Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About DjNaGuRo
DjNaGuRo
Explorer
Member since:
05-15-2021
07-09-2021
Community Statistics
| Posts | 9 |
| Solutions | 1 |
| Karma Given | 3 |
| Karma Received | 2 |
| Member Since | 05-15-2021 |
Activity Feed
- Got Karma for Re: HTTP Event Collector: Is it possible to send multiple events in one API call?. 07-20-2022 04:36 PM
- Posted Re: Dashboard : Input's searches produce no results on Splunk Search. 07-09-2021 09:18 AM
- Posted Dashboard : Input's searches produce no results on Splunk Search. 07-09-2021 05:17 AM
- Tagged Dashboard : Input's searches produce no results on Splunk Search. 07-09-2021 05:17 AM
- Tagged Dashboard : Input's searches produce no results on Splunk Search. 07-09-2021 05:17 AM
- Tagged Dashboard : Input's searches produce no results on Splunk Search. 07-09-2021 05:17 AM
- Got Karma for Re: HTTP Event Collector: Is it possible to send multiple events in one API call?. 06-17-2021 05:09 PM
- Posted Re: HTTP Event Collector: Is it possible to send multiple events in one API call? on Getting Data In. 05-29-2021 12:36 AM
- Posted Re: HTTP Event Collector: Is it possible to send multiple events in one API call? on Getting Data In. 05-28-2021 06:38 AM
- Tagged Re: HTTP Event Collector: Is it possible to send multiple events in one API call? on Getting Data In. 05-28-2021 06:38 AM
- Tagged Re: HTTP Event Collector: Is it possible to send multiple events in one API call? on Getting Data In. 05-28-2021 06:38 AM
- Karma Re: HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B) for ITWhisperer. 05-17-2021 03:42 AM
- Karma Re: HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B) for ITWhisperer. 05-17-2021 03:30 AM
- Posted Re: HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B) on Splunk Search. 05-17-2021 03:06 AM
- Posted Re: HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B) on Splunk Search. 05-17-2021 02:50 AM
- Posted Re: HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B) on Splunk Search. 05-17-2021 12:53 AM
- Karma Re: HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B) for ITWhisperer. 05-15-2021 09:29 AM
- Posted Re: HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B) on Splunk Search. 05-15-2021 09:28 AM
- Posted HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B) on Splunk Search. 05-15-2021 04:26 AM
- Tagged HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B) on Splunk Search. 05-15-2021 04:26 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
07-09-2021
09:18 AM
Thanks for your help 😊
... View more
07-09-2021
05:17 AM
Hi everyone, I've an issue that I don't understand. As mentioned in subject, I'm realizing a dashboard with dropdown inputs where I'm using id and base attribute but my searches don't return any result. Notice that the last index time of my data is 06 july 2021. Here's the xml code of my dashboard. Thanks in advance for your kindly help! <form theme="dark">
<label>Advanced Dashboard</label>
<description>This is a dasboard build for learning purpose.</description>
<search id="base_search">
<query>index=splunk_tutorial sourcetype="access_combined_wcookie" status=200 earliest=1</query>
</search>
<fieldset submitButton="false">
<input type="dropdown" token="date_year" searchWhenChanged="true">
<label>field1</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>date_year</fieldForLabel>
<fieldForValue>date_year</fieldForValue>
<search base="base_search">
<query>| stats count by date_year</query>
</search>
</input>
<input type="dropdown" token="date_month" searchWhenChanged="true">
<label>field1</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>date_month</fieldForLabel>
<fieldForValue>date_month</fieldForValue>
<search base="base_search">
<query>| stats count by date_month</query>
</search>
</input>
<input type="dropdown" token="date_mday" searchWhenChanged="true">
<label>Days of Month</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>date_mday</fieldForLabel>
<fieldForValue>date_mday</fieldForValue>
<search base="base_search">
<query>| stats count by date_mday</query>
</search>
</input>
<input type="dropdown" token="date_wday" searchWhenChanged="true">
<label>Week days</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>date_wday</fieldForLabel>
<fieldForValue>date_wday</fieldForValue>
<search base="base_search">
<query>| stats count by date_wday</query>
</search>
</input>
<input type="dropdown" token="date_hour" searchWhenChanged="true">
<label>Hours</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>date_hour</fieldForLabel>
<fieldForValue>date_hour</fieldForValue>
<search base="base_search">
<query>| stats count by date_hour</query>
</search>
</input>
<input type="dropdown" token="country" searchWhenChanged="true">
<label>Countries</label>
<choice value="*">All</choice>
<default>*</default>
<fieldForLabel>Country</fieldForLabel>
<fieldForValue>Country</fieldForValue>
<search base="base_search">
<query>| iplocation clientip | stats count by Country</query>
</search>
</input>
</fieldset>
</form>
... View more
05-29-2021
12:36 AM
1 Karma
Please @dave_maclean, how did you deal with stacked JSON objects construction ? I've to construct it from the row of my file but I've faced problem with that in python such as "EOL ...", "Can't concat string with dict..." Thanks in advance to anyone who can help me to resolve this issue.
... View more
05-28-2021
06:38 AM
1 Karma
Hi! Please, how can we construct stacked (or batched) json object events from a file's rows ?
... View more
05-17-2021
02:50 AM
I have the following error when I run the query you proposed : Error in 'where' command: Type checking failed. 'XOR' only takes boolean arguments.
... View more
05-17-2021
12:53 AM
Sorry @ITWhisperer, I modified the question and your solution doesn't match. Before the WHERE clause I've a process on data.
... View more
05-15-2021
09:28 AM
It works. Thanks! index="training" | WHERE NOT [ search index="training" | table adminId | rename adminId as userId] | table userId userName userProfile
... View more
05-15-2021
04:26 AM
Hello everyone, I'm new in Splunk. My issue is to make an EXCEPT SQL query in SPL. Something like the following: index="trainning" sourcetype="userList"
| rex field=userId "\w(?<codeId>\w+)"
| WHERE NOT codeId IN [ search index="trainning" sourcetype="adminUserList"
| table adminId]
| table userId userName userProfile The problem it's that the subsearch doesn't return its result in appropriated format as ("adminid1", "adminid2", ..., "adminidN"). Thanks in advance for your answers and solutions. Sorry, I modified my question to take into account the real SPL query issue (I wasn't in front of my Pro PC last time)
... View more
- Tags:
- EXCEPT_Query
- spl
Labels
- Labels:
-
subsearch
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-09-2021
01:29 PM
|
