Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About venky10
venky10
Loves-to-Learn Everything
Member since:
10-02-2020
10-04-2020
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 10-02-2020 |
Activity Feed
- Posted Re: Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. on Splunk Search. 10-04-2020 05:44 AM
- Posted Re: Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. on Splunk Search. 10-04-2020 05:22 AM
- Posted Re: Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. on Splunk Search. 10-03-2020 08:42 PM
- Posted Re: Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. on Splunk Search. 10-03-2020 08:16 AM
- Posted Re: Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. on Splunk Search. 10-03-2020 07:42 AM
- Posted Re: Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. on Splunk Search. 10-03-2020 06:03 AM
- Tagged Re: Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. on Splunk Search. 10-03-2020 06:03 AM
- Posted Re: Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. on Splunk Search. 10-03-2020 12:07 AM
- Posted Re: Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. on Splunk Search. 10-02-2020 11:29 PM
- Posted Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. on Splunk Search. 10-02-2020 08:59 AM
- Posted How to get the date time difference of two different formatted dates on Splunk Search. 10-02-2020 08:45 AM
- Tagged How to get the date time difference of two different formatted dates on Splunk Search. 10-02-2020 08:45 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
10-04-2020
05:44 AM
index=* host=* ("field1:: value1 createdOn1:: \"9/30/20 10:14 AM\", commonfield1::\"abds\" field2 ::valu2" OR "field:: value createdOn::\"2020-09-30 23:30:00\" commonfield2::\"abds, field2 ::valu2")
| rex "commonfield1::(?<aa>[^,]+),"
| rex "commonfield2::(?<aa>[^,]+),"
| eval epoch_createdOn1=strptime(createdOn,""%m/%d/%y %H:%M""
| stats min(epoch_createdOn -epoch_createdOn1) AS time_diff BY aa
| table time_diff this also does not work.
... View more
10-04-2020
05:22 AM
@gcusello the query you suggested works for correlating but i am unable to print difference bwn createdOn value from query1 with earliest values calculated after grouping. i.e, diff below is coming as empty. i think we are losing the epoch_CreatedOn after grouping. index=* host=* ("field1:: value1 createdOn:: \"9/30/20 10:14 AM\", commonfield1::\"abds\" field2 ::valu2" OR "field:: value createdOn::\"2020-09-30 23:30:00\" commonfield2::\"abds, field2 ::valu2")
| rex "commonfield1::(?<aa>[^,]+),"
| rex "commonfield2::(?<aa>[^,]+),"
| eval epoch_createdOn=strptime(createdOn,""%m/%d/%y %H:%M""
| stats earliest(epoch_createdOn) AS earliest BY aa
| eval diff = epoch_createdOn-earliest | table diff
... View more
10-03-2020
08:42 PM
@gcusello looks like its not working. (query1) OR (query2) | rex "CommonField1::(?<id>[^,]+)," | rex "CommonField2::(?<id>[^,]+)," | dedup id | table id Samples: query1= "index=* host=* " "field1:: value1 createdOn:: "9/30/20 10:14 AM", commonfield1::"abds", field2 ::valu2" query2 = "field:: value createdOn::"2020-09-30 23:31:00" commonfield2::"abds, field2 ::valu21" one more search result possible for query2 can be " field:: value createdOn::"2020-09-30 23:31:00" commonfield2::"Cbds, field2 ::valu21" This itself is not giving the common results by abds
... View more
10-03-2020
08:16 AM
will this part of your query | rex "commonfield1::(?<aa>[^,]+),"
| rex "commonfield2::(?<aa>[^,]+)," take care of values in both commonfield1 and commonfield2 to be same?
... View more
10-03-2020
07:42 AM
here the expected value for below example is ( 2020-09-30 20:30:00 - 2020-09-30 23:31:00) query1= "index=* host=* " "field1:: value1 createdOn:: "9/30/20 10:14 AM", commonfield1::"abds", field2 ::valu2" <<<<related 3 logs for above string is >>>> field:: value createdOn::"2020-09-30 23:31:00" commonfield2::"abds, field2 ::valu21 field:: value createdOn::"2020-09-30 23:32:00" commonfield2::"abds, field2 ::valu22 field:: value createdOn::"2020-09-30 23:33:00" commonfield2::"abds, field2 ::valu24 @ woodcock pls help.
... View more
10-03-2020
06:03 AM
i think, you got me wrong. @gcusello this is what i am trying to. I am getting lost here 😞 (index=* host=* " "field1:: value1 createdOn:: "9/30/20 10:14 AM", commonfield1::"abds", field2 ::valu2" | rex "commonfield1::(?<a1>[^,]+)," | eval epoch_createdOn=strptime(createdOn,"%m/%d/%y %H:%M") ) OR (index=* "field:: value createdOn::"2020-09-30 23:30:00" commonfield2::"abds, field2 ::valu2") | rex "commonfield2::(?<a2>[^,]+)," | eval epoch_createdOn=strptime(createdOn,""%m/%d/%y %H:%M"") | stats earliest(epoch_createdOn) AS earliest BY a2 | where a1==a2 | eval earliest- epoch_createdOn query1= "index=* host=* " "field1:: value1 createdOn:: "9/30/20 10:14 AM", commonfield1::"abds", field2 ::valu2" query2 = index=* "field:: value createdOn::"2020-09-30 23:30:00" commonfield2::"abds, field2 ::valu2" gives multiple results. Please help me here.
... View more
- Tags:
- .
10-03-2020
12:07 AM
Hi @gcusello thanks for the response. i got the gist of what you suggest. I need to pick latest createdOn value from log2/3/4 related to log1 and then find the difference of createdOn bwn log1 and log2/3/4 final value. Let me try the query, still figuring out the how to join by commonfield as very new to SPL.
... View more
10-02-2020
11:29 PM
Hi @gcusello thanks for the response. i just realised that for log1 there are mulutiple related logs sample log looks like this. log1 - "field1:: value1 createdOn:: "9/30/20 10:14 AM", commonfield:: "abds, field2 ::valu2" related logs- log2 - "field:: value createdOn::"2020-09-30 23:30:00" commonfield::"abds, field2 ::valu2" log3 - "field:: value createdOn::"2020-09-30 23:31:00" commonfield::"abds, field2 ::valu2" log4 - "field:: value createdOn::"2020-09-30 23:32:00" commonfield::"abds, field2 ::valu2" i need to take earliest createdOn among log2/3/4 based on commonfield value from log1 and print the diff of time bwn createdOn.
... View more
10-02-2020
08:59 AM
Hi, i am relatively newer to SPL, i have a usecase to evaluate time difference bwn two fields in two different logs with common data field in both query1 and query 2 sample log looks like this. log1 - "field1:: value1 createdOn1:: "9/30/20 10:14 AM", commonfield:: "abds" log2 - "field:: value createdOn2::"2020-09-30 23:30:00" commonfield::"abds" i have to correlate both of them by commonfieldValue and get difference of createdOn2-createdOn1 in seconds. Experts, could you help me with this?
... View more
10-02-2020
08:45 AM
Hi, i am relatively newer to splunk, looking for a solution to get time difference is a splunk sample log like this "attribute1::d1 a2::d2, expectedUpdateDate::2020-09-30 23:30:00, ActualUpdateDate::10/1/20 5:44 PM, CreatedDate::9/30/20 10:14 AM" i need to print both ActualUpdateDate -CreatedDate and expectedUpdateDate - CreatedDate in seconds. Experts , Could you pls help me here?
... View more
- Tags:
- datetime
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-04-2020
09:19 AM
|
