Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About drogo
drogo
Explorer
Member since:
03-18-2023
11-15-2024
Community Statistics
| Posts | 12 |
| Solutions | 0 |
| Karma Given | 9 |
| Karma Received | 1 |
| Member Since | 03-18-2023 |
Activity Feed
- Posted Filter data from json file on Splunk Search. 11-14-2024 05:36 AM
- Posted Re: How to convert date time to epoc time. on Splunk Search. 07-17-2024 05:18 AM
- Posted How to convert date time to epoc time. on Splunk Search. 07-17-2024 03:36 AM
- Posted Re: Split square bracket expression on Splunk Search. 08-28-2023 07:32 AM
- Posted Re: Split square bracket expression on Splunk Search. 08-28-2023 07:31 AM
- Karma Re: Split square bracket expression for richgalloway. 08-28-2023 07:31 AM
- Karma Re: Split square bracket expression for ITWhisperer. 08-28-2023 07:31 AM
- Posted Split square bracket expression: How to separate out below fields in table format? on Splunk Search. 08-28-2023 05:27 AM
- Tagged Split square bracket expression: How to separate out below fields in table format? on Splunk Search. 08-28-2023 05:27 AM
- Tagged Split square bracket expression: How to separate out below fields in table format? on Splunk Search. 08-28-2023 05:27 AM
- Tagged Split square bracket expression: How to separate out below fields in table format? on Splunk Search. 08-28-2023 05:27 AM
- Posted How to create Alert query when date in field is less that 30days? on Splunk Search. 08-09-2023 01:49 AM
- Tagged How to create Alert query when date in field is less that 30days? on Splunk Search. 08-09-2023 01:49 AM
- Tagged How to create Alert query when date in field is less that 30days? on Splunk Search. 08-09-2023 01:49 AM
- Posted Re: How to extract fields from txt format on Splunk Search. 03-27-2023 11:41 PM
- Posted Re: How to extract fields from txt format on Splunk Search. 03-27-2023 11:16 PM
- Karma Re: How to extract fields from txt format for gcusello. 03-27-2023 11:11 PM
- Karma Re: How to extract fields from txt format for ITWhisperer. 03-27-2023 10:50 PM
- Posted How to extract fields from txt format? on Splunk Search. 03-22-2023 01:34 AM
- Karma Re: Splunk query to extract key value pair for ITWhisperer. 03-19-2023 06:17 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-14-2024
05:36 AM
Team, I am bit new to Splunk, need help to pull ERR message from below sample raw data. {"hosting_environment": "nonp", "application_environment": "nonp", "message": "[20621] 2024/11/14 12:39:46.899958 [ERR] 10.25.1.2:30080 - pid:96866" - unable to connect to endpoint , "service": "hello world"} Thanks!
... View more
07-17-2024
03:36 AM
Team, wanted to convert below time into epoc time. Please help. time - Nov 16 10:00:57 2024
... View more
Labels
- Labels:
-
eval
08-28-2023
05:27 AM
Hi,
I want to separate out below fields in table format.
Raw = Namespace [com.sampple.ne.vas.events], ServiceName [flp-eg-cg], Version [0.0.1], isActive [true], AppliationType [EVENT]
Query I am using = | eval Namespace=mvindex(split(mvindex(split(_raw, "Namespace "),1),"],"),1) | eval ServiceName=mvindex(split(mvindex(split(_raw,"ServiceName "),1),"],"),0) | eval Version=mvindex(split(mvindex(split(_raw,"Version "),1),"],"),0) | stats latest(Namespace) as Namespace latest(ServiceName) as ServiceName latest(Version) as Version by host | sort -Version
Expected result
Host
AppName
ServiceName
Version
... View more
Labels
- Labels:
-
fields
08-09-2023
01:49 AM
Hi Team,
I am setting up an alert on Splunk where my data is in below format. I am writing a query where it returns those row only where CertExpiry is in15 days. Basically alert should trigger if cert is getting expired in next 15days.
Component
Server
CertExpiry
Zone.jar
sample
September 13, 2023 9:49:49 AM CDT
... View more
Labels
- Labels:
-
stats
03-27-2023
11:41 PM
Hi @gcusello, I got the solution, thanks for your help! https://regex101.com/r/aPEZ6B/1
... View more
03-27-2023
11:16 PM
Thanks gcusello, this really helps. I am getting values which are prior to , in messages but messages are having thousands of count and those in below pattern. How can I get whole value. Update value on below page. https://regex101.com/r/aPEZ6B/1 Sample - 2023-03-21 04:14:13.859, queue_name:stream-AccountProfile, messages: 16,2303, bytes: 13 KiB, actCusumers: 4, numSubjects: 1 2023-03-21 04:14:13.859, queue_name:stream-SampleProfile, messages: 3,522, bytes: 2.4 MiB, actCusumers: 4, numSubjects: 1
... View more
03-22-2023
01:34 AM
Hello, I want to extract fiends from below log format. Can someone please help.
Log format -
2023-03-21 04:14:13.859, queue_name:stream-AccountProfile, messages: 16, bytes: 13 KiB, actCusumers: 4, numSubjects: 1 2023-03-21 04:14:13.859, queue_name:stream-SampleProfile, messages: 3,522, bytes: 2.4 MiB, actCusumers: 4, numSubjects: 1
Fields I want to extract are queue name, messages, actCusumers, numSubjects.
I am using below eval commands but looks like I am not getting all logs, also getting duplicate events.
I am want to extract only latest ones.
Query -
| eval ArrayAttrib=split(_raw,",") | eval numSubjects=mvindex(split(mvindex(ArrayAttrib,-1) ,": "),1) | eval actConsumers=mvindex(split(mvindex(ArrayAttrib,-2) ,": "),1) | eval bytes=mvindex(split(mvindex(ArrayAttrib,-3) ,": "),1) | eval messages=mvindex(split(mvindex(ArrayAttrib,-4) ,": "),1) | eval stream=mvindex(split(mvindex(ArrayAttrib,-5) ,":"),1) | eval dtm=strftime(_time,"%Y-%m-%d %H:%M") | stats max(dtm) by stream numSubjects actConsumers bytes messages | fields "stream", "messages", "actConsumers", "numSubjects", "max(dtm)" | dedup "messages" | dedup "stream" | sort "stream"
... View more
Labels
- Labels:
-
field extraction
-
fields
03-19-2023
01:16 AM
Thanks @gcusello, the main problem I am seeing that on splunk logs. The json file is not showing in one line. Each attribute is on individual line and Splunk is considering each line as separate log. See below example. I am looking to pull config.name field, similarly others.
... View more
03-18-2023
01:43 AM
Hi, I have injected NATS stream details in json format to the splunk and it look below.
Wanted to extract key value pair from it. Any help is appreciated. Thanks in advance!
looking to extract values of below key -
messages
bytes
first_seq
first_ts
last_seq
last_ts
consumer_count
JSON format -
{
"config": {
"name": "test-validation-stream",
"subjects": [
"test.\u003e"
],
"retention": "limits",
"max_consumers": -1,
"max_msgs_per_subject": -1,
"max_msgs": 10000,
"max_bytes": 104857600,
"max_age": 3600000000000,
"max_msg_size": 10485760,
"storage": "file",
"discard": "old",
"num_replicas": 3,
"duplicate_window": 120000000000,
"sealed": false,
"deny_delete": false,
"deny_purge": false,
"allow_rollup_hdrs": false,
"allow_direct": false,
"mirror_direct": false
},
"created": "2023-02-14T19:26:42.663470573Z",
"state": {
"messages": 0,
"bytes": 0,
"first_seq": 39482101,
"first_ts": "1970-01-01T00:00:00Z",
"last_seq": 39482100,
"last_ts": "2023-03-18T03:10:35.6728279Z",
"consumer_count": 105
},
"cluster": {
"name": "cluster",
"leader": "server0.mastercard.int",
"replicas": [
{
"name": "server1",
"current": true,
"active": 387623412
},
{
"name": "server2",
"current": true,
"active": 387434624
}
]
}
}
... View more
Labels
- Labels:
-
chart
-
field extraction
-
lookup
-
regex
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-15-2024
07:14 AM
|
