Activity Feed
- Karma Re: Build an dashboard for the requirement for gcusello. 02-04-2023 09:46 AM
- Posted How to build an dashboard for the requirement? on Installation. 12-08-2022 11:31 PM
- Tagged How to build an dashboard for the requirement? on Installation. 12-08-2022 11:31 PM
- Tagged How to build an dashboard for the requirement? on Installation. 12-08-2022 11:31 PM
- Karma Re: Splunk 9.0 Installation on RedHat Linux for serwri. 12-08-2022 11:25 PM
- Karma Re: Eval screen for gcusello. 11-22-2022 03:33 AM
- Posted How do I get this screen for eval? on Splunk Search. 11-22-2022 01:50 AM
- Tagged How do I get this screen for eval? on Splunk Search. 11-22-2022 01:50 AM
- Posted Re: fields question on Splunk Search. 11-22-2022 01:22 AM
- Karma Re: fields question for gcusello. 11-22-2022 01:20 AM
- Posted Why is the SPL is not removing the 'status' from the output while the below one is ? on Splunk Search. 11-22-2022 01:04 AM
- Tagged Why is the SPL is not removing the 'status' from the output while the below one is ? on Splunk Search. 11-22-2022 01:04 AM
- Got Karma for Re: Splunk Installation on RedHat Linux. 11-21-2022 09:01 AM
- Posted Sometimes if we are doing base search, if not handled properly, you will see page loading, how do you handle it? on Splunk Search. 11-16-2022 05:45 AM
- Tagged Sometimes if we are doing base search, if not handled properly, you will see page loading, how do you handle it? on Splunk Search. 11-16-2022 05:45 AM
- Karma Re: What are the limitations os SubSearch? for gcusello. 11-15-2022 11:22 PM
- Posted What are the limitations on subsearch? on Splunk Search. 11-15-2022 10:54 PM
- Tagged What are the limitations on subsearch? on Splunk Search. 11-15-2022 10:54 PM
- Karma Re: How will search head know which index has data? for richgalloway. 11-15-2022 09:48 AM
- Karma Re: How will search head know which index has data? for gcusello. 11-15-2022 09:48 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
12-08-2022
11:31 PM
Hi,
Can anyone please help me with the requirement?
Can you please build an overview dashboard that displays how many change requests, how many incidents, and how many tasks are submitted, and completed each day?
FYI: these changes, incidents, and tasks are from ServiceNow. I work on ServiceNow but want to expand my knowledge of Splunk.
Regards
Suman P.
... View more
Labels
- Labels:
-
search head
11-22-2022
01:50 AM
Hi All,
How do I get this screen for eval?
Regards
Suman P.
... View more
- Tags:
- eval
Labels
- Labels:
-
eval
11-22-2022
01:22 AM
Hi Sir, Actually there was a mistake in the training. So was confused. Regards Suman P.
... View more
11-22-2022
01:04 AM
Hi,
I have a question on 'fields' please.
sourcetype=* status IN ("200", "400","500")
| fields -status
| stats count by status
The SPL is not removing the 'status' from the output while the below one is removing. Why isn't the first working?
sourcetype=* status IN ("200", "400","500")
| fields - status
| stats count by status
Regards
Suman P.
... View more
- Tags:
- fields
Labels
- Labels:
-
fields
11-16-2022
05:45 AM
Hi, Sometimes if we are doing base search, if not handled properly, you will see page loading, how do you handle it? Regards Suman P.
... View more
- Tags:
- Search Head
Labels
- Labels:
-
search job inspector
11-15-2022
10:54 PM
Hi,
What are the limitations on subsearch? Please give one or two, please? This is an interview question.
Regards
Suman P.
... View more
- Tags:
- Search Head
Labels
- Labels:
-
search job inspector
11-15-2022
08:48 AM
Hi, How will search head know which index has data? It's an interview question. Kindly help me. Regards Suman P.
... View more
- Tags:
- Search Head
Labels
- Labels:
-
search job inspector
11-12-2022
11:08 AM
1 Karma
Hi Sanjay, I have created an YouTube video just because you asked me. Here is how we install Splunk 9.0.1 on RedHat Linux. https://www.youtube.com/watch?v=tILaBpm1PjQ Regards Suman P.
... View more
11-11-2022
08:54 AM
Hi,
I am facing an issue with the eval if condition. Please help.
index=main, source=ls.csv
| eval new_field = if(error=200,"sc","cs",if(error=500,"css","ssc"))
| table error new_field
Regards
Suman P.
... View more
- Tags:
- eval
Labels
- Labels:
-
eval
11-05-2022
01:40 AM
Hi All, I am trying to install Splunk on RedHat Linux on my personal VM. I am facing issues. Kindly help. Regards Suman P.
... View more
- Tags:
- redhat
Labels
- Labels:
-
Linux
11-04-2022
10:55 AM
Hi Sir, I am a complete beginner. I know how to onboard the data via upload and Monitor options. But in real time, I know that they will not use any of these options. They will be using command line way I believe. So, I want to learn this from experts like you. If you can share the documentation or video that might be helpful. Regards Suman P.
... View more
11-04-2022
09:15 AM
Hi,
Can anyone help me with a video or documentation where it shows onboarding the data via server and not from UI.
Regards
Suman P.
... View more
Labels
- Labels:
-
universal forwarder
11-01-2022
02:37 AM
Hi @inventsekar , Why do we need to add makeresults? Also why do we need to multiple eval commands? Regards Suman P.
... View more
11-01-2022
01:02 AM
Hi @inventsekar , I want to know what my mistake is, you all being experienced I watt to know where I am making mistake so that i will learn and never repeat it. Thank you. Regards Suman P.
... View more
11-01-2022
12:03 AM
Hi,
I have used eval with multiple if conditions and it's failing. Kindly help.
source = "2access_30DAY.log"
| eval new_field = if(status==200, "I love you Suman", "I love you Cloeh", if(status==403, "Suman Cloeh", "Cloeh Suman"))
| table status, new_field
Regards
Suman P.
... View more
- Tags:
- eval
Labels
- Labels:
-
eval
10-31-2022
09:51 PM
Thank you @yuanliu but I have a question please. Field name should be in double quotes. so, shouldn't status be in double quotes? Why is it giving me an error when I use it? Regards Suman P.
... View more
10-31-2022
07:52 PM
Hi,
I wrote a eval command and its not working. Kindly help.
source = "2access_30DAY.log" | eval "new_field" = case('status'=200, 'Suman and Cloeh are best couple') | table "status" "new_field"
Regards
Suman P.
... View more
- Tags:
- eval
Labels
- Labels:
-
eval
10-31-2022
10:12 AM
Sorry, I am being stupid. '.' operator allows concatenation of numeric and alphabets while '+' allows only concatenation of alphabets and numeric. Regards Suman P.
... View more
10-31-2022
10:01 AM
Hi,
Can we concatenate a string with a number using eval with '.' operator? I got to know that from a video, but when i do it, I am able to do it. I don't know what is going on. Kindly help.
Regards
Suman P.
... View more
- Tags:
- eval
Labels
- Labels:
-
search job inspector
10-31-2022
01:50 AM
Hi, Please give the answer in couple of lines for both the scenarios. For 1. Data from a certain date or certain sourcetype or index is missing 2. All the data is missing Regards Suman P.
... View more
10-31-2022
12:49 AM
Hi, I have a question for my understanding. Kindly help. You had data in the past, one fine day if you see there is no data, how do you troubleshoot? Regards Suman P.
... View more
- Tags:
- search
- troubleshoot
Labels
- Labels:
-
search job inspector
