cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
hmohta
Path Finder
Member since: ‎08-12-2022
‎10-12-2022
Community Statistics
Posts 19
Solutions 1
Karma Given 5
Karma Received 0
Member Since ‎08-12-2022
Activity Feed
View All

Re: How to group 3 months data, making it average ...

by in Splunk Search
‎10-12-2022 08:19 PM
‎10-12-2022 08:19 PM
I wasn't leaving Splunk for Excel, all I said was I will close this query as I have not achieved what I am after and then ask another question which is what " is used in Excel", but use it in Splunk. I am aware of the fields being case sensitive, unfortunately nothing works!! Thankyou for trying. ... View more

Re: What is the difference between latest_day and ...

by SplunkTrust in Dashboards & Visualizations
‎10-09-2022 11:13 PM
‎10-09-2022 11:13 PM
Hi @hmohta, good for you, see next time! Please accept one answer for the other people of Community Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by all the Contributors 😉 ... View more

Maps, geostats and geom commands- What is wrong wi...

by in Dashboards & Visualizations
‎09-22-2022 11:58 PM
‎09-22-2022 11:58 PM
hello everyone Now I have been getting cluster Maps and Choropleth Maps generated , but a few issues with them. q1.when I add the same command from search app to the panel in the dash I loose all the state/regions names too!! works with the zoom function, is that ok? 2.  query: why do I have multiple tiles of the same regions running through how can I just create the view where I can see regions only where events have occurred? Screenshot attached I know the legend doesn't match the map as values show 0, but they change and seem to be ok after 10/15 mins, I dont know why!! I am trying to search for failed/successful applications logins by region/city/or country. my query:   index=a sourcetype=ab | iplocation ip | search status=failure AND connectionname=" ABwebsite" | stats count by Country| geom geo_countries allFeatures=True featureIdField=Country   if I don't add ip, no values populate on the map, there's just color.   Thankyou for looking into the query.   ... View more
Labels

Re: How do I show comparison trends

by SplunkTrust in Dashboards & Visualizations
‎09-06-2022 04:42 PM
‎09-06-2022 04:42 PM
All searches done in Splunk require a time range and this range is then matched against the _time field, so if you specify a time range window in the time picker of 3 years, ALL events in 3 years will be returned. In your example, you are first fetching data for 3 years, then parsing the JSON then searching for the WeekStarting field. This is totally unnecessary. You can also use the 'earliest=' and 'latest=' search parameters to control what events are returned, which override the time picker. This is simply a filter to the events returned by Splunk, in the same way that 'index=X' is a filter to only return events from index X. So, to use fixed _time ranges in the search parameter use the syntax described here https://docs.splunk.com/Documentation/Splunk/9.0.1/Search/Specifytimemodifiersinyoursearch#Specify_absolute_time_ranges to specify absolute time ranges. You can therefore combine multiple time ranges with () OR () OR () in your search. In that way, you will only return events for those time ranges you want, rather than all 3 years worth of data. Just try this is part of your original search index="AB" sourcetype="AB" (earliest="07/20/2020:00:00:00" latest="07/27/2020:00:00:00") and you will see it only returns events where _time is between those dates.   ... View more

Re: How to filter multiple values in a given field

by in Splunk Search
‎08-17-2022 03:48 PM
‎08-17-2022 03:48 PM
@isoutamo  Worked like a charm, thankyou so much!! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-12-2022 08:19 PM
Karma given to