trials OR index=hc_prod) (HCREBOOT) $hubprod$ ($sversion1$) ($region$) $excludetest$ | search version="$form.sversion1$" | fields + mac resetid deviceid version _time | bin span=$spanres$ _time | stats dc(mac) AS devices BY resetid version _time deviceid | WHERE resetid = "HW" | timechart sum(devices) span=$spanres$ by version   </search> <option name="charting.axisTitleX.text">Period</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.text">Number of reboots</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisY.abbreviation">auto</option> <option name="charting.axisY.scale">log</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">line</option> <option name="charting.chart.nullValueMode">zero</option> <option name="charting.chart.showDataLabels">minmax</option> <option name="charting.drilldown">all</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.mode">standard</option> <option name="charting.legend.placement">bottom</option> <option name="height">302</option> <option name="refresh.display">progressbar</option> <option name="trellis.enabled">0</option> <drilldown> <set token="form.sversion1">$click.value$</set> </drilldown>   ... View more

drilldown based on time

by in Splunk Search
‎11-02-2020 02:34 AM
‎11-02-2020 02:34 AM
Hi, the following pic shows the chart in the left hand side,  i want a drilldown based on time when i click on the graph. for example when i click on the spike value-49, i should get all the values for that time when the spike has happened. TIA.   ... View more
Labels

Re: how to plot a time chart with average of some ...

by in Reporting
‎09-18-2020 06:16 AM
‎09-18-2020 06:16 AM
something like this for all 21 devices aggregated on daily basis. _time avg_Mem0 avg_Mem1 avg_CPU0 avg_CPU1 avg_CPU2 01-08-2020 28889 6777 8676 9898 1232 02-08-2020 28765 6875 8976 9676 1342 03-08-2020 26542 6543 8231 9754 1423 04-08-2020 26579 6231 8354 9543 1876 ... View more

Re: how to plot a time chart with average of some ...

by in Reporting
‎09-18-2020 06:04 AM
‎09-18-2020 06:04 AM
Actually i need the average of (Mem0) ,(Mem1) ,(CPU0) ,(CPU1) &(CPU2) for these 21 devices aggregated ... View more

Re: how to plot a time chart with average of some ...

by in Reporting
‎09-18-2020 05:56 AM
‎09-18-2020 05:56 AM
I need the average of only these devices 24A7DCFFB120,24A7DCFFB480,24A7DCFFB730,3C8994CCFB80,24A7DCFFBB30,24A7DCFFA150,80721552DB50,3C8994718568,24A7DCFFAB78,3C8994558170,807215405D08,3C8994782528,3C8994667D78,3C8994788B70,3C899467CBC8,3C8994731588,24A7DCFFA650,3C8994763F88,3C8994764D68     can i use a where  | where mac like (24A7DCFFB120,24A7DCFFB480,24A7DCFFB730,3C8994CCFB80,24A7DCFFBB30,24A7DCFFA150,80721552DB50,3C8994718568,24A7DCFFAB78,3C8994558170,807215405D08,3C8994782528,3C8994667D78,3C8994788B70,3C899467CBC8,3C8994731588,24A7DCFFA650,3C8994763F88,3C8994764D68) ... View more

how to plot a time chart with average of some fiel...

by in Reporting
‎09-18-2020 04:58 AM
‎09-18-2020 04:58 AM
Need to plot a time chart of some mac with average of Mem0, Mem1, CPU0, CPU1 and CPU2. (index=metrics OR index=hc_trials OR index=hc_prod) (HCTELEM OR HCJUNK) uptime>1800 | fields + payload version deviceid mac uptime | eval payload=replace(payload, "\"\"", "\"") | spath input=payload output=Mem0 path=Mem{0} | spath input=payload output=Mem1 path=Mem{1} | spath input=payload output=CPU0 path=CPU{0} | spath input=payload output=CPU1 path=CPU{1} | spath input=payload output=CPU2 path=CPU{2} | table mac Mem0 Mem1 CPU0 CPU1 CPU2     @thambisetty  ... View more
Labels

search on aggregation

by in Splunk Search
‎08-13-2020 02:45 PM
‎08-13-2020 02:45 PM
These are two question that that i need to solve. Memory loss by time *since boot* aggregated across entire population. Memory loss by wall clock time aggregated across entire population.      base query (index=metrics OR index=hc_trials OR index=hc_prod) uptime>1800 (HCTELEM OR HCJUNK) | fields + payload version deviceid | eval payload=replace(payload, "\"\"", "\"") | spath input=payload output=Mem1 path=Mem{1}   Please help me to solve this. TIA ... View more

loops and lookup

by in Splunk Search
‎07-16-2020 07:13 AM
‎07-16-2020 07:13 AM
These are few requirements. (I am splunk beginner Please help me) Plot out devices that degrade over time using specific outliers. input field to define the total degredation value calculate before time and after time and have this summarised per device. For each mac on telemetry: • First calculate the device’s uptime value e.g by calculating time delta (uptime < 1800) up to next (uptime < 1800). (note: if the next uptime is not found then just calculate time up to end period). • Take the memory data (freemem) from the first point and just BEFORE the next point at where the device was rebooted. • Show the device uptime based on time calculation between the two points. • Calculate the delta of memory (freemem) between the two points. This will need to be put into an indexing page with the query run across the entire telemetry base. The dashboard should have the following inputs: Time period (for before / after delta) + Leak Threshold (Number of bytes) + Span Exclude (removing test devices) + One column can show the device’s uptime and another column will show the memory degradation.     the events look like this: 2020-07-14 06:43:37.0,0,ERROR,000000000000,na,na,na,na,na,na,na,na,"""na""",na,na,"{""bootid"":0,""deviceid"":""BC10164B002952"",""mac"":""9021063d8898"", ""payload"":{""CPU"":[2,9,85],""Mem"":[253360,124120],""CmsLock"":{""PID"":0,""Dur"":0,""PName"":""NULL"",""Fn"":""NULL""},""IFStat"":{""eth0.1"":[320838754,252147895], ""br0"":[413300414,21771493],""wl1"":[0,430467720],""wds1.2"":[51152432,2323764265],""wl0"":[437899257,6876453],""wds1.1"":[580685048,116947992],""eth0"":[3680810744,927584233]}, ""Eth"":{""0"":{""Type"":""100baseTx-FD."",""LinkUp"":1}},,""Temp"":[45,62]},""model"":""EE120"",""region"":""UK"",""resetid"":""FIRM_FUS"",""sw"":""2.20.2747.R"", ""topic"":""HCTELEM"",""uptime"":271031,""utc"":1594705390,""vc"":""na"",""wakereason"":""na"",""ver"":2}"     ... View more

Re: how to calculate time delta

by in Splunk Search
‎07-16-2020 12:27 AM
‎07-16-2020 12:27 AM
Thanks for that. there are few more requirements. Below are some of them. • Take the memory data (freemem) from the first point and just BEFORE the next point at where the device was rebooted. • Show the device uptime based on time calculation between the two points. • Calculate the delta of memory (freemem) between the two points.   Reboot can be recognized by resetid ... View more

Re: how to calculate time delta

by in Splunk Search
‎07-15-2020 06:48 AM
‎07-15-2020 06:48 AM
2020-07-14 06:43:37.0,0,ERROR,000000000000,na,na,na,na,na,na,na,na,"""na""",na,na,"{""bootid"":0,""deviceid"":""BC10164B002952"",""mac"":""9021063d8898"", ""payload"":{""CPU"":[2,9,85],""Mem"":[253360,124120],""CmsLock"":{""PID"":0,""Dur"":0,""PName"":""NULL"",""Fn"":""NULL""},""IFStat"":{""eth0.1"":[320838754,252147895], ""br0"":[413300414,21771493],""wl1"":[0,430467720],""wds1.2"":[51152432,2323764265],""wl0"":[437899257,6876453],""wds1.1"":[580685048,116947992],""eth0"":[3680810744,927584233]}, ""Eth"":{""0"":{""Type"":""100baseTx-FD."",""LinkUp"":1}},,""Temp"":[45,62]},""model"":""EE120"",""region"":""UK"",""resetid"":""FIRM_FUS"",""sw"":""2.20.2747.R"", ""topic"":""HCTELEM"",""uptime"":271031,""utc"":1594705390,""vc"":""na"",""wakereason"":""na"",""ver"":2}"     this is basically raw data.  here uptime is 271031. so we want devices uptime value which are less than 1800. by calculating time delta (uptime < 1800) up to next (uptime < 1800). (note: if the next uptime is not found then just calculate time up to end period). ... View more

how to calculate time delta

by in Splunk Search
‎07-15-2020 03:47 AM
‎07-15-2020 03:47 AM
how to calculate the device’s uptime value e.g time delta means time between  (uptime < 1800) up to next (uptime < 1800). (note: if the next uptime is not found then just calculate time up to end period).     ... View more

How do i create a scatter plot using two columns t...

by in Reporting
‎07-03-2020 04:56 AM
‎07-03-2020 04:56 AM
My Data set looks like this : temp           CPU 45                   93 54                    95 65                     91 75                     90 43                      89 so on          so on I have used         | table aTemp_wl1,mCPU2 | stats avg(mCPU2) by aTemp_wl1 to plot aline graph but unable to plot a scatter plot    Please help! ... View more
Labels

Re: replacing large numeric values with 0

by in Reporting
‎07-02-2020 04:47 AM
‎07-02-2020 04:47 AM
Thanks a lot @to4kawa  This is working.    Thanks once again.   ... View more

Re: replacing large numeric values with 0

by in Reporting
‎07-02-2020 03:58 AM
‎07-02-2020 03:58 AM
Hi @renjith_nair  This is giving error as Error='The 'mvmap' function is unsupported or undefined.'.  ... View more

Re: replacing large numeric values with 0

by in Reporting
‎07-02-2020 03:57 AM
‎07-02-2020 03:57 AM
index=metrics HCTELEM AND (deviceid=B2* OR deviceid =B3*) | fields + mac uptime deviceid payload version | eval payload = replace(payload, "\"\"", "\"") | spath input=payload output=Temp_wl0 path=Temp{0} | spath input=payload output=Temp_wl1 path=Temp{1} | spath input=payload output=Mem0 path=Mem{0} | spath input=payload output=Mem1 path=Mem{1} | spath input=payload output=CPU0 path=CPU{0} | spath input=payload output=CPU1 path=CPU{1} | spath input=payload output=CPU2 path=CPU{2} | spath input=payload output=WiFi_txop0 path=WiFi{}.txop{0} | spath input=payload output=WiFi_txop1 path=WiFi{}.txop{1} | spath input=payload output=DSL_Bearer0_Up path=DSL{}.Bearer{}.0{}.UpDn{0} | spath input=payload output=DSL_Bearer0_Dn path=DSL{}.Bearer{}.0{}.UpDn{1} | spath input=payload output=DSL_Bearer0_RsUnCorr0 path=DSL{}.Bearer{}.0{}.RsUnCorr{0} | spath input=payload output=DSL_Bearer0_RsUnCorr1 path=DSL{}.Bearer{}.0{}.RsUnCorr{1} | spath input=payload output=DSL_MaxUp path=DSL{}.MaxUpDn{0} | spath input=payload output=DSL_MaxDn path=DSL{}.MaxUpDn{1} | spath input=payload output=DSL_Retrain path=DSL{}.Retrain | spath input=payload output=DSL_CRC0 path=DSL{}.CRC{0} | spath input=payload output=DSL_CRC1 path=DSL{}.CRC{1} | spath input=payload output=DSL_ES0 path=DSL{}.ES{0} | spath input=payload output=DSL_ES1 path=DSL{}.ES{1} | spath input=payload output=DSL_SES0 path=DSL{}.SES{0} | spath input=payload output=DSL_SES1 path=DSL{}.SES{1} | spath input=payload output=Eth0_LinkUp path=Eth{}.0{}.LinkUp | spath input=payload output=Eth0_Type path=Eth{}.0{}.Type | spath input=payload output=Eth1_LinkUp path=Eth{}.1{}.LinkUp | spath input=payload output=Eth1_Type path=Eth{}.1{}.Type | stats max(_time) as max_time min(_time) as min_time max(deviceid) as deviceid latest(version) as version count as number_of_metrics latest(_time) as _time latest(uptime) as uptime max(CPU0) as xCPU0 max(CPU1) as xCPU1 max(CPU2) as xCPU2 max(Mem0) as xMem0 max(Mem1) as xMem1 max(WiFi_txop0) as xWiFi_txop0 max(WiFi_txop1) as xWiFi_txop1 max(DSL_MaxUp) as xDSL_MaxUp max(DSL_MaxDn) as xDSL_MaxDn max(Temp_wl0) as xTemp_wl0 max(Temp_wl1) as xTemp_wl1 min(CPU0) as mCPU0 min(CPU1) as mCPU1 min(CPU2) as mCPU2 min(Mem0) as mMem0 min(Mem1) as mMem1 min(WiFi_txop0) as mWiFi_txop0 min(WiFi_txop1) as mWiFi_txop1 min(DSL_MaxUp) as mDSL_MaxUp min(DSL_MaxDn) as mDSL_MaxDn min(Temp_wl0) as mTemp_wl0 min(Temp_wl1) as mTemp_wl1 avg(CPU0) as aCPU0 avg(CPU1) as aCPU1 avg(CPU2) as aCPU2 avg(Mem0) as aMem0 avg(Mem1) as aMem1 avg(WiFi_txop0) as aWiFi_txop0 avg(WiFi_txop1) as aWiFi_txop1 avg(DSL_MaxUp) as aDSL_MaxUp avg(DSL_MaxDn) as aDSL_MaxDn avg(Temp_wl0) as aTemp_wl0 avg(Temp_wl1) as aTemp_wl1 max(Eth*) as Eth* last(DSL_Retrain) as DSL_Retrain max(DSL_Bearer0_RsUnCorr0) as xDSL_Bearer0_RsUnCorr0 min(DSL_Bearer0_RsUnCorr0) as mDSL_Bearer0_RsUnCorr0 by mac | makeresults | eval _raw="xTemp_wl0" | multikv forceheader=1 | stats list(xTemp_wl0) as xTemp_wl0 | table xTemp_wl0 | eventstats avg(eval(mvmap(xTemp_wl0,if(xTemp_wl0>100,0,xTemp_wl0)))) as average       This is the full Query. The data is in Json format so i have parsed it. but unable to get the average.  This is also giving error as - Error in 'eventstats' command: The eval expression for dynamic field 'eval(mvmap(xTemp_wl0,if(xTemp_wl0>100,0,xTemp_wl0)))' is invalid. Error='The 'mvmap' function is unsupported or undefined.'.   @to4kawa    Thanks   ... View more

Re: replacing large numeric values with 0

by in Reporting
‎07-02-2020 01:30 AM
‎07-02-2020 01:30 AM
Yes it is muti value column  with more than million values. sample of few values xTemp_wl0 48 50 43 60 60 54 61 60 1161181233 43 60 49   Thanks  ... View more

replacing large numeric values with 0

by in Reporting
‎07-02-2020 12:45 AM
‎07-02-2020 12:45 AM
Hi, I have a dataset with column name as  WiFi_txop0  and values as 48,54,76,78,87,77,254311,65,99,65,.......... I want to replace the value of 254311 as 0 so that i could get a good average. I am using following query. index=mmm | stats avg(aWiFi_txop0) as WiFi_txop0 | eval WiFi_txop0_new = if(WiFi_txop0 > 100, 0, WiFi_txop0) | eval usage_percent = round(WiFi_txop0_new,0) | fields + usage_percent   But i am not getting result as 0. Please help.   Thanks  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-02-2020 02:12 PM
Karma given to
View All