×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jack_sumatra
Explorer
Member since: ‎10-17-2020
‎07-13-2021
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎10-17-2020
Activity Feed
View All

P90 Latency

by in Splunk Search
‎07-13-2021 01:03 AM
‎07-13-2021 01:03 AM
I have a query like this   sourcetype=tseltdw tags{}= "request" | fillnull data.service,data.service1, api_revamp,data.status, tags{}, keyword, keyword_api,data.timeTaken | eval keyword_api=if(keyword LIKE "user/628%" OR keyword LIKE "user/08%" ,"user/msisdn",keyword) | eval data.service1= if(len('data.service')>200, "null",'data.service') | eval datex=strftime(_time,"%Y-%m-%d") | eval datetime=strftime(_time,"%Y-%m-%d %H:00:00") | eval hourx=strftime(_time,"%H") | eval data.uri3= if(len('data.uri2')>100, "null",'data.uri2') | stats count as trx by datex, hourx, datetime, data.service1, data.status, tags{}, data._id, keyword_api,api_revamp, data.timeTaken | sort data.timeTaken asc and return like this.  Can anyone help me how to return one value only with p90 percentile by data.timeTaken? Much appreciated for any help, thank you. ... View more
Labels

Different Results From Same Query

by in Splunk Search
‎02-23-2021 10:35 PM
‎02-23-2021 10:35 PM
I have question.   Can anyone explain why same search query given different results in different time range? This is time range between 2021-02-24, hour 08:00:00 to 10:59:59   This is time range between 2021-02-24, hour 09:00:00 to 09:59:59   Why the result on hour 09:00:00 different, one show 81 and the other one 387.   Thank you ... View more
Labels

Re: Change Delimeter for Export CSV

by in Splunk Search
‎10-18-2020 02:16 AM
‎10-18-2020 02:16 AM
I got the csv file from export option.  Thank you for the tricks, it works with small data. But can you help me with search query to replace delimiter, because with large data results my laptop just give up to open it. 😂 ... View more

Change Delimeter for Export CSV

by in Splunk Search
‎10-17-2020 10:13 AM
1 Karma
‎10-17-2020 10:13 AM
1 Karma
Just a quick question. I have no experience on Splunk, but my company just use it to collect data. My Splunk Query search :   sourcetype=st_file| fillnull clientTransactionID msisdn ocsID orderID applicationID productType providerName reponseCode responsedetail reponseMessage actiontype bNumber gatewayTransactionID | stats count as trx by _time clientTransactionID msisdn ocsID orderID applicationID productType providerName reponseCode responsedetail reponseMessage actiontype bNumber gatewayTransactionID     Then the result will be export to csv file like this :   "_time",clientTransactionID,msisdn,ocsID,orderID,applicationID,productType,providerName,reponseCode,responsedetail,reponseMessage,actiontype,bNumber,gatewayTransactionID,trx "2020-10-17T17:20:00.000+0700",023029300002187960,6281220636564,TC01,0,RBT0000,SP,RBT,2,"0|1630429199000|65","CHARGING_SUCCEEDED",F,000,"RBT0000:023029300002187960",1    Can anyone suggest me how to change delimiter from '"," to "|" on my search query?  I already read that we can change it from conf. files but since  I can't get access to those files, so i have no clue here.    Thank you ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-13-2021 08:52 AM
Karma from
View All
Karma given to
View All