cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
cecilia_cheng1
Explorer
Member since: ‎05-16-2022
‎05-25-2022
Community Statistics
Posts 11
Solutions 0
Karma Given 5
Karma Received 0
Member Since ‎05-16-2022
Activity Feed
View All

Re: Data correlation solution

by in Splunk Search
‎05-25-2022 04:42 AM
‎05-25-2022 04:42 AM
Not quite understand what info  I should provid... Something like the following, but need to replace source column with loadname. If this requirement is impossible, should I write a script to preprocess the data or some other solution? ... View more

Re: Data correlation solution

by in Splunk Search
‎05-25-2022 04:30 AM
‎05-25-2022 04:30 AM
Agreed... Those are the orginal data. The info I needed is not showned at the same time, they're not in the same line... That's why there are so many NULL...  😭 ... View more

Re: Data correlation solution

by in Splunk Search
‎05-25-2022 04:15 AM
‎05-25-2022 04:15 AM
Hi @gcusello , Sorry for the vague description. I post the detail pic as follows: The summary is gathered from different host and stored in different DIR with same name. The source name is not a unique key.  A test file is the result of a host testing a load multiple times. I have extract the info I need which are loadname and result1. But these two infos do not shown in the same line... It is impossibe to count result1 by loadname, shown as pic 3 Pic1: pic2: pic3: ... View more

Re: Data correlation solution

by in Splunk Search
‎05-25-2022 03:54 AM
‎05-25-2022 03:54 AM
Hi @Software-Simian , Thank you for your quick reply. That's the tricky part, cuz the test type and test resuls are not in the same event... So I was wondering if there's a command or something that can link these info together. BR. Cecilia ... View more

How to search Data correlation solution

by in Splunk Search
‎05-25-2022 03:39 AM
‎05-25-2022 03:39 AM
Hi Community, I have this problem about data correlation, here's the detail. The source file is a test result summary named summary.xml, and it's not time sensitive.  Splunk will parse the file to some events like event1,2,3,etc.  The test info is in event 1 and results are in even 2,3,4. My goal is to count the results of all tests under the same info. I don't know how to link these info.  What kind of SPL search I could use? For example: Summary1.xml: event1 test info: alpha event2 Pass   event3 Fail   event4 Fail   Summary2.xml: event1 test info: beta event2 Pass   event3 Pass   event4 Pass     The results I expected: Test info results alpha pass:1, failed:2 beta pass:   3, failed:0   ... View more

Re: Problem about auto extract fields

by in Splunk Search
‎05-18-2022 01:26 AM
‎05-18-2022 01:26 AM
Hi @gcusello , Thank you so much for your quick response! Yes, it worked~ BR. Cecilia ... View more

Problem about auto extract fields

by in Splunk Search
‎05-18-2022 01:17 AM
‎05-18-2022 01:17 AM
Hi Community, I dealt with csv files before, splunk would auto extracted so many fields, shown as figure 1. But today, when I try to search these files again, only fewer fields are displayed... shown as figure 2. And the fields I exacted manually also didn't shown... I don't know why... Really need help~~ figure1: Figure 2: Thanks in advance~ BR. Cecilia ... View more
Labels

Re: Extract the host values from the path

by in Getting Data In
‎05-18-2022 12:03 AM
‎05-18-2022 12:03 AM
Hi @gcusello , Yes, that's what I figure out, that the Splunk will "store" the data once indexing them. That's explain everything.  Thanks again~ BR Cecilia ... View more

Re: Extract the host values from the path

by in Getting Data In
‎05-17-2022 01:03 AM
‎05-17-2022 01:03 AM
Hi @gcusello , Thank you for your supporting. I moved the data to a new folder and reimported it with "host_segment" stanza and it worked... The odd thing is, I deleted the original files and paths, but the previous imported files are still visible in the search. Maybe Splunk's data has memory or something, so the previous changes don't take effect and you need to create a new path? BR. Cecilia ... View more

Re: Extract the host values from the path

by in Getting Data In
‎05-16-2022 05:40 AM
‎05-16-2022 05:40 AM
Hi @gcusello, Really appreciated your reply,  I just tried your suggestion, but it still doesn't work... And I've tried the segment 3 before, not working... 😭 BR. Cecilia ... View more

How to Extract the host values from the path?

by in Getting Data In
‎05-16-2022 05:05 AM
‎05-16-2022 05:05 AM
Hello everyone, I am new to splunk. I've got trouble when I was trying to get host values from the path. The directory I set is D:\14. splunk\SMT\. No matter what kind of extract function i was using: regex or segment, it doesn't work. For example, The host name of the following file should be "PCXXXXX", but it still shows the default host name . However, I already set the host name with regex on path, but it doesn't work... I also tried Segment in path, it still the same... Please help... ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-25-2022 02:50 PM
Karma given to
View All