Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About HelloItsMe76
HelloItsMe76
Explorer
Member since:
02-02-2022
12-19-2022
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 02-02-2022 |
Activity Feed
- Got Karma for Re: Fix column name and evalute times. 12-19-2022 08:16 AM
- Posted Re: Fix column name and evalute times on Splunk Search. 12-19-2022 07:53 AM
- Posted How to fix column name and evaluate times? on Splunk Search. 12-16-2022 01:42 PM
- Tagged How to fix column name and evaluate times? on Splunk Search. 12-16-2022 01:42 PM
- Posted Re: How to display only a substring of result set? on Splunk Search. 09-12-2022 01:45 PM
- Karma Re: How to display only a substring of result set? for scelikok. 09-12-2022 01:45 PM
- Posted How to display only a substring of result set? on Splunk Search. 09-12-2022 12:23 PM
- Posted Re: Create a table with max and sum values on Splunk Search. 07-14-2022 08:47 AM
- Posted Re: Create a table with max and sum values on Splunk Search. 07-14-2022 08:46 AM
- Posted How to create a table with max and sum values on Splunk Search. 07-14-2022 08:27 AM
- Posted Re: How can i search 1 host at a time when index hits a number of hosts. on Splunk Search. 02-03-2022 08:37 AM
- Posted How can i search 1 host at a time when index hits a number of hosts. on Splunk Search. 02-02-2022 10:33 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
12-16-2022
01:42 PM
I have a dbquery ouput that looks like the below, unfortunately i cant update the actual database query to make it more readable...
2022-12-16 21:30:17.689, TO_CHAR(schema.function(MAX(columnA)),'MM-DD-YYHH24:MI')="12-16-22 16:29"
I am trying to whether time the 2 times at the begining and end of the results are within 15 mins of each other. I have tried renaming the column from the long stupid string but i cant get that working using the rename function. does anyone have any ideas how to rename (or if i even need to) and then evaluate whether the times are within 15 mins of each other?
the query i ran to get the above is just <index="abc">
... View more
- Tags:
- time column rename
Labels
- Labels:
-
rex
09-12-2022
01:45 PM
thanks, that worked.
... View more
09-12-2022
12:23 PM
When i search for the string "ERROR" in a log i get the below
<
DEBUG : blah blah
INFO : blah blah blah
ERROR : <some error string>
More blah blah
>
I want to only show the whole line that starts with ERROR. The length of the error line is variable.
How can i do this?
I do understand that fixing the line breaks formatting in prop.conf might be a quicker way but i dont have access to that file so would like to do it in the result head. thanks in advance.
... View more
Labels
- Labels:
-
subsearch
07-14-2022
08:47 AM
actually it did work. i had been using 'by Category' on both fields. thanks for the help!
... View more
07-14-2022
08:46 AM
Hey, thanks for the response. yes i have and it returns the correct data for the 2 fields but it doesnt pass in the Category field which i need. How can i get all 3 fields?
... View more
07-14-2022
08:27 AM
I have a table like the below
Category | Time | Count of string
A | t-5mins | 18
A | t-10mins | 7
A | t-15mins | 10
A | t-20 mins | 1
B | t-5mins | 6
B | t-10 mins | 18
I would like to create a table with the latest (max) time and the sum of the count by category so that i get this
Category | Max Time | Sum
A | t-5mins | 36
B | T-5mins | 24
I can get the max time and the sum individually into a table but am having issues getting them both into 1 table - the time and sum values are coming up blank.
Can someone advise please?
... View more
02-03-2022
08:37 AM
Thanks for the reply.. one small update to my original post is that it should read "duration > 2" at the end. to clarify - both strings will appear in all the 10 hosts. at the moment my search is comparing strings from different hosts, it should not do that. I understand i can create 10 alerts (1 for each host), but i would like to find a more efficient way and do it in 1 alert. So i am looking to go through each host in the source / index and evaluate string1 vs string2 on host1, then go to host2 and so on up to host10.
... View more
02-02-2022
10:33 AM
I have an index which searches across 10 hosts. I am comparing 2 strings and evaluating the results to see if there is an issue that needs alerting. The results are being messed up as its evaluating the 2 strings from 2 different boxes - ie string1 on hostA against string2 on hostB. It should be string1 on host1 against string2 on host1. Then go to host2 , host3 ..... host10. How can i get my search to either sequentionally go through each host or have the results group by host to not show results that have come from 2 diff hosts. current logic is: index="abc" "string1 OR string2" | transaction startswith="string1" endswith="string2" | where count>2
... View more
Labels
- Labels:
-
stats
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-19-2022
12:10 PM
|
