Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About AruBhende
AruBhende
Explorer
Member since:
03-19-2021
01-21-2023
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 03-19-2021 |
Activity Feed
- Posted Re: Is it possible to do a Splunk query that can give me difference in values on Getting Data In. 01-20-2023 07:05 PM
- Karma Re: Is it possible to do a Splunk query that can give me difference in values for scelikok. 01-20-2023 07:05 PM
- Posted Re: Is it possible to do a Splunk query that can give me difference in values on Getting Data In. 01-20-2023 06:21 PM
- Posted Is it possible to do a Splunk query that can give me difference in values? on Getting Data In. 01-20-2023 05:33 PM
- Tagged Is it possible to do a Splunk query that can give me difference in values? on Getting Data In. 01-20-2023 05:33 PM
- Posted Re: Count by Hour by day on Getting Data In. 06-09-2022 06:14 AM
- Posted Re: Count by Hour by day on Getting Data In. 06-09-2022 04:34 AM
- Posted Re: Count by Hour by day on Getting Data In. 06-09-2022 03:55 AM
- Posted How to search for Count by day by hour or half hour? on Getting Data In. 06-08-2022 08:01 PM
- Tagged How to search for Count by day by hour or half hour? on Getting Data In. 06-08-2022 08:01 PM
- Posted Getting last of a column value in a table on Splunk Search. 01-13-2022 03:22 PM
- Karma Re: Setting up earliest and latest time with relative date and fixed time for richgalloway. 03-23-2021 03:37 AM
- Posted Setting up earliest and latest time with relative date and fixed time on Splunk Search. 03-19-2021 10:29 AM
- Tagged Setting up earliest and latest time with relative date and fixed time on Splunk Search. 03-19-2021 10:29 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-20-2023
07:05 PM
Sorry, it was a mistake on my part. It should have been sourceCorrelationId instead of correlationId. Both are valid keys in the log. When I used sourceCorrs a am accepting that elationId in the example you provided, it worked. I am accepting that as solution. Thanks for your help.
... View more
01-20-2023
06:21 PM
Hi, I tried it but it is not giving the difference, it is giving all the correlation ids. For STAGEA, there are about 55000 events returned and for STAGEB, about 50000. The above query is returning 105,000 events, whereas I want to get only the 5000 - which is the difference. Is it possible ? Thanks
... View more
01-20-2023
05:33 PM
We have ingested into Splunk logs from our application - these logs include two keys - stageType and correlation id, along with other keys. I have to find a list of correlation ids that are returned for one stageType and not for other stageType. I realise Splunk queries cannot be written similar to SQL I am not very conversant with Splunk - I just normally get by - using simpler queries.
Hence hoping, someone can help me with a query that gives me the list - so I can do further analysis to find out the reason for differences, which should not normally exist.
Is it possible to do it in Splunk? Can someone help me with the query?
index=grp-applications sourcetype="kafka:status" stageType IN ("STAGEA", "STAGEB" ) env=qa | dedup env, correlationId, stageType | stats count by env, correlationId, stageType
Thank you
... View more
06-09-2022
06:14 AM
This is not returning any data - I also tried changing the _time to publish date like below index=our-applications env=prod | eval publishTime=strptime(eventPublishTime, "%Y-%m-%dT%H:%M:%S.3N%Z") | bin span=30m publishTime | convert timeformat="%H:%M" ctime(publishTime) AS PublishHrMin | convert timeformat="%Y-%m-%d" ctime(publishTime) AS PublishDate | stats c(PublishHrMin) AS PublishHrMinCount by PublishDate, parentEventName, PublishHrMinMinCount by PublishDate, parentEventName, PublishHrMin Am I missing something or doing something wrong ? Thanks
... View more
06-09-2022
04:34 AM
Thanks @ITWhisperer . After your earlier suggestion for correcting the format, I got the query to show me the hour / minute. But I want to count by that hour / minute in half hour range. i.e. if PublishHrMin is between say 10:30 and 11:00 - then they should be counted together and be able to display the range as 10:30-11:00 Is it possible to do it that way? My current count by _time per day Thanks again
... View more
06-08-2022
08:01 PM
I need to get count of events by day by hour or half-hour using a field in splunk log which is a string whose value is date - e.g. eventPublishTime: 2022-05-05T02:20:40.994Z
I tried some variations of below query, but it doesn't work. How should I formulate my query?
index=our-applications env=prod
| eval publishTime=strptime(eventPublishTime, "%Y-%m-%dT%H:%M:%SZ")
| convert timeformat="%H:%M" ctime(publishTime) AS PublishHrMin
| convert timeformat="%Y-%m-%d" ctime(_time) AS ReceiptDate | stats c(ReceiptDate) AS ReceiptDateCount by ReceiptDate, parentEventName,, PublishHrMin
Thank you
... View more
- Tags:
- count by hour
Labels
- Labels:
-
field extraction
-
time
01-13-2022
03:22 PM
I have a splunk query that returns results like this. I want to modify the query such that I get the latest row for UtilityJarVersion when everything else - other column values are same. How can I modify my query to get the result I need? BitBucket_Project MicroserviceName Env _time BitBucket_Project MicroserviceName Env UtilityJarVersion 1/13/22 4:09 PM bb-project1 microservice1 DEV 1.0.105 1/11/22 6:39 AM bb-project2 microservice2 DEV 1.0.105 1/12/22 11:22 AM bb-project2 microservice2 DEV 1.0.106 1/12/22 7:00 PM bb-project3 microservice3 DEV 1.0.106 1/12/22 9:28 AM bb-project3 microservice4 DEV 1.0.106 1/12/22 6:33 PM bb-project4 microservice5 DEV 1.0.106 1/11/22 6:40 AM bb-project5 microservice6 DEV 1.0.105 1/12/22 6:43 PM bb-project5 microservice6 DEV 1.0.106 That is, my expected result would look like _time BitBucket_Project MicroserviceNAme Env UtilityJar 1/13/22 4:09 PM bb-project1 microservice1 DEV 1.0.105 1/12/22 11:22 AM bb-project2 microservice2 DEV 1.0.106 1/12/22 7:00 PM bb-project3 microservice3 DEV 1.0.106 1/12/22 9:28 AM bb-project3 microservice4 DEV 1.0.106 1/12/22 6:33 PM bb-project4 microservice5 DEV 1.0.106 1/12/22 6:43 PM bb-project5 microservice6 DEV 1.0.106 Thank you
... View more
Labels
- Labels:
-
table
03-19-2021
10:29 AM
I am trying to define a query where I have to use the earliest time as 2 days ago at 22:20:45 and latest time 1 day ago at 22:20:45 I tried different formats below earliest=-2d@:22h:20m:45s latest=-1d@d+20h+30m+45s But - I am not sure if these are correct and also how can I check if this translates to the date and time I am trying to set. Thank you
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-21-2023
06:25 AM
|
