×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jugarugabi
Path Finder
Member since: ‎01-20-2021
‎11-15-2023
Community Statistics
Posts 26
Solutions 0
Karma Given 6
Karma Received 0
Member Since ‎01-20-2021
Activity Feed
Topics I've Started
View All

Re: Font size of entire dashboard (classic)

by SplunkTrust in Dashboards & Visualizations
‎11-16-2023 12:05 AM
‎11-16-2023 12:05 AM
You should look css and create your own to update those properties. ... View more

Re: Proper count from field results

by SplunkTrust in Splunk Search
‎12-30-2022 01:24 AM
‎12-30-2022 01:24 AM
Hi @jugarugabi, good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated 😉 ... View more

Re: Trimming information

by SplunkTrust in Splunk Search
‎05-06-2022 10:34 PM
‎05-06-2022 10:34 PM
Hi @jugarugabi, good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated 😉 ... View more

Re: Show last update from indexed csv file

by in Splunk Search
‎05-20-2021 03:21 AM
‎05-20-2021 03:21 AM
Yup, that did the trick.  Thanks mate! ... View more

Re: appendcols with proper info

by SplunkTrust in Splunk Search
‎03-23-2021 05:41 AM
‎03-23-2021 05:41 AM
You've run into the appendcols trap.  That command attaches its results to the results of the main search in the order they occur.  There is no matching of field values within the events.  Instead, try using append and then grouping the events by pod name. index=_pods pod=* project=project_name state="Running" | eventstats latest(_time) as current | where current=_time | stats count as Active by pod | append [| from inputlookup:"lookup_expected_pods_dk0766.csv"] | stats values(*) as * by pod | rename pod as "Pod Name" | table "Pod Name" "Active" "Expected" | fillnull "Active" ... View more

Re: Trimming last 8-9 chars from string

by in Splunk Search
‎03-02-2021 12:09 PM
‎03-02-2021 12:09 PM
Looks like this one produces the needed output as well as the solution provided by @ITWhisperer  Thanks, I upvoted this solution as well.  ... View more

Re: First column of table to be sticky

by in Dashboards & Visualizations
‎02-11-2021 10:32 PM
‎02-11-2021 10:32 PM
@ITWhisperer you're a life saver.  Thanks a lot! It worked and now I have the results as expected.  ... View more

Re: Sort issue

by in Splunk Search
‎02-06-2021 04:15 AM
‎02-06-2021 04:15 AM
So I needed to remove the # there for the sorting to work out.  Thanks! ... View more

Re: Replace and add digit

by in Splunk Search
‎02-04-2021 11:06 PM
‎02-04-2021 11:06 PM
Yup, this did the trick.  Thanks! ... View more

Create report with totals (pivot or through search...

by in Reporting
‎02-04-2021 02:08 AM
‎02-04-2021 02:08 AM
Hello all,  So, I am having the following information forwarded to splunk as sourcetype as below (with more than 15000 similar lines):     2021-Jan-14 09:07 2 servername2 instance1 2021-Jan-14 09:07:25.393 [transaction_string1] 79897 67163 OK 1 [269661] 97 28 OK     I don't have any kind of header of this text file that is forwarded to splunk but I do know how to create one using the Fields options - that won't be an issue.   I need to create a report that has the following specs: 1. Rows: "Scored" -  a rangemap for the value which is represented in the text file as 97 (after [269661]) range map should be: 0s-to-0.05s=1-50 0.05s-to-0.10s=51-100 0.10s-to-0.15s=101-150 0.15s-to-0.20s=151-200 0.20s-to-0.30s=201-300 0.30s-to-0.50s=301-500 0.50s-to-1s=501-1000 1s-to-2s=1001-2000 2s-to-3s=2001-3000 3s-to-5s=3001-5000 5s-to-30s=5001-30000 >30s=30001-99999 2. Columns:  - All: a sum(count) for each range present - if there are no records for a specific range, then 0 should be shown as a total.  - servername (alphabetically sorted) with instanceId (there are 2: 1 and 2 for each servername) - each one getting the count value for each range value in "Scored" mentioned above ---- if there are is 0 as count for a specific range on the servername and instanceid, then 0 should be shown for each servername and instanceid.  Now, by the looks of it, this can be achieved using a pivot.  So far, this is what I could've come up with:  The output I need should be similar to one below: Can anyone help me out on how to build up a search query to actually have the desired output? Thanks! ... View more
Labels

Re: Multiple queries on pivot report

by in Reporting
‎01-27-2021 11:02 AM
‎01-27-2021 11:02 AM
Tried with the search query:  index = app_events_dbdetect_actimize_event_us_uat sourcetype = txndata | rangemap field=Time_taken_AIS_tomcat 0s-to-0.05s=0-50 0.05s-to-0.10s=51-100 0.10s-to-0.15s=101-150 0.15s-to-0.20s=151-200 0.20s-to-0.30s=201-300 0.30s-to-0.50s=301-500 0.50s-to-1s=501-1000 1s-to-2s=1001-2000 2s-to-3s=2001-3000 3s-to-5s=3001-5000 5s-to-30s=5001-30000 >30s=30001-99999 | fillnull range value=NULL but this didn't helped either.  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-15-2023 10:54 AM
Karma given to