Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About anu1729
anu1729
Loves-to-Learn Lots
Member since:
02-07-2022
04-06-2022
Community Statistics
| Posts | 12 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 02-07-2022 |
Activity Feed
- Posted Re: Fill in 0 for dates when we have missing values in the chart on Splunk Search. 04-06-2022 12:40 AM
- Posted Re: Fill in 0 for dates when we have missing values in the chart on Splunk Search. 04-06-2022 12:03 AM
- Posted How to fill in 0 for dates when we have missing values in the chart? on Splunk Search. 04-05-2022 10:39 PM
- Posted Re: Eval field to get total count and plot the chart on Splunk Search. 04-04-2022 08:23 AM
- Posted Re: Eval field to get total count and plot the chart on Splunk Search. 04-04-2022 07:38 AM
- Posted Re: Eval field to get total count and plot the chart on Splunk Search. 04-04-2022 05:06 AM
- Posted Re: Eval field to get total count and plot the chart on Splunk Search. 04-04-2022 03:26 AM
- Posted How to search Eval field to get total count and plot the chart? on Splunk Search. 04-04-2022 02:48 AM
- Posted Re: nested case statements with eval on Splunk Search. 03-24-2022 12:01 AM
- Posted How to compare nested case statements with eval on Splunk Search. 03-23-2022 09:56 PM
- Tagged How to compare nested case statements with eval on Splunk Search. 03-23-2022 09:56 PM
- Posted Re: I am want to group together similar pattern of data , and plot a pie chart to see the percentage of it. on Splunk Search. 02-07-2022 03:26 AM
- Posted I am want to group together similar pattern of data , and plot a pie chart to see the percentage of it. on Splunk Search. 02-07-2022 03:00 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-06-2022
12:40 AM
Its not working as I was expecting
... View more
04-06-2022
12:03 AM
when I am running my query it is just plotting the graph only for those days when we have value for hqid, but we want to see dates for days as well if there is no hqid hit.
... View more
04-05-2022
10:39 PM
I am using below query to fill in 0 for dates when we have missing value and get those dates on the chart. But this is not working . Could anyone please help me here.
base search | eval timestamp_epoc = strptime(timestamp,"%Y-%m-%dT%H:%M:%S.%3N%Z") | eval date_picker = strftime(timestamp_epoc,"%Y-%m-%d") | search requestURI="/api/v1/home/reseller/*" | eval hqid = substr(requestURI,23,10) | search $hqid$ | eval status_success=if(httpStatus="200",1,0) | eval status_fail= if(httpStatus != "200",1,0) | stats sum(status_success) as status_success, sum(status_fail) as status_fail by hqid,date_picker | eval status = case( (status_fail>0 AND status_success>0), "Multiple successful logins", (status_fail>0), "Multiple failed logins", (status_success>0), "Successful logins",1=1, "Other") | fillnull value=0 date_picker hqid status | chart count(hqid) by date_picker,status
... View more
Labels
- Labels:
-
chart
04-04-2022
08:23 AM
how to include that and how we will get data in the stacked format.
... View more
04-04-2022
05:06 AM
Yes we are trying to get the count for those event which has not happened. we have used the below query to get the count of not-logged-in but we are not able to club with the eval statement for status. | eval hqid = substr(requestURI,23,10) | table hqid httpStatus | eval status_success=if(httpStatus="200",1,0) | eval status_fail= if(httpStatus != "200",1,0) | stats sum(status_success) as status_success, sum(status_fail) as status_fail by hqid | eval status = case((status_fail>0 AND 'status_success'>0), "multiple successful logins", ('status_fail'>0), "multi fail", ('status_success'>0), "successfull login",1=1, "Other") | eval logged_in = status_success+status_fail | eval not_logged_in = 28-logged_in we want the output to be in stacked form , like on a particular date how many of them were successful, multi-fail, multi-success and not logged in
... View more
04-04-2022
03:26 AM
streamstats is giving the total count at that time, but we need to get the not-logged -in value as we have fixed number of hqid and we want to check how many of them have not logged and how many of them are able to successfully log in , or multi-fail is happening, or multi-success
... View more
04-04-2022
02:48 AM
We want to get the number of successful login, multiple successful login, multi-fail logins and also number the of hqid which has not logged in i.e (total number of hqid - sum(successful login + multiple successful login + multi fail).
We have written below query, and we are able to get the number of successful login, multi-success login and as well multi-fail but I am not sure how to get the number for not logged-in case. Could anyone please help me here
base_search query | eval hqid = substr(requestURI,23,10) | table hqid httpStatus | eval status-success=if(httpStatus="200",1,0) | eval status-fail= if(httpStatus != "200",1,0)
| stats sum(status-success) as status-success, sum(status-fail) as status-fail by hqid | eval status = case(('status-fail'=0 AND 'status-success'>0), "successful-logins", ('status-fail'>0 AND 'status-success'>0), "multi-success", ('status-fail'>0 AND 'status-success'=0), "multi-fail", ('status-fail'>0), "fail",1=1, "Other"
... View more
03-23-2022
09:56 PM
Hi,
I am trying to use case keyword to solve a multiple nested statement but it is just giving me output for the else value, it seems like it is not going inside any other statement to check, Could anyone please help me here. I tired using multiple if statement with eval still I was having the same issue.
Problem statement : I want to compare the value of status-fail and status-success and on the basis of that we need to generate the output
case1 : if value of status-fail =0 and status-success>0 ---> successful logins
case2: if value of status-fail >0 and status-success>0 ---> multi-successful logins
case3: if value of status-fail >0 and status-success=0 ---> multi-fail
case4: if value of status-fail >0 ---> fail logins
Below is the query what I am using :
table hqid, httpStatus | eval status-success=if(httpStatus="200",1,0) | eval status-fail= if(httpStatus != "200",1,0) | stats sum(status-success) as status-success, sum(status-fail) as status-fail by hqid | eval status = case(status-fail = 0 AND status-success > 0, "successful-logins", status-fail > 0 AND status-success > 0, "multi-success", status-fail > 0 AND status-success=0, "multi-fail", status-fail > 0, "fail",1=1,"Others")
... View more
- Tags:
- case
Labels
- Labels:
-
eval
02-07-2022
03:26 AM
@ITWhisperer no this is only eval command I using here .
... View more
02-07-2022
03:00 AM
Below is the query I am trying to use to get the result but, its giving error for eval statement. Could anyone please help me here. index="application_name" | spath logger | search logger=" logging.transcation.filter "| spath event | search event = "responseActivity"| search requestURI IN (/login,/api/v1/user/profile,/api/v1/app/version,/api/v1/user/profile/pickey,/api/v1/home/reseller/*) | eval requestURI=case((requestURI="/api/v1/home/reseller/*"), "/api/v1/homepage")
... View more
Labels
- Labels:
-
eval
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-06-2022
02:00 AM
|
