Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About Khanu89
Khanu89
Path Finder
Member since:
04-15-2022
01-16-2024
Community Statistics
| Posts | 24 |
| Solutions | 1 |
| Karma Given | 5 |
| Karma Received | 1 |
| Member Since | 04-15-2022 |
Activity Feed
- Posted Unable to find the right query to capture trend on Splunk Search. 01-16-2024 04:27 PM
- Tagged Unable to find the right query to capture trend on Splunk Search. 01-16-2024 04:27 PM
- Posted Re: How to setup certification expiry alert? on Alerting. 09-16-2022 08:11 AM
- Posted How to setup certification expiry alert? on Alerting. 09-15-2022 07:58 PM
- Karma Re: How do i get Epic Hyperspace logs to Splunk with Syslog? for canalesjac. 07-26-2022 09:10 PM
- Posted Re: Best practices for monitoring Epic on Alerting. 07-26-2022 09:06 PM
- Posted Re: How to create table from JSON? on Splunk Search. 05-19-2022 10:36 PM
- Posted Re: How to create table from JSON? on Splunk Search. 05-19-2022 10:32 PM
- Posted Re: How to create table from JSON? on Splunk Search. 05-19-2022 10:26 PM
- Posted Re: How to create table from JSON? on Splunk Search. 05-19-2022 10:15 PM
- Posted How to create table from JSON? on Splunk Search. 05-19-2022 08:11 PM
- Karma Re: HTTP error table for VatsalJagani. 05-10-2022 06:53 AM
- Posted Re: HTTP error table on Dashboards & Visualizations. 05-09-2022 10:16 PM
- Tagged Re: HTTP error table on Dashboards & Visualizations. 05-09-2022 10:16 PM
- Posted Creating a table, but it shows 3 column error msg? on Dashboards & Visualizations. 05-09-2022 06:56 PM
- Posted Re: Dynamic Dropdown percentage on Dashboards & Visualizations. 04-29-2022 07:46 PM
- Posted Re: Dynamic Dropdown percentage on Dashboards & Visualizations. 04-29-2022 07:16 AM
- Posted How to change Dynamic Dropdown percentage and color? on Dashboards & Visualizations. 04-28-2022 08:45 PM
- Karma Re: Pull in client/server errors into table format for VatsalJagani. 04-26-2022 11:10 AM
- Posted Re: Pull in client/server errors into table format on Splunk Search. 04-26-2022 09:24 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-16-2024
04:27 PM
Hello - I'd like to start with thanking the community for reviewing and helping! Problem Statement: I have appt data from multiple clinical locations in Splunk with different types statues. I am trying to create a dashboard that would show trends in appts requests to see if we're gaining pts or losing them, what days are the busiest, what days are the slowest. Query:
index="index" cluster_id="*" dump_info:98
| spath output=log path=log
| rex field=log ".*\{\'name\'\:\s\'(?<name>.*)\'\,\s\'service_type\'\:\s\'(?<service_type>.*)\'\,\s\'status\'\:\s\'(?<status>.*)\'\,\s\'start\'\:\s\'(?<start>.*)\'\,\s\'lastUpdated\'\:\s\'(?<lastUpdated>.*)\'\,\s\'date\'\:\s\'(?<date>.*)\'\}"
| search name="*" AND status="*" AND start="*"
| dedup name service_type status start lastUpdated date
| eval startdate=strftime(strptime(start,"%Y-%m-%dT%H:%M:%SZ"),"%Y-%m-%d"), today=strftime(now(),"%Y-%m-%d")
| where startdate=today
| table name, status
| stats count(status) as status_count, values(*) as * by name, status
... View more
- Tags:
- Anomaly detection
09-15-2022
07:58 PM
I have a dashboard for all SSL certifications. I'd like to setup few alerts for renewal reminds from Splunk. My current query is as shown below: Index=epic_ehr source=C:\\logs\certs\\results.json |Search validdays<60 |table hostname,validddays,issuer,commonName My custom trigger condition is: search validdays="*" AND count<273 When I run this I am seeing results but no alert is triggered nor do I receive any email. please assist
... View more
Labels
- Labels:
-
alert action
-
alert condition
-
cron
07-26-2022
09:06 PM
Hi @davetyree - Were you ever able to get any information on this post? Have you setup anything in Splunk to get transitional data or error logs. I'd love to connect with you as I am currently trying create interactive dashboards in Splunk for Epic data.
... View more
05-19-2022
10:26 PM
yeah I do not know why they are split up in multiple events but the host, success and error will be in same event.
... View more
05-19-2022
10:15 PM
@ITWhisperer Here you are. So my code is pinging remote machines and the response is in JSON file. I would like to table the host and success from this response file.
... View more
05-19-2022
08:11 PM
Hello - Thank you in advance for the help. I am getting following raw data in Splunk events which I'd like to pull into a table format.
I would like to pull the following: Host, Success, and Error field as columns for my table.
I tried this query but no success: | makeresults | eval _raw="{\"host\"},{\"success\",{\"error\"}" | spath path=host{} output=temp | mvexpand temp | spath input=temp | fillnull value="None" | table host,success,error
... View more
Labels
- Labels:
-
chart
-
eval
-
field extraction
05-09-2022
10:16 PM
@VatsalJagani Thank you for your input. Can you please elaborate on how can I extract separately?
... View more
- Tags:
- Can
05-09-2022
06:56 PM
I am trying to create a table which shows 3 column error msg, errorcode, and count. my current query is pulling the errorcode/msg in one column and error count individually instead of whole. Please assist.
my Current Query
My current query
Current Output
Expected Output
... View more
04-29-2022
07:46 PM
@VatsalJagani Thank you your input. The Type $event_type$ is the token name. If I remove that the dropdown will not work.
... View more
04-29-2022
07:16 AM
@gcusello Thank you Giuseppe for your input. I tried this but their is option like that when I click the pen.
... View more
04-28-2022
08:45 PM
I have added a dropdown in my panel as shown below. My issue is that regardless of which option I chose it shows red in the pie chart and 100%. I would like to know how I can change colors by the selection and also for the percentage to update based on the selection from the drop down.
... View more
Labels
- Labels:
-
panel
-
simple XML
-
token
04-26-2022
09:24 AM
@VatsalJagani I have also tried what you've suggested and it gives me the following pie chart which isn't what I want. I would like the pie chart to be like the one below but group all 400's, 500's, Other instead of listing individually as they are listed in the screenshot. I
... View more
04-26-2022
07:10 AM
@VatsalJagani I have tired that it does not categorizes the errors. I'd like to see the pie chart breakdown by error code. For example 401 - 2%, 404 - 18%, 443 - 23% and etc.
... View more
- Tags:
- @
04-25-2022
04:47 PM
@VatsalJagani I figured out my rex query and was able to use yours to get my table but not all rows are populating. here is what I go so far. Query: index=epic_ehr sourcetype="WinEventLog:Epic" |rex field=_raw "%\s(?P<ErrorCode>.*)\s" | stats count as error_count, max(_time) as _time by ErrorCode | eval status_category=case(ErrorCode>=400 AND ErrorCode<500, "client error", ErrorCode>=500, "server error", 1==1, "-") |table _time,ErrorCode,Status_Category,Error_Count How can convert this data into a Pie chart which shows percentage of each error code?
... View more
04-24-2022
06:11 PM
Hello - thank you for assisting in advance. I need to write up a query which will pull in client/server errors from event message into table format as shown below.
_time
status_category
Error Code
error_count
2022-01-26:17:30:00
server error
503
2
2022-01-26:18:30:00
client error
404
6
Here are examples of the EvenTypes and available fields for the index.
Error 503
Fields
... View more
- Tags:
- error
04-21-2022
03:03 PM
@ITWhisperer I am running the following which breaks down different categories but how can I break down the Error type to percentage of errors such as 20% 404, 15% 503 etc.. index=epic_ehr |stats count by Type
... View more
04-21-2022
10:04 AM
what sort of data would you like me to share?
... View more
04-21-2022
08:27 AM
I am trying to create a pie chart that would show difference error codes by category.
Here is my current query:
index= my_index
| stats last(_time) as _time last(Message) as Message by Type
| stats count by Type
| eval ErrorCode=443
| eval ErrorrCode=503
I'd like to pull in all errors without specifying the ErrorCodes as I have in my query.
... View more
Labels
- Labels:
-
chart
04-15-2022
09:26 AM
Hello - I am a new Splunk user and learning as I go. My current task is to breakdown Errors/Exceptions in chart group by error codes in error tables or list. current query: My current query only returns null values.
index= (index name) host=(hostname)
| timechart count by error
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-16-2024
07:47 PM
|
