Activity Feed
- Posted Re: drilldown based on time on Splunk Search. 11-02-2020 05:13 AM
- Posted drilldown based on time on Splunk Search. 11-02-2020 02:34 AM
- Tagged drilldown based on time on Splunk Search. 11-02-2020 02:34 AM
- Tagged how to plot a time chart with average of some fields for some devices on Reporting. 09-18-2020 07:32 AM
- Tagged Re: how to plot a time chart with average of some fields for some devices on Reporting. 09-18-2020 07:31 AM
- Tagged Re: how to plot a time chart with average of some fields for some devices on Reporting. 09-18-2020 07:30 AM
- Posted Re: how to plot a time chart with average of some fields for some devices on Reporting. 09-18-2020 06:16 AM
- Posted Re: how to plot a time chart with average of some fields for some devices on Reporting. 09-18-2020 06:04 AM
- Posted Re: how to plot a time chart with average of some fields for some devices on Reporting. 09-18-2020 05:56 AM
- Posted how to plot a time chart with average of some fields for some devices on Reporting. 09-18-2020 04:58 AM
- Tagged how to plot a time chart with average of some fields for some devices on Reporting. 09-18-2020 04:58 AM
- Tagged search on aggregation on Splunk Search. 08-16-2020 11:16 AM
- Tagged search on aggregation on Splunk Search. 08-14-2020 02:59 AM
- Tagged search on aggregation on Splunk Search. 08-14-2020 02:59 AM
- Tagged search on aggregation on Splunk Search. 08-14-2020 02:59 AM
- Posted search on aggregation on Splunk Search. 08-13-2020 02:45 PM
- Tagged search on aggregation on Splunk Search. 08-13-2020 02:45 PM
- Tagged loops and lookup on Splunk Search. 07-19-2020 11:13 PM
- Tagged loops and lookup on Splunk Search. 07-19-2020 11:12 PM
- Posted loops and lookup on Splunk Search. 07-16-2020 07:13 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-02-2020
05:13 AM
i am not able to get the drilldown from the x-axis. This is my code: (index=hc_trials OR index=hc_prod) (HCREBOOT) $hubprod$ ($sversion1$) ($region$) $excludetest$ | search version="$form.sversion1$" | fields + mac resetid deviceid version _time | bin span=$spanres$ _time | stats dc(mac) AS devices BY resetid version _time deviceid | WHERE resetid = "HW" | timechart sum(devices) span=$spanres$ by version </search> <option name="charting.axisTitleX.text">Period</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.text">Number of reboots</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisY.abbreviation">auto</option> <option name="charting.axisY.scale">log</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">line</option> <option name="charting.chart.nullValueMode">zero</option> <option name="charting.chart.showDataLabels">minmax</option> <option name="charting.drilldown">all</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.mode">standard</option> <option name="charting.legend.placement">bottom</option> <option name="height">302</option> <option name="refresh.display">progressbar</option> <option name="trellis.enabled">0</option> <drilldown> <set token="form.sversion1">$click.value$</set> </drilldown>
... View more
11-02-2020
02:34 AM
Hi, the following pic shows the chart in the left hand side, i want a drilldown based on time when i click on the graph. for example when i click on the spike value-49, i should get all the values for that time when the spike has happened. TIA.
... View more
- Tags:
- Timechart drilldown
Labels
- Labels:
-
timechart
09-18-2020
06:16 AM
something like this for all 21 devices aggregated on daily basis. _time avg_Mem0 avg_Mem1 avg_CPU0 avg_CPU1 avg_CPU2 01-08-2020 28889 6777 8676 9898 1232 02-08-2020 28765 6875 8976 9676 1342 03-08-2020 26542 6543 8231 9754 1423 04-08-2020 26579 6231 8354 9543 1876
... View more
09-18-2020
06:04 AM
Actually i need the average of (Mem0) ,(Mem1) ,(CPU0) ,(CPU1) &(CPU2) for these 21 devices aggregated
... View more
09-18-2020
05:56 AM
I need the average of only these devices 24A7DCFFB120,24A7DCFFB480,24A7DCFFB730,3C8994CCFB80,24A7DCFFBB30,24A7DCFFA150,80721552DB50,3C8994718568,24A7DCFFAB78,3C8994558170,807215405D08,3C8994782528,3C8994667D78,3C8994788B70,3C899467CBC8,3C8994731588,24A7DCFFA650,3C8994763F88,3C8994764D68 can i use a where | where mac like (24A7DCFFB120,24A7DCFFB480,24A7DCFFB730,3C8994CCFB80,24A7DCFFBB30,24A7DCFFA150,80721552DB50,3C8994718568,24A7DCFFAB78,3C8994558170,807215405D08,3C8994782528,3C8994667D78,3C8994788B70,3C899467CBC8,3C8994731588,24A7DCFFA650,3C8994763F88,3C8994764D68)
... View more
09-18-2020
04:58 AM
Need to plot a time chart of some mac with average of Mem0, Mem1, CPU0, CPU1 and CPU2. (index=metrics OR index=hc_trials OR index=hc_prod) (HCTELEM OR HCJUNK) uptime>1800 | fields + payload version deviceid mac uptime | eval payload=replace(payload, "\"\"", "\"") | spath input=payload output=Mem0 path=Mem{0} | spath input=payload output=Mem1 path=Mem{1} | spath input=payload output=CPU0 path=CPU{0} | spath input=payload output=CPU1 path=CPU{1} | spath input=payload output=CPU2 path=CPU{2} | table mac Mem0 Mem1 CPU0 CPU1 CPU2 @thambisetty
... View more
Labels
- Labels:
-
data model
-
saved search
08-13-2020
02:45 PM
These are two question that that i need to solve. Memory loss by time *since boot* aggregated across entire population. Memory loss by wall clock time aggregated across entire population. base query (index=metrics OR index=hc_trials OR index=hc_prod) uptime>1800 (HCTELEM OR HCJUNK) | fields + payload version deviceid | eval payload=replace(payload, "\"\"", "\"") | spath input=payload output=Mem1 path=Mem{1} Please help me to solve this. TIA
... View more
07-16-2020
07:13 AM
These are few requirements. (I am splunk beginner Please help me) Plot out devices that degrade over time using specific outliers. input field to define the total degredation value calculate before time and after time and have this summarised per device. For each mac on telemetry: • First calculate the device’s uptime value e.g by calculating time delta (uptime < 1800) up to next (uptime < 1800). (note: if the next uptime is not found then just calculate time up to end period). • Take the memory data (freemem) from the first point and just BEFORE the next point at where the device was rebooted. • Show the device uptime based on time calculation between the two points. • Calculate the delta of memory (freemem) between the two points. This will need to be put into an indexing page with the query run across the entire telemetry base. The dashboard should have the following inputs: Time period (for before / after delta) + Leak Threshold (Number of bytes) + Span Exclude (removing test devices) + One column can show the device’s uptime and another column will show the memory degradation. the events look like this: 2020-07-14 06:43:37.0,0,ERROR,000000000000,na,na,na,na,na,na,na,na,"""na""",na,na,"{""bootid"":0,""deviceid"":""BC10164B002952"",""mac"":""9021063d8898"", ""payload"":{""CPU"":[2,9,85],""Mem"":[253360,124120],""CmsLock"":{""PID"":0,""Dur"":0,""PName"":""NULL"",""Fn"":""NULL""},""IFStat"":{""eth0.1"":[320838754,252147895], ""br0"":[413300414,21771493],""wl1"":[0,430467720],""wds1.2"":[51152432,2323764265],""wl0"":[437899257,6876453],""wds1.1"":[580685048,116947992],""eth0"":[3680810744,927584233]}, ""Eth"":{""0"":{""Type"":""100baseTx-FD."",""LinkUp"":1}},,""Temp"":[45,62]},""model"":""EE120"",""region"":""UK"",""resetid"":""FIRM_FUS"",""sw"":""2.20.2747.R"", ""topic"":""HCTELEM"",""uptime"":271031,""utc"":1594705390,""vc"":""na"",""wakereason"":""na"",""ver"":2}"
... View more
07-16-2020
12:27 AM
Thanks for that. there are few more requirements. Below are some of them. • Take the memory data (freemem) from the first point and just BEFORE the next point at where the device was rebooted. • Show the device uptime based on time calculation between the two points. • Calculate the delta of memory (freemem) between the two points. Reboot can be recognized by resetid
... View more
- Tags:
- @richgalloway
07-15-2020
06:48 AM
2020-07-14 06:43:37.0,0,ERROR,000000000000,na,na,na,na,na,na,na,na,"""na""",na,na,"{""bootid"":0,""deviceid"":""BC10164B002952"",""mac"":""9021063d8898"", ""payload"":{""CPU"":[2,9,85],""Mem"":[253360,124120],""CmsLock"":{""PID"":0,""Dur"":0,""PName"":""NULL"",""Fn"":""NULL""},""IFStat"":{""eth0.1"":[320838754,252147895], ""br0"":[413300414,21771493],""wl1"":[0,430467720],""wds1.2"":[51152432,2323764265],""wl0"":[437899257,6876453],""wds1.1"":[580685048,116947992],""eth0"":[3680810744,927584233]}, ""Eth"":{""0"":{""Type"":""100baseTx-FD."",""LinkUp"":1}},,""Temp"":[45,62]},""model"":""EE120"",""region"":""UK"",""resetid"":""FIRM_FUS"",""sw"":""2.20.2747.R"", ""topic"":""HCTELEM"",""uptime"":271031,""utc"":1594705390,""vc"":""na"",""wakereason"":""na"",""ver"":2}" this is basically raw data. here uptime is 271031. so we want devices uptime value which are less than 1800. by calculating time delta (uptime < 1800) up to next (uptime < 1800). (note: if the next uptime is not found then just calculate time up to end period).
... View more
07-15-2020
03:47 AM
how to calculate the device’s uptime value e.g time delta means time between (uptime < 1800) up to next (uptime < 1800). (note: if the next uptime is not found then just calculate time up to end period).
... View more
- Tags:
- delta time
Labels
- Labels:
-
search job inspector
-
subsearch
07-03-2020
04:56 AM
My Data set looks like this : temp CPU 45 93 54 95 65 91 75 90 43 89 so on so on I have used | table aTemp_wl1,mCPU2 | stats avg(mCPU2) by aTemp_wl1 to plot aline graph but unable to plot a scatter plot Please help!
... View more
- Tags:
- Scatter plot
Labels
- Labels:
-
summary indexing
07-02-2020
03:58 AM
Hi @renjith_nair This is giving error as Error='The 'mvmap' function is unsupported or undefined.'.
... View more
07-02-2020
03:57 AM
index=metrics HCTELEM AND (deviceid=B2* OR deviceid =B3*) | fields + mac uptime deviceid payload version | eval payload = replace(payload, "\"\"", "\"") | spath input=payload output=Temp_wl0 path=Temp{0} | spath input=payload output=Temp_wl1 path=Temp{1} | spath input=payload output=Mem0 path=Mem{0} | spath input=payload output=Mem1 path=Mem{1} | spath input=payload output=CPU0 path=CPU{0} | spath input=payload output=CPU1 path=CPU{1} | spath input=payload output=CPU2 path=CPU{2} | spath input=payload output=WiFi_txop0 path=WiFi{}.txop{0} | spath input=payload output=WiFi_txop1 path=WiFi{}.txop{1} | spath input=payload output=DSL_Bearer0_Up path=DSL{}.Bearer{}.0{}.UpDn{0} | spath input=payload output=DSL_Bearer0_Dn path=DSL{}.Bearer{}.0{}.UpDn{1} | spath input=payload output=DSL_Bearer0_RsUnCorr0 path=DSL{}.Bearer{}.0{}.RsUnCorr{0} | spath input=payload output=DSL_Bearer0_RsUnCorr1 path=DSL{}.Bearer{}.0{}.RsUnCorr{1} | spath input=payload output=DSL_MaxUp path=DSL{}.MaxUpDn{0} | spath input=payload output=DSL_MaxDn path=DSL{}.MaxUpDn{1} | spath input=payload output=DSL_Retrain path=DSL{}.Retrain | spath input=payload output=DSL_CRC0 path=DSL{}.CRC{0} | spath input=payload output=DSL_CRC1 path=DSL{}.CRC{1} | spath input=payload output=DSL_ES0 path=DSL{}.ES{0} | spath input=payload output=DSL_ES1 path=DSL{}.ES{1} | spath input=payload output=DSL_SES0 path=DSL{}.SES{0} | spath input=payload output=DSL_SES1 path=DSL{}.SES{1} | spath input=payload output=Eth0_LinkUp path=Eth{}.0{}.LinkUp | spath input=payload output=Eth0_Type path=Eth{}.0{}.Type | spath input=payload output=Eth1_LinkUp path=Eth{}.1{}.LinkUp | spath input=payload output=Eth1_Type path=Eth{}.1{}.Type | stats max(_time) as max_time min(_time) as min_time max(deviceid) as deviceid latest(version) as version count as number_of_metrics latest(_time) as _time latest(uptime) as uptime max(CPU0) as xCPU0 max(CPU1) as xCPU1 max(CPU2) as xCPU2 max(Mem0) as xMem0 max(Mem1) as xMem1 max(WiFi_txop0) as xWiFi_txop0 max(WiFi_txop1) as xWiFi_txop1 max(DSL_MaxUp) as xDSL_MaxUp max(DSL_MaxDn) as xDSL_MaxDn max(Temp_wl0) as xTemp_wl0 max(Temp_wl1) as xTemp_wl1 min(CPU0) as mCPU0 min(CPU1) as mCPU1 min(CPU2) as mCPU2 min(Mem0) as mMem0 min(Mem1) as mMem1 min(WiFi_txop0) as mWiFi_txop0 min(WiFi_txop1) as mWiFi_txop1 min(DSL_MaxUp) as mDSL_MaxUp min(DSL_MaxDn) as mDSL_MaxDn min(Temp_wl0) as mTemp_wl0 min(Temp_wl1) as mTemp_wl1 avg(CPU0) as aCPU0 avg(CPU1) as aCPU1 avg(CPU2) as aCPU2 avg(Mem0) as aMem0 avg(Mem1) as aMem1 avg(WiFi_txop0) as aWiFi_txop0 avg(WiFi_txop1) as aWiFi_txop1 avg(DSL_MaxUp) as aDSL_MaxUp avg(DSL_MaxDn) as aDSL_MaxDn avg(Temp_wl0) as aTemp_wl0 avg(Temp_wl1) as aTemp_wl1 max(Eth*) as Eth* last(DSL_Retrain) as DSL_Retrain max(DSL_Bearer0_RsUnCorr0) as xDSL_Bearer0_RsUnCorr0 min(DSL_Bearer0_RsUnCorr0) as mDSL_Bearer0_RsUnCorr0 by mac | makeresults | eval _raw="xTemp_wl0" | multikv forceheader=1 | stats list(xTemp_wl0) as xTemp_wl0 | table xTemp_wl0 | eventstats avg(eval(mvmap(xTemp_wl0,if(xTemp_wl0>100,0,xTemp_wl0)))) as average This is the full Query. The data is in Json format so i have parsed it. but unable to get the average. This is also giving error as - Error in 'eventstats' command: The eval expression for dynamic field 'eval(mvmap(xTemp_wl0,if(xTemp_wl0>100,0,xTemp_wl0)))' is invalid. Error='The 'mvmap' function is unsupported or undefined.'. @to4kawa Thanks
... View more
07-02-2020
01:30 AM
Yes it is muti value column with more than million values. sample of few values xTemp_wl0 48 50 43 60 60 54 61 60 1161181233 43 60 49 Thanks
... View more
07-02-2020
12:45 AM
Hi, I have a dataset with column name as WiFi_txop0 and values as 48,54,76,78,87,77,254311,65,99,65,.......... I want to replace the value of 254311 as 0 so that i could get a good average. I am using following query. index=mmm | stats avg(aWiFi_txop0) as WiFi_txop0 | eval WiFi_txop0_new = if(WiFi_txop0 > 100, 0, WiFi_txop0) | eval usage_percent = round(WiFi_txop0_new,0) | fields + usage_percent But i am not getting result as 0. Please help. Thanks
... View more
Labels
- Labels:
-
data model
-
saved search
-
summary indexing
