cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
smanojkumar
Contributor
Member since: ‎07-16-2021
a week ago
Community Statistics
Posts 165
Solutions 0
Karma Given 45
Karma Received 0
Member Since ‎07-16-2021
Activity Feed
Topics I've Started
View All

Re: Passing a mutiple values of label in input dro...

by in Splunk Search
2 weeks ago
2 weeks ago
Hi @yuanliu ,    Thanks for your reply.    Sorry for not briefing it properly. 1. data input is from lookup site_ids.csv is  displayname                   prefix abc12                                23456789 qwe14                               78945612 rty12                                 12356789 yuui13                               56897412 Here I need to display displayname field value in input dropdown as a multi select value, also I would like to pass label that is prefix to my search as well. lets say, If i select displayname fields values as  abc12                                qwe14                                rty12        I need to see these values in input dropdown and need to pass the below prefix to the search in dashboard panel      23456789 78945612 12356789  as ("23456789", "78945612","12356789 "), which needs to be used in IN command                   Here is the search where i will be using the prefix token in search index=abc sourcetype=sc* | fields _time index Eventts FIELD* source IPC | search IPC IN ($my_token$) | fields - source Hope I'm clear now, please let me know if there are anything. Thanks! ... View more

Re: Passing a mutiple values of label in input dro...

by in Splunk Search
2 weeks ago
2 weeks ago
Hello @yuanliu ,    Thanks for your reply.    Already the query of input dropdown can pass multiselect values, here I'm having two field values one id for field for label and another one is for field for value. I need to pass field for value to the search, which is working fine in the current search, But i need to pass field for label values to the search, where us its a multi select values. Please let me know if i missed anything. Thanks! ... View more

Passing a mutiple values of label in input dropdow...

by in Splunk Search
2 weeks ago
2 weeks ago
Hello There,    I would like to pass mutiple values in label, Where in the current search i can able to pass onlu one values at a time, <input type="multiselect" token="siteid" searchWhenChanged="true"> <label>Site</label> <choice value="*">All</choice> <choice value="03">No Site Selected</choice> <fieldForLabel>displayname</fieldForLabel> <fieldForValue>prefix</fieldForValue> <search> <query> | inputlookup site_ids.csv |search displayname != "ABCN8" AND displayname != "ABER8" AND displayname != "AFRA7" AND displayname != "AMAN2" </query> <earliest>-15m</earliest> <latest>now</latest> </search> <delimiter>_fc7 OR index=</delimiter> <suffix>_fc7</suffix> <default>03</default> <initialValue>03</initialValue> <change> <eval token="form.siteid">case(mvcount('form.siteid') == 2 AND mvindex('form.siteid', 0) == "03", mvindex('form.siteid', 1), mvfind('form.siteid', "\\*") == mvcount('form.siteid') - 1, "03", true(), 'form.siteid')</eval> </change> <change> <set token="tokLabel">$label$</set> </change> </input> I need to pass this label value as well, which is a multiselect value. Thanks! ... View more
Labels

Issues in multiselect input dropdown

by in Splunk Search
3 weeks ago
3 weeks ago
Hello There,    I'm hvaing issues in multiselect input dropdown <input type="multiselect" token="siteid" searchWhenChanged="true"> <label>Site</label> <choice value="*">All</choice> <choice value="03">No Site Selected</choice> <fieldForLabel>displayname</fieldForLabel> <fieldForValue>prefix</fieldForValue> <search> <query> | inputlookup site_ids.csv | search displayname != "ABN8" AND displayname != "ABR8" AND displayname != "ABRA7" AND displayname != "ABMAN2" </query> <earliest>-15m</earliest> <latest>now</latest> </search> <delimiter>_fc7 OR index=</delimiter> <suffix>_fc7</suffix> <default>03</default> <initialValue>03</initialValue> <change> <eval token="form.siteid">case(mvcount('form.siteid') == 2 AND mvindex('form.siteid', 0) == "03", mvindex('form.siteid', 1), mvfind('form.siteid', "\\*") == mvcount('form.siteid') - 1, "03", true(), 'form.siteid')</eval> </change> </input> <input type="multiselect" token="system_number" searchWhenChanged="true"> <label>Node</label> <choice value="*">All</choice> <default>*</default> <initialValue>*</initialValue> <fieldForLabel>Node</fieldForLabel> <fieldForValue>sys_number</fieldForValue> <change> <eval token="form.system_number">case(mvcount('form.system_number') == 2 AND mvindex('form.system_number', 0) == "*", mvindex('form.system_number', 1), mvfind('form.system_number', "\\*") == mvcount('form.system,_number') - 1, "*", true(), 'form.system_number')</eval> </change> <search> <query>| inputlookup node.csv | fields site prefix Node sys_number | eval token_value = "$siteid$" | eval site_val = if(match(token_value, "OR\s*index="), split(replace(token_value, "\s*OR\s*index=\s*", ","), ","), token_value) | where prefix=site_val | dedup Node | table Node sys_number</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <prefix>"</prefix> <suffix>"</suffix> <valueSuffix>","</valueSuffix> <delimiter> </delimiter> </input> the problem here is, I need to have field for label as Node but , When I'm selecting an value in siteid, then selecting a value in Node, after that selecting the secong value in Siteid, the node change its value to sys_number, but actually it should be Node, as we mentioned fields label as Node only but it changes to sys_number.    this only happens after selecting any values in Node, if we select values in siteid, the Node behaved wierd. Other eise its fine, Thanks! ... View more
Labels

Re: Adding zoom in option to timeline chart

by in Splunk Search
‎11-14-2024 01:17 AM
‎11-14-2024 01:17 AM
Hi @bowesmana & @ITWhisperer ,    Thanks for your reply!    I have tried using selection but facing some error even after this warning this is not working. "Invalid child="selection" is not allowed in node="viz" " <row> <panel> <title>status</title> <viz type="timeline_app.timeline"> <search> <query>index=$siteid$ sourcetype=logs* CAT IN ("TAT") _raw=*** (NOT CODE=* OR CODE IN ("T11")) | head 100000 | eval Eventts_date=substr(Eventts,1,10) | eval Eventts_time=substr(Eventts,12,8) | eval Eventts_new=Eventts_date." ".Eventts_time | eval _timee=strptime(Eventts_new,"%Y-%m-%d %H:%M:%S.%6N") | fillnull value="N/A" ............................. | eval displayname="Operational".displayname | table _time displayname FIELD_01 duration | append [ search index=$siteid$ sourcetype=FSC* CAT IN ("ST") _raw=*** (NOT CODE=* OR CODE IN ("Ad13")) | head 100000 | eval Eventts_date=substr(Eventts,1,10) | eval Eventts_time=substr(Eventts,12,8) | eval Eventts_new=Eventts_date." ".Eventts_time | eval _timee=strptime(Eventts_new,"%Y-%m-%d %H:%M:%S.%6N") .............................. | table _time displayname FIELD_01 duration ] </query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> <sampleRatio>1</sampleRatio> </search> <option name="drilldown">none</option> <option name="height">460</option> <option name="refresh.display">progressbar</option> <option name="timeline_app.timeline.axisTimeFormat">SECONDS</option> <option name="timeline_app.timeline.colorMode">categorical</option> <option name="timeline_app.timeline.maxColor">#DA5C5C</option> <option name="timeline_app.timeline.minColor">#FFE8E8</option> <option name="timeline_app.timeline.numOfBins">6</option> <option name="timeline_app.timeline.tooltipTimeFormat">SECONDS</option> <option name="timeline_app.timeline.useColors">1</option> <option name="trellis.enabled">0</option> <option name="trellis.scales.shared">1</option> <option name="trellis.size">medium</option> <selection> <set token="selection.earliest">$start$</set> <set token="selection.latest">$end$</set> <set token="start.count">$start.count$</set> <set token="end.count">$end.count$</set> </selection> <drilldown><link target="_blank">search?q= <query>index=$siteid$ sourcetype=FSC* CAT IN ("TAT") _raw=*** (NOT CODE=* OR MARKCODE IN ("TZ11")) | head 100000 | where _time &gt;= $selection.earliest$ AND _time ?&lt;= $selection.latest$ | eval Eventts_date=substr(Eventts,1,10) | eval Eventts_time=substr(Eventts,12,8) | eval Eventts_new=Eventts_date." ".Eventts_time | eval _timee=strptime(Eventts_new,"%Y-%m-%d %H:%M:%S.%6N") .................. | table _time displayname FIELD_01 duration | append [ search index=$siteid$ sourcetype=FSC* CAT IN ("ST") _raw=*** (NOT CODE=* OR CODE IN ("Ak03")) | head 100000 | eval Eventts_date=substr(Eventts,1,10) | eval Eventts_time=substr(Eventts,12,8) | eval Eventts_new=Eventts_date." ".Eventts_time | eval _timee=strptime(Eventts_new,"%Y-%m-%d %H:%M:%S.%6N") ............................................ | eval displayname="Maintenance".displayname | table _time displayname FIELD_01 duration ] </query></link></drilldown> </viz> </panel> </row> ... View more

Adding zoom in option to timeline chart

by in Splunk Search
‎11-13-2024 04:11 AM
‎11-13-2024 04:11 AM
Hello All,    I'm having a timeline chart, I would like to add zoom in to this chart when we drang and select some lines, it needs to zoom.    Can anyone hekp to find this. Thanks in Advance! ... View more
Labels

Dowloading results of table to .csv file

by in Splunk Search
‎11-12-2024 04:01 AM
‎11-12-2024 04:01 AM
Hello Splunkers,     I'm getting proper results without any selction in input dropdown, I can able to download the results of that particular table but when I'm making any selection in dahsboard, since its having the base search, its loading results will all fields in base search rather than the fields mentioned in that table. here is the query, <panel> <title>Raw Data</title> <!-- HTML Panel for Spinner --> <input type="text" token="value" searchWhenChanged="true"> <label>Row Data per Page</label> <default>20</default> <initialValue>20</initialValue> </input> <input type="radio" token="field3" searchWhenChanged="true"> <label>Condition_1</label> <choice value="=">Contains</choice> <choice value="!=">Does Not Contain</choice> <default>=</default> <initialValue>=</initialValue> </input> <input type="text" token="search" searchWhenChanged="true"> <label>All Fields Search_1</label> <default>*</default> <initialValue>*</initialValue> <prefix>"*</prefix> <suffix>*"</suffix> </input> <input type="checkbox" token="field4"> <label>Add New Condition</label> <choice value="0">Yes</choice> </input> <input type="dropdown" token="field5" searchWhenChanged="true" depends="$field4$"> <label>Expression</label> <choice value="AND">AND</choice> <choice value="OR">OR</choice> <default>AND</default> <initialValue>AND</initialValue> </input> <input type="radio" token="field6" searchWhenChanged="true" depends="$field4$"> <label>Condition_2</label> <choice value="=">Contains</choice> <choice value="!=">Does Not Contain</choice> <default>=</default> <initialValue>=</initialValue> </input> <input type="text" token="search2" searchWhenChanged="true" depends="$field4$"> <label>All Fields Search_2</label> <default>*</default> <initialValue>*</initialValue> <prefix>"*</prefix> <suffix>*"</suffix> </input> <html> <a class="btn btn-primary" role="button" href="/api/search/jobs/$export_sid$/results?isDownload=true&amp;timeFormat=%25FT%25T.%25Q%25%3Az&amp;maxLines=0&amp;count=0&amp;filename=Event_Logs&amp;outputMode=csv">Download CSV</a> </html> <html depends="$showSpinner3$"> <!-- CSS Style to Create Spinner using animation --> <style> .loadSpinner { margin: 0 auto; border: 5px solid #FFF; /* White BG */ border-top: 5px solid #3863A0; /* Blue */ border-radius: 80%; width: 50px; height: 50px; animation: spin 1s linear infinite; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } <!-- CSS override to hide default Splunk Search Progress Bar --> #panel1 .progress-bar{ visibility: hidden; } </style> <div class="loadSpinner"/> </html> <table> <search base="base_search_index"> <progress> <!-- Set the token to Show Spinner when the search is running --> <set token="showSpinner3">true</set> </progress> <done> <!-- Unset the token to Hide Spinner when the search completes --> <unset token="showSpinner3"></unset> </done> <query>| sort _time |eval _raw=displayname.","._raw | table _raw | appendpipe [| stats count | where count == 0 | eval _raw="No Data Found for selected time and filters" | table _raw ]</query> <done> <set token="export_sid">$job.sid$</set> </done> </search> <option name="count">$value$</option> <option name="dataOverlayMode">none</option> <option name="drilldown">none</option> <option name="percentagesRow">false</option> <option name="refresh.display">progressbar</option> <option name="rowNumbers">false</option> <option name="totalsRow">false</option> <option name="wrap">true</option> <format type="color" field="_raw"> <colorPalette type="map">{"No Data Found for selected time and filters":#D41F1F}</colorPalette> </format> </table> </panel> ... View more
Labels

unset the inputput dropdown to default

by in Splunk Search
‎11-11-2024 03:18 AM
‎11-11-2024 03:18 AM
Hello Splunkers,    I have created a input dropdown where i need to reset all input drodpdown irrespective of the selections made to the default value of the fields.    Here i can chnage the values that were passed to the search but I weren't unable to change the values that were present in input dropdown. <input type="radio" token="field3" searchWhenChanged="true"> <label>Condition_1</label> <choice value="=">Contains</choice> <choice value="!=">Does Not Contain</choice> <default>=</default> <initialValue>=</initialValue> </input> <input type="text" token="search" searchWhenChanged="true"> <label>All Fields Search_1</label> <default>*</default> <initialValue>*</initialValue> <prefix>"*</prefix> <suffix>*"</suffix> </input> <input type="checkbox" token="field4"> <label>Add New Condition</label> <choice value="1">Yes</choice> </input> <input type="dropdown" token="field5" searchWhenChanged="true" depends="$field4$" rejects="$reset_all_field_search$"> <label>Expression</label> <choice value="AND">AND</choice> <choice value="OR">OR</choice> <default>AND</default> <initialValue>AND</initialValue> </input> <input type="radio" token="field6" searchWhenChanged="true" depends="$field4$" rejects="$reset_all_field_search$"> <label>Condition_2</label> <choice value="=">Contains</choice> <choice value="!=">Does Not Contain</choice> <default>=</default> <initialValue>=</initialValue> </input> <input type="text" token="search2" searchWhenChanged="true" depends="$field4$" rejects="$reset_all_field_search$"> <label>All Fields Search_2</label> <default>*</default> <initialValue>*</initialValue> <prefix>"*</prefix> <suffix>*"</suffix> </input> <input type="checkbox" token="field14" depends="$field4$"> <label>Add New Condition</label> <choice value="1">Yes</choice> </input> <input type="dropdown" token="field15" searchWhenChanged="true" depends="$field14$" rejects="$reset_all_field_search$"> <label>Expression</label> <choice value="AND">AND</choice> <choice value="OR">OR</choice> <default>AND</default> <initialValue>AND</initialValue> </input> <input type="radio" token="field16" searchWhenChanged="true" depends="$field14$" rejects="$reset_all_field_search$"> <label>Condition_3</label> <choice value="=">Contains</choice> <choice value="!=">Does Not Contain</choice> <default>=</default> <initialValue>=</initialValue> </input> <input type="text" token="search12" searchWhenChanged="true" depends="$field14$" rejects="$reset_all_field_search$"> <label>All Fields Search_3</label> <default>*</default> <initialValue>*</initialValue> <prefix>"*</prefix> <suffix>*"</suffix> </input> <input type="checkbox" token="reset_all_field_search" searchWhenChanged="true"> <label>Reset All field search</label> <choice value="reset_all_field_search">Yes</choice> <delimiter> </delimiter> <change> <condition value="reset_all_field_search"> <unset token="search"></unset> <set token="search">*</set> <unset token="search2"></unset> <set token="search2">*</set> <unset token="search12"></unset> <set token="search12">*</set> <unset token="field4"></unset> <set token="field4">*</set> <unset token="field5"></unset> <set token="field5">*</set> </condition> </change> </input> please help me to fix this. Thanks! ... View more
Labels

Re: Finding the length of multivalue/singlevalue f...

by in Splunk Search
‎11-04-2024 10:23 PM
‎11-04-2024 10:23 PM
Hello @zksvc ,     Thanks again!     I'm facing error in this line "unbalanced quotes" | eval lengths = mvmap(code_list, len(trim('code_list', '"'))) So ihave modified this as  | eval lengths = mvmap(code_list, len(trim('code_list', "\""))) though eval is not accepting "*" as a token value in code. Thanks! ... View more

Re: Finding the length of multivalue/singlevalue f...

by in Splunk Search
‎11-04-2024 07:25 PM
‎11-04-2024 07:25 PM
Hello @zksvc ,    Thanks for your prompt response and Thanks for your time!     It works but my token value will be enclosed with  ("token_value"),  Lets say token and results can be Token                             Result             Reason ("*")                                  value_1         Since the length of "*" is 1, we need pass value1 ( "abc")                           value_2         Since the length of "abc" is 3, we need pass value2 ("ajd","abc","sd")         value_2         Since the length of "ajd" is 3, we need pass value2 The purpose of this is, My use case is to find wheather the token consists of "*" in it or not, Since its a inputdropdown of multivalue field, If i use mv commands it only works for multivalues but at some cases we will be getting single value from the input dropdown, So i need a condition to work in both the cases. Thanks! ... View more

Finding the length of multivalue/singlevalue field

by in Splunk Search
‎11-04-2024 06:59 PM
‎11-04-2024 06:59 PM
Hello There,     I would like to pass two diffrent values as a token, the search consists of code as a token, where code field can be single values or with multiple values, we need to calculate the length and if the length is equal to 1, then we need pass value_1., if the length is greater than 1, then we need to pass value_2 in a new token, index=03_f123456 sourcetype=logs*  (CODE IN ($code$)) | eval x=len($code$) | eval y=if(x=1,"value_1",value_2") |dedup y |table y Thanks in advance! ... View more
Labels

Re: Passing a diffrent base search based on the se...

by in Splunk Search
‎10-29-2024 08:58 PM
‎10-29-2024 08:58 PM
Hello @ITWhisperer ,     Hope i have added more information, please let me know if i need to add any other info. Actual need is, I'm having a field where sometimes i will get empty value, When i'm selecting All in input drodown the values can be anything, it can be empty as well but when we choose any specific value in input drodown, we don't need to consider empty values, so I planned to create 2 base searches, one is when we choose all in input drodown, other is when we choose any values apart from All in input drodown, Since when we are choosing any other values in input drodown,  we can use | where isnotnull(field_name) | head 10000 which is not needed when we are selecting all in inputdrodown, since the data volume is huge . thanks! thanks! ... View more

passing diffrent base search based on inputput dro...

by in Splunk Search
‎10-29-2024 07:39 PM
‎10-29-2024 07:39 PM
Hello Splunkers,    I'm having a inputput dropdown field, when i'm selecting "*" in that input dropdown field, I need to pass base search 1 to all searches in dashboard, when I'm selecting any other values apart from "*". I need to pass base search 2 to all searches in dashboard. <form version="1.1"> <label>Clone sample</label> <search> <query> | makeresults | eval curTime=strftime(now(), "GMT%z") | eval curTime=substr(curTime,1,6) |rename curTime as current_time </query> <progress> <set token="time_token_now">$result.current_time$</set> </progress> </search> <search id="base_1"> <query> index=2343306 sourcetype=logs* | head 10000 | fields _time index Eventts IT _raw | fillnull value="N/A" </query> <earliest>$time_token.earliest$</earliest> <latest>$time_token.latest$</latest> </search> <search id="base_2"> <query> index=2343306 sourcetype=logs* | where isnotnull(CODE) | head 10000 | fields _time index Eventts IT CODE _raw | fillnull value="N/A" </query> <earliest>$time_token.earliest$</earliest> <latest>$time_token.latest$</latest> </search> <fieldset submitButton="false" autoRun="true"> <input type="radio" token="field1"> <label>field1</label> <choice value="All">All</choice> <choice value="M1">M1</choice> <choice value="A2">A2</choice> <change> <eval token="base_token">case("All"="field1", "base_1", "All"!="field1", "base_2")</eval> </change> </input> <input type="time" token="time_token" searchWhenChanged="true"> <label>Time Range</label> <default> <earliest>-60m@m</earliest> <latest>now</latest> </default> </input> </fieldset> <row> <panel> <table> <title>table</title> <search base="$base_token$"> <query>| table *</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> </form> I have tries passing token in input dropdown it dosent work, can you please help me in fixing this issue. Thanks! ... View more
Labels

Re: Passing a diffrent base search based on the se...

by in Splunk Search
‎10-29-2024 08:43 AM
‎10-29-2024 08:43 AM
Hello @ITWhisperer ,    I would like to pass based search to panels in dashboard   <search id="base_search_1"> <query> index=$siteid$ sourcetype=log* values IN (Ax01, Ms09) ..... | table * </query> <earliest>$time_token.earliest$</earliest> <latest>$time_token.latest$</latest> </search> <search id="base_search_2"> <query> index=$siteid$ sourcetype=log* Values IN (*) ..... | table * </query> <earliest>$time_token.earliest$</earliest>   I need to pass base_search_1 when a inut drodpown is selected with "All", when other values are selected in the input dropdown, it need to pass base_search_2 to the panel in dashboard. thanks! <latest>$time_token.latest$</latest> </search> the reason why i choose this is, Actually we are having a input dropdown field which may be empty at some time also we are filtering only head 10000 records as per need, So when the input dropdown field is selected with "All" values, we don't have any issues either the field can be with values or can be empty but when the inputdropdown field is having spome field values to be filtered then empty field should not be giving proper results, so instead of head 10000, we need to filter non empty values of 10k, rather than head 10k, also please suggest other possible efiicient way to do this. thanks! ... View more

Passing a diffrent base search based on the select...

by in Splunk Search
‎10-29-2024 03:29 AM
‎10-29-2024 03:29 AM
Hello Splunkers,    I would like to pass the two base search when input dropdown is set as all, i need to pass a base search, when other values apart from all is selected, it need to pass a diffrent base search. Thanks! ... View more
Labels

Re: Chart with Multiple fields on Y axis and time ...

by in Splunk Search
‎10-14-2024 09:59 AM
‎10-14-2024 09:59 AM
Hello @ITWhisperer ,    Is that be possible if all the field has only 2 values, that is been repeadily occuring. Also the numeric values can be replaced with text values as well. Thanks! ... View more

Chart with Multiple fields on Y axis and time in X...

by in Splunk Search
‎10-14-2024 08:32 AM
‎10-14-2024 08:32 AM
Hello,    I would like to create chart with multiple fields in Y axis and time in x axis,  Y axis - FIELD_01 FIELD_02 FIELD_03 FIELD_04 FIELD_05 FIELD_06 (All field values are in strings and numbers as well) x axis - _time Lets say, If the FIELD_01 consists of values Stopped, Started, Stopped, Stopped In y axis it should change its values with some colours. FIELD_06     Field values FIELD_05     Field values FIELD_04     Field value FIELD_03     Field value FIELD_02     Field value FIELD_01     Field value Y axis/ x axis                                         _time Thanks in Advance! ... View more
Labels

Re: Conver to Hexadecimal code to bit value

by in Splunk Search
‎09-23-2024 04:26 AM
‎09-23-2024 04:26 AM
Hi @yuanliu & @ITWhisperer  & @tscroggins  & @PickleRick  & @dural_yyz ,     Thanks everyone for your time, it works for me. Thanks in Advance! ... View more

Re: Conver to Hexadecimal code to bit value

by in Splunk Search
‎09-23-2024 03:35 AM
‎09-23-2024 03:35 AM
Hi @ITWhisperer ,    Thanks, It works on that place. ... View more

Re: Conver to Hexadecimal code to bit value

by in Splunk Search
‎09-23-2024 02:23 AM
‎09-23-2024 02:23 AM
Hello @ITWhisperer ,    Thanks for your resposne!    If you don't mind changing the code as well. Thansk a lot for your resposne! ... View more

Re: Conver to Hexadecimal code to bit value

by in Splunk Search
‎09-23-2024 01:39 AM
‎09-23-2024 01:39 AM
Hello @ITWhisperer ,    Thanks for that.    I'm currebtly using Splunk Enterprise with Version 9.1.1, So thats the reason.    Any alternative way to work on this with this version? Thanks for pointing it out. regards, Manoj Kumar S ... View more

Re: Conver to Hexadecimal code to bit value

by in Splunk Search
‎09-23-2024 12:07 AM
‎09-23-2024 12:07 AM
Hello @yuanliu ,    Thanks for your response!     I'm having this error "Error in 'EvalCommand': The arguments to the 'tostring' function are invalid.", can you please help me in this. Thanks in advance! ... View more

Re: Conver to Hexadecimal code to bit value

by in Splunk Search
‎09-22-2024 11:09 PM
‎09-22-2024 11:09 PM
Hello @tscroggins ,    Thanks for your reply!    I'm having this error - "Error in 'EvalCommand': The 'bit_shift_right' function is unsupported or undefined." Can you help in resolving this error. Thanks in Advance! ... View more

Re: Conver to Hexadecimal code to bit value

by in Splunk Search
‎09-20-2024 11:46 AM
‎09-20-2024 11:46 AM
Hello @PickleRick ,    Sorry for the mistake!    I have edited in the post, Considering 0*63 is 01100011 Seperating the byte as with 2positions byte 0 - 01 -> 0000 0001 byte 1 - 10 -> 0001 0000 byte 2 - 00 -> 0000 0000 byte 3 - 11 -> 0001 0001 Combining it byte 3 byte 2 byte 1 byte 0 - 0001 0001 0000 0000 0001 0000 0000 0001 Counting the non zero postions  - 0, 12, 24, 28 These were the answers. please let me know if there are anything. Thanks in advance! ... View more

Re: Conver to Hexadecimal code to bit value

by in Splunk Search
‎09-20-2024 11:39 AM
‎09-20-2024 11:39 AM
Hi @dural_yyz ,    Thanks for your reply! please look at this example as well, also we are having hex_code as a single field value, from that field we are seperating bit 1 and bit 2,  bit position of the least significant bit Another example Hex code - 00200100 Seperate 2 bytes each  00/20/01/00 4 Byte bitmask Byte 0: HEX = 00 -  0000 0000 Byte 1: HEX = 20 - 0010 0000 Byte 2: HEX = 01 - 0000 0001 Byte 3: HEX = 00 - 0000 0000 Byte 3 Byte 2 Byte1 Byte 0 - 0000 0000 0000 0001 0010 0000 0000 0000 calculate the non zero th position values from right side Byte combination  - 0000 0000 0000 0001 0010 0000 0000 0000 Position -                                                               16       13        ...9 8765  4321 At position 14 and 17, we got 1 while counting from right side. so the bit value is 13 and 16. thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
a week ago
Karma given to