Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About DPOIRE
DPOIRE
Path Finder
Member since:
05-13-2022
Tuesday
Community Statistics
| Posts | 22 |
| Solutions | 1 |
| Karma Given | 9 |
| Karma Received | 1 |
| Member Since | 05-13-2022 |
Activity Feed
- Karma Re: How to exclude weekends (Saturday and Sunday) from a transaction search and and order the days chronologically? for richgalloway. Tuesday
- Karma Re: TimeChart for average function avg() for ITWhisperer. Tuesday
- Karma Re: TimeChart for average function avg() for ITWhisperer. Tuesday
- Posted Re: TimeChart for average function avg() on Splunk Search. Tuesday
- Posted How to TimeChart for average function avg()? on Splunk Search. Tuesday
- Tagged How to TimeChart for average function avg()? on Splunk Search. Tuesday
- Tagged How to TimeChart for average function avg()? on Splunk Search. Tuesday
- Tagged How to TimeChart for average function avg()? on Splunk Search. Tuesday
- Got Karma for Re: Merge two fields into one field. 2 weeks ago
- Posted Re: Calculate number of decimals on Splunk Search. 02-08-2023 06:21 AM
- Karma Re: Calculate number of decimals for ITWhisperer. 02-08-2023 06:21 AM
- Posted Calculate number of decimals for each record in field? on Splunk Search. 02-07-2023 01:15 PM
- Tagged Calculate number of decimals for each record in field? on Splunk Search. 02-07-2023 01:15 PM
- Posted Re: Merge two fields into one field on Splunk Search. 01-12-2023 01:03 PM
- Posted How to make a Report for Alert Stats? on Splunk Search. 10-11-2022 06:17 PM
- Tagged How to make a Report for Alert Stats? on Splunk Search. 10-11-2022 06:17 PM
- Tagged How to make a Report for Alert Stats? on Splunk Search. 10-11-2022 06:17 PM
- Tagged How to make a Report for Alert Stats? on Splunk Search. 10-11-2022 06:17 PM
- Karma Re: TimeChart round values for gcusello. 09-26-2022 06:24 AM
- Posted Re: TimeChart round values on Splunk Search. 09-23-2022 08:20 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
Tuesday
Thanks, appears to partially work. You provided the solution to my question. However, I have this result now where Sunday is returning a zero value which is screwing up the results and trend. How can I remove these from the results and graph?
... View more
Tuesday
I have this search that is working and returning a average Delay value: Search Command
| eval epoch_timestamp=strptime(timestamp,"%Y-%m-%dT%H:%M:%S.%3N%:z")
| stats range(epoch_timestamp) as Delay by "logId"
| stats avg(Delay)
However, I want to display the daily averages in a timechart graph to see the performance evolution by day. Tried the following based on research but It does not return Statistic or Vizualization values (just returning events):
Search Command
| eval epoch_timestamp=strptime(timestamp,"%Y-%m-%dT%H:%M:%S.%3N%:z")
| stats range(epoch_timestamp) as Delay by "logId"
| bucket _time span=1d
| stats avg(Delay) as Performance by _time
... View more
02-07-2023
01:15 PM
Field = 1.123456789
Field = 14.123456
Field = 3.1234567
I need to run a query that will return the number of decimals for each record in Field.
Expected Result:
9
6
7
... View more
- Tags:
- lenght
Labels
- Labels:
-
eval
01-12-2023
01:03 PM
1 Karma
| eval output=coalesce(field_1,field_2) | table output if your field names contains special characters, coalesce may not work and you might have to rename them first Example: | rename field_1 as field1 | rename field_2 as field2 | eval output=coalesce(field1,field2) | table output
... View more
10-11-2022
06:17 PM
I have setup different alerts. I would like to setup a report that would allow me to have stats for each Alerts Example: Alert Count Alert1 25 Alert2 3 Alert3 128 Alert4 18
Is there a way to do this?
... View more
Labels
- Labels:
-
stats
09-23-2022
08:20 AM
09-23-2022
06:21 AM
I need to round the max(Delay) and avg(Delay) to 3 decimals in the following command: my search | timechart span=5m avg(Delay) max(Delay) by host Thanks
... View more
Labels
- Labels:
-
timechart
09-16-2022
10:29 AM
We have 2 types of orders in the system, some are entered manually by phone and some are processed automatically as they are fed by other systems. The way I can differentiate is by the order timestamps: Phone orders do not contain miliseconds in the order timestamp (2022-09-16T17:07:41Z) Orders filled automatically by other systems contain miliseconds (2022-09-16T16:22:28.573Z) I am calculating the processing delays on these orders but I want to display the results on 2 rows: 1. Phone orders max delays 2. System orders max delays
Here is what I am using now: MySearch | rex field=_raw "(?ms)^(?:[^ \\n]* ){9}\"(?P<TradeDateTS>[^\"]+)" offset_field=_extracted_fields_bounds | rex field=_raw "^(?:[^ \\n]* ){7}\"(?P<StoreTS>[^\"]+)" offset_field=_extracted_fields_bounds0 | eval Delay = (strptime(StoreTS, "%Y-%m-%dT%H:%M:%S.%N"))-(strptime(TradeDateTS, "%Y-%m-%dT%H:%M:%S.%N")) | stats max(Delay)
Note: the goal is not to add or remove the miliseconds information
... View more
07-15-2022
07:57 AM
ITS WORKING ! Final result: MySearch | rename "log_processed.@timestamp" AS timestamp | eval epoch_timestamp=strptime(timestamp,"%Y-%m-%dT%H:%M:%S.%3N%:z") | stats range(epoch_timestamp) as Delay by "log_processed.logId" | stats max(Delay) Note: rename command mandatory, else it was not working Sorry, I should have seen the typo from the start. Do you want to repost the solution so I can click on Accept Solution? Thanks
... View more
07-15-2022
07:46 AM
@gcusello Found something Typo in the rename command for timestamp. That why it is not working (I copied your stuff all the time) Will redo tests without typo
... View more
07-15-2022
07:40 AM
@gcusello newtime and timestamp have no values(blank)
... View more
07-15-2022
06:16 AM
tried, makes no difference
... View more
07-15-2022
05:22 AM
Actually, from what I see (previous printscreen) the strptime(timestamp,"%Y-%m-%dT%H:%M:%S.%2N%:z") function conversion does not seem to work.
... View more
07-15-2022
05:18 AM
@gcusello Hi, Function is still not working, no values displayed in the Statistic window. However, in the Events window, I see in the left pane the timestamp field. Looks like the timestamp values are not recognized as epoch time format. timestamp field
... View more
07-14-2022
08:41 AM
@gcusello For each log_processed.logId it returns 2 events for which I want to calculate the time difference in the "log_processed.@timestamp" field
... View more
07-14-2022
08:38 AM
@gcusello index=indexname ("log_processed.destAppName"=app1 "log_processed.message"="Publish Take Message") OR ("log_processed.destAppName"="app2" "log_processed.srcAppName"=app3) | eval "newtime"=strptime("log_processed.@timestamp","%Y-%m-%dT%H:%M:%S.%2N%:z") | stats range("newtime") as Delay by "log_processed.logId" | stats max(Delay)
... View more
07-14-2022
07:35 AM
@gcusello NOT working The search find events but statistics as no value
... View more
07-14-2022
06:31 AM
Good Day, I need help to calculate the time difference for field "@timestamp" containing time format 2022-07-14T09:05:08.21-04:00 Example: MYSearch | stats range(@timestamp) as Delay by "log_processed.logId" | stats max(Delay)
If I do the same with the Splunk _time field, it works perfectly
... View more
Labels
- Labels:
-
eval
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Tuesday
|
