×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
chandysir
Explorer
Member since: ‎06-16-2022
‎06-24-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎06-16-2022
Activity Feed
View All

Re: Field names validation

by in Splunk Search
‎06-20-2022 10:29 AM
‎06-20-2022 10:29 AM
Thankyou @ITWhisperer , Maybe its an overkill but I am thinking of printing the failed event or event identifiers (if percentage is 98, and eventCount is 100, then 2 events)  alongside the result. Is that possible ? I think that would make a more complex spl search, right. ... View more

Re: Field names validation

by in Splunk Search
‎06-16-2022 10:42 AM
‎06-16-2022 10:42 AM
Thankyou @ITWhisperer , This is a good one.   The fields are already parsed out by splunk.  So I am thinking of something without using regular expressions. In simple terms it could be like  > if (Field1, Field2... Fieldn) in predefined list (Field1,Field2,Field3.......Fieldm), then its a pass else the failure counter is increased.   Any suggestions ? ... View more

How to compare predefined fields against Splunk se...

by in Splunk Search
‎06-16-2022 08:40 AM
‎06-16-2022 08:40 AM
Hello All, I am new to Splunk. My Splunk index is already getting data from a Kafka source   index=k_index sourcetype=k_message The query result is something like {Field1=abc,Field2=sdfs,Field3=wertw,Field4=123,Field6=87089R....}   I have got a use case where I have a list of fields and associated datatypes,  I want to compare these predefined fields (fields only - no values) against the Splunk search query results and then for each mismatch in the result, needs to keep count of it and produce it as a percentage of the total. In short, give a score if the incoming events in the last 15 mins are good (like 100% or 90% ….etc) Thanks, Alwyn ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-24-2022 11:35 AM
Karma given to
View All