Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About microsac
microsac
Explorer
Member since:
03-29-2022
04-02-2022
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 0 |
| Member Since | 03-29-2022 |
Activity Feed
- Posted Re: How to convert `_time` to the column and `host` as an index while using `mstats`? on Splunk Search. 03-31-2022 08:23 PM
- Posted Re: How to convert `_time` to the column and `host` as an index while using `mstats`? on Splunk Search. 03-31-2022 08:23 AM
- Posted Re: How to convert `_time` to the column and `host` as an index while using `mstats`? on Splunk Search. 03-31-2022 08:06 AM
- Karma Re: How to convert `_time` to the column and `host` as an index while using `mstats`? for somesoni2. 03-31-2022 08:06 AM
- Posted How to convert `_time` to the column and `host` as an index while using `mstats`? on Splunk Search. 03-31-2022 05:08 AM
- Karma Re: How to inject multiple host in the Splunk mstats for ITWhisperer. 03-30-2022 01:31 AM
- Posted How to inject multiple host in the Splunk mstats? on Splunk Search. 03-30-2022 12:45 AM
- Posted Re: how to round the values before decimal or upto 2 decimal points on Splunk Search. 03-29-2022 11:18 AM
- Karma Re: how to round the values before decimal or upto 2 decimal points for somesoni2. 03-29-2022 11:16 AM
- Posted How to round the values before decimal or upto 2 decimal points? on Splunk Search. 03-29-2022 10:41 AM
- Karma Re: How to take precision of decimal point for a particular feild for gcusello. 03-29-2022 07:11 AM
- Karma Re: How to take precision of decimal point for a particular feild for somesoni2. 03-29-2022 07:11 AM
- Posted Re: How to take precision of decimal point for a particular feild on Splunk Search. 03-29-2022 06:57 AM
- Posted How to take precision of decimal point for a particular field? on Splunk Search. 03-29-2022 05:36 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
03-31-2022
08:23 PM
@somesoni2 | eval host=mvindex(split(temp,"##"),0) <-- Can you please explain this ?
| eval _time=tonumber(mvindex(split(temp,"##"),1)) <-- Can you please explain this ?
| fields - temp | table host _time *
What is the meaning of using "##", does it has a special meaning here?
... View more
03-31-2022
08:23 AM
@dhirendra761 i tried that in the last line of search but did not list the host, it shows the host column but do not print the hostname's .. it turns blank.
... View more
03-31-2022
08:06 AM
@somesoni2 , this works can you explain the part you placed it working that will also help posterity.
... View more
03-31-2022
05:08 AM
How to convert `_time` to the column and `host` as an index while using `mstats`? | mstats avg(_value) prestats=true WHERE metric_name="cpu.*" AND index="*" AND (host="host01.example.com" OR host="host02.example.com" OR host="host03.example.com" OR host="host04.example.com" OR host="host05.example.com" OR host="host06.example.com" ) AND `sai_metrics_indexes` span=auto BY metric_name | timechart avg(_value) as "Avg" span=30m by metric_name | fillnull value=0 | foreach *[| eval "<<FIELD>>"=round('<<FIELD>>',2)] The above results in as follows: What is Desired: host _time cpu.idle cpu.interrupt cpu.nice cpu.softirq cpu.steal cpu.system cpu.user cpu.wait host01.example.com 2022-03-31 07:30:00 57.56 0.00 22.98 0.08 0.00 18.75 0.59 0.04 host01.example.com 2022-03-31 08:00:00 59.08 0.00 22.02 0.11 0.00 18.06 0.70 0.04 host01.example.com 2022-03-31 08:00:00 61.79 0.00 20.53 0.08 0.00 16.96 0.62 0.04 Any help will be uch appeciated.
... View more
03-30-2022
12:45 AM
I am looking forward to creating a table for system metrics values like "cpu", "memory" and "swap", now if run the below search it works, but it will get all hosts available while I want my search to be specific to some hosts. 1)
| mstats max(cpu.idle) AS "CPU_IDLE" avg(memory.free) as "MEMORY_FREE" avg(swap.used) as "SWAP_USED" WHERE `sai_metrics_indexes` earliest=-30m@m by host | eval "cpu_active"=100-cpu_idle | fillnull value=0 | foreach CPU* MEM* SWAP* [| eval "<<FIELD>>"=round('<<FIELD>>',2)]
2)Where if i try like below then i get an error as i am beginner and not getting the right approach to get it .
| mstats max(cpu.idle) AS "CPU_IDLE" avg(memory.free) as "MEMORY_FREE" avg(swap.used) as "SWAP_USED" WHERE `sai_metrics_indexes` earliest=-30m@m by ("host"="host1.example.com" OR "host"="host2.example.com" OR "host"="host3.example.com" ) | eval "cpu_active"=100-cpu_idle | fillnull value=0 | foreach CPU* MEM* SWAP* [| eval "<<FIELD>>"=round('<<FIELD>>',2)]
1) working screen shot
2) trial but not working
Would appreciate to get any help or direction on this.
... View more
Labels
- Labels:
-
stats
03-29-2022
11:18 AM
Is there anything which we can only get values before decimal, another point if there is a better way to put the multiple host into a bucket rather calling then with multiple "OR" conditions. Sorry for asking too much.
... View more
03-29-2022
10:41 AM
Hello experts, How to round up the values either before decimal point or up to max two decimal point.
Below is my search query:
| mstats avg(_value) prestats=true WHERE metric_name="memory.used" AND "index"="*" AND ( "host"="fsx2098" OR "host"="fsx2099" OR "host"="fsx0102" OR "host"="fsx0319" OR "host"="fsxtp072" ) AND `sai_metrics_indexes` span=auto BY host | timechart avg(_value) useother=false BY host WHERE max in top20 | fields - _span*
Below is Result of above:
Desired Value: time host 1 host2 host3 host4 2022-03-29 13:20:00 26 33 34 32 2022-03-29 13:21:00 27 34 34 34 OR time host 1 host2 host3 host4 2022-03-29 13:20:00 26.80 33.96 34.25 32.93 Any help will be much appreciated.
... View more
03-29-2022
06:57 AM
Hi @gcusello .. I tried something similar rex field=snow_os_version "(?<os_version>\d+\.\d{1})" but it only upto 1 decimal number like `3.1` i need it to take like `3.10`
... View more
03-29-2022
05:36 AM
Hello experts, I Just want my field `snow_os_version` to be up to 2 decimal points like the first entry should only be `3.10`, How to achieve that.
... View more
- Tags:
- fields
- splunk-search
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-02-2022
05:46 AM
|
