×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
rjgreg
Explorer
Member since: ‎09-16-2021
‎04-27-2022
Community Statistics
Posts 5
Solutions 1
Karma Given 5
Karma Received 1
Member Since ‎09-16-2021
Activity Feed
View All

Re: Unable to rename _time as Time

by in Splunk Search
‎10-01-2021 11:50 AM
‎10-01-2021 11:50 AM
@woodcock    I have been dragging though a ton of these threads trying to find a simple way to fix how my field _time output information.  I just wanted the date, so I took off the time aspect of your command and BOOM. Thank you. | rename _time AS Date | fieldformat Date = strftime(Date, "%Y-%m-%d") Output: Date 2021-10-01 ... View more

Re: Comparing Latency from a Subnet to 3 different...

by in Splunk Search
‎09-21-2021 05:30 AM
1 Karma
‎09-21-2021 05:30 AM
1 Karma
@richgalloway   I tried to send this yesterday, but it seems to have been lost in the ether.  The |stats command you gave me didn't output anything in the statistics  view.  I figured out the problem and solved it with the | dedup command you can see in the complete search below.  I added a few fields for the table as well, for tracking.  Thank you for your help.  Not sure I would have found the solution without your help. index="wineventlog" host="mgmt" source="wineventlog:application" "EventCode=999" "SourceName=NetworkLatencyCheck" | sort 1 - _time | mvexpand SubnetSourceLatencyDestinationSiteLocationStatus | rex Field=SubnetSourceLatencyDestinationSiteLocationStatus "^(?<Subnet>.*),\$(?<Source>.*),\$(?<Latency>.*),\$(?<Destination>.*),\$(?<Site>.*),\$(?<Location>.*),\$(?<Status>.*)" | regex Source="(\d{1,3}\.(\d{1,3}\.(\d{1,3}\.(\d{1,3})" | stats min(Latency) as latency by Subnet, Destination, Location, _time | dedup Subnet sortby +Latency | sort Subnet | table Subnet Latency Destination Location _time   ... View more

Re: Comparing Latency from a Subnet to 3 different...

by in Splunk Search
‎09-20-2021 06:46 AM
‎09-20-2021 06:46 AM
@richgalloway  I'm still very new to writing Splunk commands.  How would the head command look?  In the current table, I have a total of 201 results.  There are three destinations, so each subnet appears three times in the table, like the example below.  Is it possible to use the head command per subnet to end up with 67 results (1/3rd of the results), which would be comprised of the best connection for each subnet? Thank you for your help    ***Example Output Before*** Subnet                  Latency          Destination 192.10.10                8                      a03-vcenter 192.10.10                87                    a05-vcenter 192.10.10               152.75            a08-vcenter 192.1.1                   13                      a05-vcenter 192.1.1                    25                     a08-vcenter 192.1.1                   48                      a03-vcenter ***Example of desired output*** Subnet                  Latency          Destination 192.10.10                8                      a03-vcenter 192.1.1                   13                      a05-vcenter ... View more

Re: Comparing Latency from a Subnet to 3 different...

by in Splunk Search
‎09-20-2021 06:25 AM
‎09-20-2021 06:25 AM
@richgalloway  Thank you.  The output for the stats command organized the subnets from fastest to slowest, which is a big help. Do you know of a way to drop the slower two destinations?  The chart output I am looking for will list the fastest connection for each subnet and exclude the other two  destinations for each.   ... View more

Comparing Latency from a Subnet to 3 different des...

by in Splunk Search
‎09-17-2021 10:57 AM
‎09-17-2021 10:57 AM
I am testing network latency from various subnets to 3 different VCenters.  The output gives me 3 results per subnet IP. How do I have Splunk see the values per subnet and output the best of the three options?   I am fairly new to this and the tutorial got me this far.  Any constructive help would be appreciated. Current Search is below.   index="wineventlog" host="mgmt" source="wineventlog:application" "EventCode=999" "SourceName=NetworkLatencyCheck" | sort 1 - _time | mvexpand SubnetSourceLatencyDestinationSiteLocationStatus | rex Field=SubnetSourceLatencyDestinationSiteLocationStatus  "^(?<Subnet>.*),\$(?<Source>.*),\$(?<Latency>.*),\$(?<Destination>.*),\$(?<Site>.*),\$(?<Location>.*),\$(?<Status>.*)" | regex Source="(\d{1,3}\.(\d{1,3}\.(\d{1,3}\.(\d{1,3})" | table Subnet Latency Destination ***Example Output*** Subnet                  Latency          Destination 192.10.10               152.75            a08-vcenter 192.10.10                87                    a05-vcenter 192.10.10                8                      a03-vcenter 192.1.1                    25                     a08-vcenter 192.1.1                   13                      a05-vcenter 192.1.1                   48                      a03-vcenter ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-27-2022 01:57 PM
Karma from
View All
Karma given to
View All