×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
rajarshi2576
Explorer
Member since: ‎10-13-2020
‎10-15-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 3
Karma Received 1
Member Since ‎10-13-2020
Activity Feed
View All

Re: How to create time chart group by time and use...

by in #Random
‎10-14-2020 02:27 AM
1 Karma
‎10-14-2020 02:27 AM
1 Karma
Solved   index="tim" logGroup="/ecs/sit-ol-service-validator" "logEvents{}.message"="*Validating the User with userID*" | spath output=myfield path=logEvents{}.message | rex field=myfield "Validating the User with userID:(?<userId>[0-9]+) systemID:" | fields dc(userId) | timechart span=1h dc(userId) ... View more

Re: How to create time chart group by time and use...

by in #Random
‎10-13-2020 08:10 PM
‎10-13-2020 08:10 PM
It returns null as a table column  I exclude it by usenull=f It is giving userId wise count like for Today : userId1 in below row count 2 userId2 in below count 3. _time  |    userId1  | userId2 | Null 2020-10-14 | 11   | 0      | 11 2020-10-13 | 10 |   0 |      10     But I want per day total userId. let say for today total userId: 5 (not individually). _time |    total | 2020-10-14| 11 | 2020-10-13| 12  |   Hope its clear now   Thanks ... View more

How to create time chart group by time and userId

by in #Random
‎10-13-2020 04:31 AM
‎10-13-2020 04:31 AM
I have the below log text     2020-10-12 12:30:22.538 INFO 1 --- [ener-4] c.t.t.o.s.service.recServi : received users : {"userId":"12333","userType":"Normal"} 2020-10-12 12:30:22.538 INFO 1 --- [ener-4] c.t.t.o.s.service.recServi : Received usertype is:Normal 2020-10-12 12:30:22.540 INFO 1 --- [ener-4] c.t.t.o.s.s.ReceiverPrepaidService : Validating the User with userID:1233 systemID:111wdsa 2020-10-12 12:30:22.540 INFO 1 --- [ener-4] c.t.t.o.s.util.Common : The Reason Code is valid for UserId: 12333 userId:12333 2020-10-12 12:30:22.577 INFO 1 --- [ener-4] c.t.t.o.s.r.OlServiceValidatorDao : Saving User into DB ..... with User-ID:12333   ........   again same type of lines    I need to extract the userId and timestamp from    line : Validating the User with userID:1233 systemID:111wdsa   I am able to extract userId and group by it with count   index="tim" logGroup="/ecs/strr" "logEvents{}.message"="*Validating the User with userID*" | spath output=myfield path=logEvents{}.message | rex field=myfield "(?<=Validating the User with userID*:)(?<userId>[0-9]+)(?= systemID:)"  table userId | dedup userId | stats count values(userId) by userId     but can not extract the time stamp and create the time chart with userId group by timestamp from all log text   Any help would really help ful for us     ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-15-2020 07:26 AM
Karma from
View All
Karma given to
View All