Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About anissabnk
anissabnk
Path Finder
Member since:
02-24-2021
7 hours ago
Community Statistics
| Posts | 35 |
| Solutions | 1 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 02-24-2021 |
Activity Feed
- Posted How do we display the date and time on monthly report? on Reporting. yesterday
- Posted Re: Help with creation of a table on Dashboards & Visualizations. Wednesday
- Posted Re: Help with creation of a table on Dashboards & Visualizations. Wednesday
- Posted How to create a table? on Dashboards & Visualizations. a week ago
- Posted Re: how to combine values on Splunk Search. a month ago
- Tagged Re: how to combine values on Splunk Search. a month ago
- Posted Re: how to combine values on Splunk Search. a month ago
- Posted Re: how to combine values on Splunk Search. a month ago
- Posted Re: how to combine values on Splunk Search. 02-24-2023 08:04 AM
- Posted Re: how to combine values on Splunk Search. 02-24-2023 06:31 AM
- Tagged Re: how to combine values on Splunk Search. 02-24-2023 06:31 AM
- Posted Re: how to combine values on Splunk Search. 02-24-2023 05:42 AM
- Posted Re: how to combine values on Splunk Search. 02-24-2023 02:51 AM
- Posted Re: how to combine values on Splunk Search. 02-24-2023 01:59 AM
- Tagged Re: how to combine values on Splunk Search. 02-24-2023 01:59 AM
- Posted Re: How to display map with no results on Splunk Enterprise. 02-24-2023 01:24 AM
- Posted Re: how to combine values on Splunk Search. 02-24-2023 12:16 AM
- Posted How to combine values? on Splunk Search. 02-23-2023 08:43 AM
- Posted How to display map with no results? on Splunk Enterprise. 02-23-2023 08:33 AM
- Posted Re: How to combien two search results on Splunk Search. 02-21-2023 05:51 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
yesterday
Hello everyone,
I need your help
Display the date and time of the monthly report update at the top of theReport.
Thank you so much
... View more
Labels
- Labels:
-
other
-
saved search
-
scheduled search
a week ago
Hello everyone, I have a question for you
I have this table :
But , I want to have first :
- the evenement Dépôt
in the second line :
the evenement Pré-contrôle
I don't know how to do this.
Can you help me please.
... View more
- Tags:
- splunk search
- table
a month ago
Hello, To precise something, `EasyVistaGeneric` "Statut" = "En service" AND ("Identifiant réseau"="IMP*" OR "Identifiant réseau"="ECR*" OR "Identifiant réseau"="PCW*") |dedup "Identifiant réseau" |eval entité=mvindex(split('Entité (complète)',"/"),0) |table entité |dedup entité For the fields entité, we have those fields : I want to merge the results of the fields marked with green : entité MTPM Toulon Opera Centre Communal d'Action Sociale Ecoles de Toulon Commune de Toulon Utilisateurs externes Metropole 2019 Le Revest ESAD Office Intercommunal du Tourisme METROPOLE TOULON PROVENCE MEDITERRANEE Prestataires DCSI Utilisateurs externes SIG Commune de Le Revest-les-Eaux Ecole Supérieure d'Art et Design METROPOLE TPM Caisse des ecoles de TOULON Opéra de Toulon CCAS de Toulon Office Intercommunal de Tourisme
... View more
- Tags:
- splunk
a month ago
`EasyVistaGeneric` "Statut" = "En service" AND ("Identifiant réseau"="IMP*" OR "Identifiant réseau"="ECR*" OR "Identifiant réseau"="PCW*") |dedup "Identifiant réseau" |eval entité=mvindex(split('Entité (complète)',"/"),0) | eval RESULT ='Commune de Toulon' + 'METROPOLE TPM' + 'MTPM' | timechart span=1y count by entité useother=f usenull=f | fields - 'Commune de Toulon' 'METROPOLE TPM' 'MTPM' |rename "count" as "Nombre" It doesn't work :
... View more
02-24-2023
08:04 AM
Ok, I want to have for the columns multiple entité : - I want to merge "METROPOLE TPM" colum with "MTPM" colum and "Toulon" and "Commune de Toulon" to have only one column instead of having 4 columns. That's what I want to display: CCAS de Toulon | Centre Communal d'Action Sociale | RESULT | Le Revest ...
... View more
02-24-2023
06:31 AM
Yes I know, But how I can modify my request to have both results : entité + RESULT ( as an "entité") `EasyVistaGeneric` "Statut" = "En service" AND ("Identifiant réseau"="IMP*" OR "Identifiant réseau"="ECR*" OR "Identifiant réseau"="PCW*")
|dedup "Identifiant réseau" |eval entité=mvindex(split('Entité (complète)',"/"),0)
| timechart span=1y count by entité useother=f usenull=f
... View more
- Tags:
- splunk
02-24-2023
05:42 AM
It doesn't work. I will explain what I want to have : I want to combine the results : and have a column named as "RESULT" which corresponds as new entité. Thanks
... View more
02-24-2023
01:59 AM
@ITWhisperer , thank you for your help My SPL : `EasyVistaGeneric` "Statut" = "En service" AND ("Identifiant réseau"="IMP*" OR "Identifiant réseau"="ECR*" OR "Identifiant réseau"="PCW*")
|dedup "Identifiant réseau" |eval entité=mvindex(split('Entité (complète)',"/"),0)
| timechart span=1y count by entité useother=f usenull=f
... View more
- Tags:
- splunk
02-24-2023
12:16 AM
Thank you for you answer I want also to display the other entity : fields entité Sa, How to specify that RESULT is a specific entité. Thank you
... View more
02-23-2023
08:43 AM
Hello
I have a question because I'm in trouble.
`EasyVistaGeneric` "Statut" = "En service" AND ("Identifiant réseau"="IMP*" OR "Identifiant réseau"="ECR*" OR "Identifiant réseau"="PCW*")
|dedup "Identifiant réseau" |eval entité=mvindex(split('Entité (complète)',"/"),0)
| timechart span=1y count by entité useother=f usenull=f
I want to combine the results of entité : "Commune de Toulon" + "METROPOLE TPM" +" MTPM" + "Toulon" in a same field that we can named as RESULT :
-> so I want to have : RESULT ="Commune de Toulon" + "METROPOLE TPM" +" MTPM" + "Toulon"
Can you help me please ?
Thanks
... View more
Labels
02-23-2023
08:33 AM
Hello I have a question 🙂
I am working on this map.
However, when "there are no resulst returned", I want to have the empty map and not this :
What can I do this ?
<dashboard version="1.1"> <label>HPE IMC</label> <row> <panel> <title>La liste des alarmes</title> <viz type="location_tracker_app.location_tracker"> <search> <query>index="imcfault" sourcetype="st_imcfault" severity=3 OR severity=4 | lookup switchs.csv ip AS sourceIp | rex field=location "^(?<latitude>.+?), (?<longitude>.+?)$" | eval latitude=if(isnull(latitude),"43.123888",latitude) | eval longitude=if(isnull(longitude),"5.953356",longitude) | table _time latitude longitude faultDesc</query> <earliest>-15m</earliest> <latest>now</latest> </search> <option name="height">800</option> <option name="location_tracker_app.location_tracker.interval">10</option> <option name="location_tracker_app.location_tracker.showTraces">0</option> <option name="location_tracker_app.location_tracker.staticIcon">none</option> <option name="location_tracker_app.location_tracker.tileSet">light_tiles</option> <option name="refresh.display">progressbar</option> </viz> </panel> </row> </dashboard>
... View more
Labels
- Labels:
-
using Splunk Enterprise
02-20-2023
08:54 AM
-> For index="nexthink" sourcetype="st_nexthink_device" {"date": 1676910383.7157812, "asset": {"name": "PCW-TOU-74141", "score:Device performance/Boot speed": 0.0, "total_ram": 8589934592, "total_nonsystem_drive_usage": null, "total_nonsystem_drive_capacity": 0, "system_drive_usage": 0.26, "system_drive_capacity": 494586032128, "platform": "windows", "os_version_and_architecture": "Windows 10 Pro 21H2 (64 bits)", "number_of_days_since_last_boot": 28, "number_of_days_since_last_logon": 0, "number_of_monitors": 1, "cpu_model": "Intel Core i3-7100 CPU @ 3.90GHz", "device_type": "desktop", "distinguished_name": "/DC=org/DC=tpmed/DC=si/OU=VDTOULON/OU=postes/CN=PCW-TOU-74141", "entity": "Noral", "last_system_boot": "2023-02-20T09:55:07", "last_boot_duration": 17795, "last_ip_address": "10.150.115.2", "last_logon_duration": 20000, "last_logon_time": "2023-02-20T10:07:31", "mac_addresses": ["50:9A:4C:48:DE:3B"]}} -> For index=easyvista sourcetype=st_easyvista_generic {"date": 1676911288.1942825, "Date de r\u00e9solution": "20/02/2023 10:58:27", "D\u00e9lai de r\u00e9solution (hh:mm)": " 0:35", "D\u00e9lai de r\u00e9solution (min)": "35", "Enregistr\u00e9 le": "20/02/2023 10:23:39", "Entit\u00e9 (compl\u00e8te)": "Toulon/Direction Generale des Services/Direction Police Municipale", "Groupe responsable": "Centre de service", "N\u00b0 de demande": "S230220_007", "Origine de la demande": "Self Service", "Priorit\u00e9": "2", "Statut de la demande": "Cl\u00f4tur\u00e9"} The field annee : is an extract from this field corresponding to the year of the date , so, annee for this example : annee=2018 It refers to this part of the previous query : | rename "Identifiant réseau" as PC "Date d'installation" as dd | eval annee=mvindex(split(dd,"/"),-1) | eval date=strftime(now(),"%d/%m/%Y")
... View more
02-20-2023
08:49 AM
The syntax of the event of the search is similar to this : {"date": 1676910383.7157812, "asset": {"name": "PCW-TOU-74141", "score:Device performance/Boot speed": 0.0, "total_ram": 8589934592, "total_nonsystem_drive_usage": null, "total_nonsystem_drive_capacity": 0, "system_drive_usage": 0.26, "system_drive_capacity": 494586032128, "platform": "windows", "os_version_and_architecture": "Windows 10 Pro 21H2 (64 bits)", "number_of_days_since_last_boot": 28, "number_of_days_since_last_logon": 0, "number_of_monitors": 1, "cpu_model": "Intel Core i3-7100 CPU @ 3.90GHz", "device_type": "desktop", "distinguished_name": "/DC=org/DC=tpmed/DC=si/OU=VDTOULON/OU=postes/CN=PCW-TOU-74141", "entity": "Noral", "last_system_boot": "2023-02-20T09:55:07", "last_boot_duration": 17795, "last_ip_address": "10.150.115.2", "last_logon_duration": 20000, "last_logon_time": "2023-02-20T10:07:31", "mac_addresses": ["50:9A:4C:48:DE:3B"]}}
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
7 hours ago
|
