Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About user33
user33
Path Finder
Member since:
06-23-2022
2 weeks ago
Community Statistics
| Posts | 19 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 06-23-2022 |
Activity Feed
- Posted Re: subtracting two timestamps per logEvevtType on Splunk Search. 2 weeks ago
- Posted Re: subtracting two timestamps per logEvevtType on Splunk Search. 2 weeks ago
- Posted Re: subtracting two timestamps per logEvevtType on Splunk Search. 2 weeks ago
- Posted How to subtract two timestamps per logEvevtType? on Splunk Search. 2 weeks ago
- Posted Re: How to achieve field extraction txt delimiting by space? on Splunk Search. 12-23-2022 11:53 AM
- Posted Re: How to achieve field extraction txt delimiting by space? on Splunk Search. 12-22-2022 10:59 AM
- Posted How to achieve field extraction txt delimiting by space? on Splunk Search. 12-22-2022 08:58 AM
- Karma Re: Split Group by Values for yuanliu. 11-06-2022 02:58 PM
- Posted Re: Split Group by Values on Splunk Search. 11-06-2022 02:48 PM
- Posted Re: Split Group by Values on Splunk Search. 11-06-2022 01:28 PM
- Posted Re: Split Group by Values on Splunk Search. 11-06-2022 01:26 PM
- Posted Re: Split Group by Values on Splunk Search. 11-06-2022 12:16 PM
- Posted How to Split Group by Values? on Splunk Search. 11-06-2022 11:38 AM
- Got Karma for Re: Subtracting two timestamps by session/ transaction_id. 10-17-2022 03:45 PM
- Posted Re: Subtracting two timestamps by session/ transaction_id on Splunk Search. 10-17-2022 12:47 PM
- Posted Re: Subtracting two timestamps by session/ transaction_id on Splunk Search. 10-17-2022 07:59 AM
- Posted How to subtract two timestamps by session/ transaction_id? on Splunk Search. 10-16-2022 04:29 PM
- Posted Re: Extract number from text message on Splunk Search. 10-03-2022 06:12 PM
- Posted How would I extract number from text message? on Splunk Search. 10-02-2022 05:22 PM
- Posted Re: Select One of Two Event Fields in Stats on Splunk Search. 07-08-2022 11:05 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
2 weeks ago
Awesome! Excellent insights!! This solution worked out great. I will take a look at failures as well. Thank you very much for this!!
... View more
2 weeks ago
as a follow up, each "transaction" or "call" has one RequestID. Each RequestID with two timnestamps, one Request and one Response. Something like the below? Any assistance is appreciated. Date ClientPathURI Number of calls 95thpercentile of Duration
... View more
2 weeks ago
Thank you, that is a huge help. Question, if I had multiple calls, how do I get the SPL to subtract timestamp by RequestID? I don't need the RequestID in the stats, but want the SPL to capture the difference in timestamps per call. And then take the 95th percentile of that call per day?
... View more
2 weeks ago
Hello, apologies if this was stated previously. I have multiple calls - each RequestID with a RequestReceive and ResponseTransmit. I am trying to find the difference between the two timestamps below. The difference of ResponseTransmit timestamp and RequestReceive timestamp. Then put that into a stats command ordered by clientPathURI and then the difference between the timestamps.
Any assistance is much appreciated!
{ [-] RequestID : b74fab20-9a7b-11ed-bd70-c503548afa99 clientPathURI : signup level : Info logEventType : ResponseTransmit timestamp : 2023-01-22T12:43:57.547-05:00 }
{ [-] RequestID : b74fab20-9a7b-11ed-bd70-c503548afa99 clientPathURI : signup } level : Info logEventType : RequestReceive timestamp : 2023-01-22T12:43:57.496-05:00 }
... View more
12-23-2022
11:53 AM
That definitely works for the time being. Thank you very much!
... View more
12-22-2022
10:59 AM
Thank you. I can look into that. Is there a short-term solution I can do in the interim?
... View more
12-22-2022
08:58 AM
Hello,
I am trying to extract the below 201 text highlighted in red below as one separate field from two separate events. How may I do this? I attempted the field extraction feature in Splunk but had no luck. Any assistance is appreciated!
Event 1:
106.51.86.25 [ 22/Dec/2022:07:48:10 -0500 ] POST /services/public/v1/signup HTTP /1.1 201 5 539
Event 2:
23.197.194.86 - - [22/Dec/2022:07:48:09 -0500] " POST /services/public/v1/signup HTTP/1.1" 201 -
... View more
Labels
- Labels:
-
field extraction
-
regex
-
rex
11-06-2022
02:48 PM
Apologies! You are correct. I had a typo. This works perfectly! Thank you very much yuanliu!!
... View more
11-06-2022
12:16 PM
Hello, I am looking to separate by date and API_Name. I am looking for something like the below. I need a count and 95thPercentileRespTime(ms) specifically for accountstatements-v1 and a count and 95thPercentileRespTime(ms) specifically for Realtime_Image_Access_Service_V2 organized by date. date count 95thPercentileRespTime(ms) API_Name 2022-11-05 x x accountstatements-v1 2022-11-06 x x Realtime_Image_Access_Service_V2 2022-11-06 x x accountstatements-v1
... View more
11-06-2022
11:38 AM
Hello, I am very new to Splunk. I am wondering how to split these two values into separate rows. The "API_Name" values are grouped but I need them separated by date. Any assistance is appreciated! SPL:
index=...
| fields source, timestamp, a_timestamp, transaction_id, a_session_id, a_api_name, api_name, API_ID
| convert timeformat="%Y-%m-%d" ctime(_time) AS date
| eval sessionID=coalesce(a_session_id, transaction_id)
| stats values(date) as date dc(source) as cnt values(timestamp) as start_time values(a_timestamp) as end_time values(api_name) as API_Name by sessionID | where cnt>1
| eval start=strptime(start_time, "%F %T.%Q")
| eval end=strptime(end_time, "%FT%T.%Q")
| eval duration(ms)=abs((end-start)*1000)
| stats count,
perc95(duration(ms)) as 95thPercentileRespTime(ms) values(API_Name) as API_Name by date
... View more
10-17-2022
12:47 PM
1 Karma
Actually, I figured it out. Thank you very much!!
... View more
10-17-2022
07:59 AM
This looks great! One thing to note: As another option, is there any way I can order stats by a bucket of time? (E.g. "| bucket timestamp span=1h@h") Taking the perc95 of the time? THANK YOU!
... View more
10-16-2022
04:29 PM
I have two events where in order to get a response time, I need to subtract the two timestamps. However, this needs to be grouped by "a_session_id" / "transaction_id." The two events I need are circled in red in the screenshot attached. I need those two events out of the three events. Every "a_session_id" has these three logs. source="/apps/logs/event-aggregator/gateway_aggregator_events.log" is always after source="/logs/apigee/edge-message-processor/messagelogging/gateway-prod/production/Common-Log-V1/14/log_message/gateway.json"
Please let me know if you need more information. Such as snippets on the SPL. Any assistance is much appreciated!
... View more
Labels
- Labels:
-
eval
-
field extraction
-
stats
10-02-2022
05:22 PM
Hello,
I would like to extract the 10 milliseconds in the below snippet of text as a separate value in a field. Is there anyway to do this? Thank you!!
2022-10-02T12:56:40.073Z [ BillingExecutors-4 ] INFO com...els.kafka.ElsKafkaReceiver - Message processing time at event aggregator in milli seconds 10
2022-10-02T12:56:40.073Z [ BillingExecutors-4 ] INFO com...els.kafka.ElsKafkaReceiver - Message processing time at event aggregator in milli seconds 10
... View more
Labels
- Labels:
-
field extraction
-
stats
07-08-2022
10:15 AM
Hi,
I have two event fields with the same name "timestamp". I just want to display (in stats) the "timestamp" field from the "ResponseReceive" logEventType. Not the one from logType "SystemLog". Currently is displays both. Is there a way to do this? Any assistance is appreciated. Thank you!!
... | fields timestamp, apiName, apiVersion, ceoCompanyId, entityId, sessionId, transactionDetailsResponse.transactionDetailsList.totalCount, transactionDetailsResponse.transactionDetailsList.transactionDetails{}.acctNumber, transactionDetailsResponse.transactionDetailsList.transactionDetails{}.Amount, transactionDetailsResponse.transactionDetailsList.transactionDetails{}.tranDateTime, transactionDetailsResponse.transactionDetailsList.transactionDetails{}.totalTranCount | rename transactionDetailsResponse.transactionDetailsList.totalCount AS "TransactionCount", transactionDetailsResponse.transactionDetailsList.transactionDetails{}.acctNumber AS "AcctNum", transactionDetailsResponse.transactionDetailsList.transactionDetails{}.Amount AS "Amount", transactionDetailsResponse.transactionDetailsList.transactionDetails{}.tranDateTime AS "TranDateTime", transactionDetailsResponse.transactionDetailsList.transactionDetails{}.totalTranCount AS "TotalTranCount" | stats values(timestamp) AS timestamp, values(TranDateTime) AS TranDateTime, values(apiName) AS apiName, values(apiVersion) AS apiVersion, values(ceoCompanyId) AS ceoCompanyId, values(entityId) AS entityId, values(TotalTranCount) AS TotalTranCount, values(AcctNum) AS AcctNum, by sessionId,
... View more
