Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Rapidz
Rapidz
Explorer
Member since:
02-18-2022
01-10-2023
Community Statistics
| Posts | 13 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 0 |
| Member Since | 02-18-2022 |
Activity Feed
- Posted Re: How to set up an Alert when the count exceeds 100 in a week? on Splunk Search. 01-10-2023 09:02 AM
- Karma Re: How to set up an Alert when the count exceeds 100 in a week? for richgalloway. 01-10-2023 09:02 AM
- Posted Re: How to set up an Alert when the count exceeds 100 in a week? on Splunk Search. 01-10-2023 08:48 AM
- Karma Re: How to set up an Alert when the count exceeds 100 in a week? for richgalloway. 01-10-2023 08:43 AM
- Posted How to set up an Alert when the count exceeds 100 in a week? on Splunk Search. 01-05-2023 01:28 PM
- Posted How to add a field that sums cash value by device_id? on Splunk Search. 03-22-2022 01:43 PM
- Posted How to include results where count is 0 in a an existing search using a csv file? on Splunk Search. 03-18-2022 09:09 AM
- Tagged How to include results where count is 0 in a an existing search using a csv file? on Splunk Search. 03-18-2022 09:09 AM
- Posted Re: App Sessions Started 24 hour average (All Time) - How to? on Security. 03-02-2022 09:04 AM
- Posted App Sessions Started 24 hour average (All Time) - How to? on Security. 03-01-2022 02:36 PM
- Posted Need help with search result multiplied on Security. 02-28-2022 02:53 PM
- Karma Re: How to search average sessions started by hour? for richgalloway. 02-18-2022 11:06 AM
- Posted Re: How to search average sessions started by hour? on Security. 02-18-2022 11:00 AM
- Posted How to search average sessions started by hour? on Security. 02-18-2022 09:34 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-10-2023
09:02 AM
@richgalloway Ok that makes sense, So in my case does this look right?
... View more
01-10-2023
08:48 AM
@richgalloway When you say the placement of the of the earliest option may have to be moved, does it just have to move for the earliest command gets highlighted pink? The only way it gets highlighted pink is if it is formatted like this: 'Bitgo webhook error'
| stats count as Bitgo_Webhook_Errors earliest = -1w
| where Bitgo_Webhook_Errors >=100 I want to make sure I am understanding you properly, for this search will trigger when necessary. Thanks for the help!
... View more
01-05-2023
01:28 PM
I am setting up an alert to notify when a message is received more than a 100 times in a week. I figured it out for the total, but not within a week time range. Any help is appreciated. 'Bitgo webhook error' | stats count as Bitgo_Webhook_Errors | where Bitgo_Webhook_Errors >=100
... View more
Labels
- Labels:
-
stats
03-22-2022
01:43 PM
Currently my search query is:
sourcetype="transactions" AND (additionalMessage.requestUrl="*/cashIn/initialize" OR additionalMessage.requestUrl="*/cashIn/update" OR additionalMessage.requestUrl="*/cashIn/updateStatus" OR additionalMessage.requestUrl="*/cashIn/finalize") AND message != "Token time nonce*" message="POST - http://transactions/cashIn/finalize - RESPONSE_SENT" "additionalMessage.response.commissionPercentage"="0.15" | rename additionalMessage.requestBody.deviceId as device_id | stats count(message) as count by device_id | lookup ATMDeviceNames.csv device_id OUTPUT device_name | append [| inputlookup ATMDeviceNames.csv | table device_id device_name | eval count=0 ] | stats max(count) as count by device_id device_name | sort -count | rename count as "Completed Transactions"
it displays a statistics table like this:
device_id
device_name
Completed_Transactions
02f012-e0c-40d6-8ff5-2d2cba87b2
testdevice123
11
I would like to create an additional dashboard panel based on this table. I would like to swap the Completed_Transactions with a column called Total_Cash. I can see the cash amount per transaction under the name "additionalMessage.response.fiatAmount".
I would like to see the total cash amount per device displayed, can't seem to make it work. Any help would be greatly appreciated.
... View more
- Tags:
- field
- splunk-search
03-18-2022
09:09 AM
Currently I have a search query that will show when an event happens with the device_id, count, and the device name. The search is set up to count when an event happens, but I also want to know when the event doesn't happen, so it counts devices with 0 count. Here is my search: sourcetype="transactions" AND (additionalMessage.requestUrl="*/cashIn/initialize" OR additionalMessage.requestUrl="*/cashIn/update" OR additionalMessage.requestUrl="*/cashIn/updateStatus" OR additionalMessage.requestUrl="*/cashIn/finalize") AND message != "Token time nonce*" message="POST - http://transactions/cashIn/finalize - RESPONSE_SENT" |rename additionalMessage.requestBody.deviceId as device_id |stats count(message) by device_id |sort -count(message) |lookup DeviceNamesAll.csv device_id OUTPUT device_name Search will show this: device_id count(message) device_name 0297f12-e0ac-40d6-8ff5-2d2c2787b 45 Store12 37ca5c1-2c3f-41d-88d4-57f8b354c4 41 Store54 I cant figure out how to also count the device_id's that have a count of 0. If anyone could help it would be greatly appreciated!
... View more
- Tags:
- lookup
03-02-2022
09:04 AM
That search does not seem to work. The query I have can work for the last 24 hours. It would be great, if it could work for taking the average of all SESSIONS_STARTED across 24 hours to get a picture of when users start the app.
... View more
03-01-2022
02:36 PM
Hey everyone, I am trying to gauge at what time users are active on our app. I want to use data from (All time) to gather the average on a 24 hour scale. Is there a way for I can see the average time by hour. Right now this just shows the times when users login. It would be super useful for I can know how many users on average use the app by X AM/PM. My current query is: index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION |timechart span=1h count This query can gather the users by hour on a 24 hour scale, but not the average from (All time). If anyone could help, it would be greatly appreciated!
... View more
Labels
- Labels:
-
other
02-28-2022
02:53 PM
I have a search done on splunk and I need to take the output I receive and multiply it by 2.
My search query is:
index=app1 AND service=app AND logLevel=INFO AND environment=staging "message.eventAction"=COMPLETE_CREATE | stats dc(message.userId)
Upon using this search, I receive a distinct count of 8, but I want that number to multiply by 2. I cannot seem to figure out how to do this after reading other similar searches. I hope someone can help, it seems like it should not be this difficult for a simple multiplication.
... View more
Labels
- Labels:
-
other
02-18-2022
11:00 AM
Hey, Is there a way for I can see the average time by hour. Right now this just shows the times when users login. It would be super useful for I can know how many users on average use the app by X AM/PM.
... View more
02-18-2022
09:34 AM
Hey,
I am dealing with data from an app, and I am trying to figure out how to see what times of the day our app is most popular by hour. Im not sure how I can get an average of what times are popular of when users start the app.
If anyone could help, it would be greatly appreciated!
Heres the query I have been using to see users starting sessions:
index=app1 AND service=app AND logLevel=INFO AND environment=prod "message.eventAction"=START_SESSION
Thanks!
... View more
Labels
- Labels:
-
other
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-10-2023
03:11 PM
|
