cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
bmohammadi
Explorer
Member since: ‎08-11-2022
‎12-20-2022
Community Statistics
Posts 6
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎08-11-2022
Activity Feed
View All

Re: Transaction | Include all events, even if th...

by in Splunk Search
‎12-20-2022 04:54 AM
‎12-20-2022 04:54 AM
Hi ITWhisperer, Thank you for taking the time to respond. I tried various combinations of keeporphans and keepevicted  but it didn't have any effect on transactions that ran over the search time range  ... View more

Re: Transaction | Include all events, even if th...

by in Splunk Search
‎12-20-2022 04:50 AM
‎12-20-2022 04:50 AM
Hi PickleRick, Thank you very much for your very prompt response. Then I wont consider it As far as I am aware it is impossible for me to achieve what I need without using transaction. I need to categorise the 'result' of each transaction (using various if statements) based on a combination of different fields extracted from different event types that make up each transaction, then generate a timechart by count of result category. I do not know how to do this using stats. So theoretically I could drop transactions that end within, but start outside of, a specific time range by setting the search range to earlier than I need, then filtering transactions where _time is less than the desired start time? Can you offer any advise on how to do this? Obviously I would need to filter on the _time filed after the transaction statement - I have tried various methods but none have worked. Kind regards, Ben ... View more

Transaction | Include all events, even if they o...

by in Splunk Search
‎12-20-2022 03:14 AM
‎12-20-2022 03:14 AM
Dear Community, Lets say I was running a search for an hour period from 10:00 until 11:00 and we had a particular transaction that consisted of 2 or more events - the first occurring at 09:59 and the last at 10:01.  Using the default Transaction command any events which occurred before 10:00 would not be included and we would therefore not be viewing the whole transaction. Likewise, if a transaction started at 10:59 and didn't end until 11:01, any events which occurred after 11:00 would be dropped. Is there any way to include all events related to transactions which started or ended during the specified search time range? Conversely, If this is not possible it would be helpful to drop any transactions which did not start and end within the time range - is there any way to achieve this? Kind regards, Ben ... View more
Labels

Re: Return Value from specific key within an Objec...

by in Splunk Search
‎08-11-2022 07:59 AM
‎08-11-2022 07:59 AM
Thank you very much ITWhisperer! I was able to achieve what I wanted using the following syntax based on you recommendation: | eval myVariable=spath(fieldName, "Key2") ... View more

How to return value from specific key within an ob...

by in Splunk Search
‎08-11-2022 05:01 AM
‎08-11-2022 05:01 AM
Dear Community, I am new to Splunk so apologies for the newbie question: Basic Problem I have a field which holds an Object and I am having difficulties retrieving a value from a specific key within this object. Purpose I am running a search and I want to retrieve two datetime values from two separate keys within a field, find the difference between these 2 datetime values and finally return a list of events where the difference is less than a particular value. I know how to return a table of results based on a simple criteria and can perform datetime manipulations, I just cannot retrieve the actual datetime values needed to make the calculation. *I can successfully store the whole object to a variable using the eval command but cannot extract the value from it. Assumptions The thing I am working with is indeed an Object. I.e. a dictionary style list in the following format {"key1" : "value" , "key2" : "value" , "key2" : "value"} I am attempting to extract the value using the eval command   Any help would be greatly appreciated. Kind regards, Ben ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-20-2022 08:44 AM
Karma given to
View All