Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About kirthika26
kirthika26
Explorer
Member since:
03-20-2023
11-20-2023
Community Statistics
| Posts | 14 |
| Solutions | 1 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 03-20-2023 |
Activity Feed
- Posted Filter events on Splunk Cloud Platform. 11-17-2023 07:10 AM
- Posted How to remove extra space between column headers as well as from the field values table? on Other Usage. 08-14-2023 12:55 AM
- Posted How to run a scheduled search in verbose mode? on Other Usage. 07-25-2023 04:39 AM
- Posted Re: Ignore timestamp events which is immediately decreasing on Splunk Search. 06-24-2023 10:35 AM
- Posted Re: Ignore timestamp events which is immediately decreasing on Splunk Search. 06-24-2023 10:33 AM
- Posted Re: Ignore timestamp events which is immediately decreasing on Splunk Search. 06-24-2023 10:01 AM
- Posted Re: Ignore timestamp events which is immediately decreasing on Splunk Search. 06-24-2023 09:37 AM
- Posted Re: Ignore timestamp events which is immediately decreasing on Splunk Search. 06-24-2023 06:19 AM
- Tagged Re: Ignore timestamp events which is immediately decreasing on Splunk Search. 06-24-2023 06:19 AM
- Posted How to delete events which is decreasing inbetween? on Splunk Search. 06-23-2023 11:33 PM
- Karma Re: Donut Chart for richgalloway. 06-22-2023 09:35 AM
- Posted How to create a Donut Chart? on Splunk Search. 06-22-2023 04:34 AM
- Posted Re: Visualization on Splunk Search. 04-03-2023 03:52 AM
- Posted Re: Visualization on Splunk Search. 04-03-2023 03:37 AM
- Posted Re: Visualization on Splunk Search. 04-03-2023 03:21 AM
- Posted How to represent good visualization with the following fields? on Splunk Search. 04-03-2023 03:05 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-17-2023
07:10 AM
Device_ID : 1 A.txt
2021-07-06 23:30:34.2379| Started! 2021-07-06 23:30:34.6808|3333|-0.051|0.051|0.008|0.016
Device_ID : 1 E.txt
2021-07-13 18:28:26.7769|** 2021-07-13 18:28:27.1363|aa
Device_ID : 2 E.txt
2016-03-02 13:56:06.9283|** 2016-03-02 13:56:07.3333|ff
Device_ID : 2 A.txt
2020-03-02 13:42:30.0111| Started! 2020-03-02 13:42:30.0111|444|-0.051|0.051|0.008|0.016
Query:
index="xx" source="*A.txt"
| eval Device_ID=mvindex(split(source,"/"),5)
| reverse
| table Device_ID _raw
| rex field=_raw "(?<timestamp>[^|]+)\|(?<Probe_ID>[^|]+)"
| table Device_ID timestamp Probe_ID
| rex mode=sed field=timestamp "s/\\\\x00/ /g"
| table Device_ID timestamp Probe_ID
| eval time=strptime(timestamp,"%F %T.%4N")
| streamstats global=f max(time) as latest_time by Device_ID
| where time >= latest_time
| eval _time=strptime(timestamp,"%Y-%m-%d %H:%M:%S.%4N")
| table Device_ID _time Probe_ID
|join type=left Device_ID [ search index="xx" source="*E.txt"
| eval Device_ID=mvindex(split(source,"/"),5)
| reverse
| rex field=_raw "(?<timestamp>[^|]+)"
| stats first(timestamp) as earliesttime last(timestamp) as latesttime by Device_ID
|table Device_ID earliesttime latesttime
]
|where _time >= strptime(earliesttime, "%Y-%m-%d %H:%M:%S.%4N") AND _time <= strptime(latesttime, "%Y-%m-%d %H:%M:%S.%4N")
|search Device_ID="1"
Filtering events based on E.txt earliest timestamp on A.txt.
It is working for Device_ID 1 and not for Device_ID 2.
Both logs are same format.
It is not generating earliest and latest timestamp for device_ID 2. If i run subsearch alone, it is generating.
... View more
Labels
- Labels:
-
development
08-14-2023
12:55 AM
Attached snapshot for reference.
As well as how to reduce the table size to small one
... View more
- Tags:
- splunk search
07-25-2023
04:39 AM
My verbose mode and fast mode results are different . How to run a scheduled search in verbose mode by default? added this parameter in the search stanza in savedsearches.conf display.page.search.mode = verbose But no effect, it is still running in fast mode. Splunk Enterprise Version: 9.0.4.1
... View more
Labels
06-24-2023
10:35 AM
Hi @gcusello , Thanks for your reply. But those rows marked in red should be removed since seconds value starts decreasing. I have marked in blue color
... View more
06-24-2023
10:33 AM
Hi @yuanliu , Thanks for your reply. I tried your query, But the marked rows should be deleted because seconds value decreasing in between. Time before extraction will show the time when data is uploaded Why I'm ignoring those rows mean, when i'm calculating some calculation, there is a huge difference in hrs
... View more
06-24-2023
10:01 AM
Hi @gcusello , I have tried the same way, but can't able to get the desired results. | rex field=_raw "(?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{4})" | eval timestamp=strptime(timestamp,"%Y-%m-%d %H:%M:%S.%4N") | delta timestamp AS delta | table timestamp delta Attached sample data in html. timestamp delta
1635312047
1635312047 -0.0156
1635312046 -0.3501
1628492228 -6819818.165
1628492227 -1.0652
1628492226 -1.0652
1628492225 -1.0052
1628492224 -1.0502
1628492223 -1.0052
1628492222 -1.0502
1628492221 -1.0052
1628492221 -0.1951
1628492221 -0.02
1628492220 -0.8501
1628492220 0
1628492220 -0.025
1628492219 -1.0052
1628492218 -1.0552
1628492217 -1.0052
1628492216 -1.0602
1628492215 -0.3552
1628492215 -0.65
1628492214 -1.0503
1628492213 -1.0052
1628492212 -1.0552
1628492211 -1.0043
1628492210 -0.8397
1628492210 -0.005
1628492210 -0.1842
1628492210 -0.005
1628492210 -0.02
1628492210 -0.025
1628492210 0
1628492210 0
1628492209 -0.9772
1628492208 -1.0584
1628492207 -1.0052
1628492206 -0.2851
1628492206 -0.01
1628492206 -0.01
1628492206 0
1628492206 -0.015
1628492206 -0.7351
1628492205 -0.3401
1628492205 0
1628492205 -0.6651
1628492203 -1.0502
1628492203 -0.2852
1628492203 0
1628492203 -0.01
1628492203 0
1628492203 0
1628492203 -0.01
1628492202 -0.7001
1628492202 -0.7201
1628492202 0
1628492202 0
1628492201 -0.2601
1628492201 -0.135
1628492200 -1.0052
1628492199 -1.0569
1628492216 17.1078
1628492216 -0.1661
1628492216 0
1628492216 -0.4426
1628492216 -0.05
1628492216 0
1628492215 -0.431
1628492215 -0.0854
1628492215 -0.5434
1628492215 -0.07
1628492215 -0.0611
1628492214 -0.1441
1628492214 -0.033
1628492214 -0.023
1628492214 -0.042
1628492214 -0.0511
1628492214 -0.01
1628492214 0
1628492214 -0.1271
1628492214 -0.037
1628492214 -0.034
1628492214 -0.017
1628492214 -0.0431
1628492214 -0.016
1628492214 -0.025
1628492214 -0.065
1628492214 -0.0351
1628492214 -0.039
1628492214 -0.054
1628492214 -0.1441
1628492214 -0.03
1628492214 -0.02
1628492214 -0.035
1628492213 -0.1901
1628492213 0
1628492213 0
1628492213 0
1628492213 -0.04
1628492213 -0.085
1628492213 0
1628492213 -0.01
1628492213 0
1628492213 -0.115
1628492213 -0.1651
1628492213 -0.015
1628492213 0
1628492213 0
1628492212 -0.4701
1628492212 0
1628492212 0
1628492212 -0.225
1628492212 -0.03
1628492212 -0.02
1628492212 -0.5801
1628492211 -0.6301
1628492211 0
1628492211 -0.01
1628492211 0
1628492211 0
1628492211 -0.1051
1628492211 -0.01
1628492211 -0.145
1628492211 -0.075
1628492211 -0.06
1628492210 -0.1
1628492210 -0.442
1628492210 -0.0156
1628492210 0
1628492210 -0.1094
1628492210 -0.1719
1628492210 -0.1562
1628492209 -0.0469
1628492209 -0.1406
1628492209 0
1628492209 -0.0312
1628492209 0
1628492209 -0.4688
1628492209 -0.0782
1628492209 -0.0312
1628492209 -0.0313
1628492209 -0.0156
1628492209 -0.0156
1628492209 0
1628492208 -0.3594
1626875194 -1617014.747
1626875194 -0.0065
... View more
06-24-2023
09:37 AM
Hi @PickleRick , I don't want to show those rows in search result. It won't be in sorted order since i extracted time by regex.
... View more
06-24-2023
06:19 AM
Delta value is coming as "negative" or "zero" for all the rows. So can't able to delete the row.
... View more
- Tags:
- Tha
06-23-2023
11:33 PM
How to delete events which is decreasing inbetween. I have extracted the _time column using regex so that splunk default sorting won't happens.
_time
Warning
2021-08-09 12:26:55.7852
INFO
2021-08-09 12:26:56.2278
INFO
2021-08-09 12:26:56.2278
INFO
2021-08-09 12:26:56.3939
ERROR
2021-08-09 12:26:39.2861
INFO
2021-08-09 12:26:40.3430
ERROR
2021-08-09 12:26:41.3482
INFO
2021-08-09 12:26:41.4832
WARN
2021-08-09 12:26:41.7433
WARN
2021-08-09 12:26:41.7433
INFO
2021-08-09 12:26:41.7433
INFO
2021-08-09 12:26:54.8140
ERROR
2021-08-09 12:26:55.4640
INFO
2021-08-09 12:26:55.8192
INFO
2021-08-09 12:26:56.8794
ERROR
2021-08-09 12:26:57.8846
INFO
2021-08-09 12:26:58.9398
ERROR
2021-08-09 12:26:59.9450
WARN
2021-08-09 12:26:59.9700
ERROR
2021-08-09 12:26:59.9700
INFO
2021-08-09 12:27:00.8201
INFO
2021-08-09 12:27:00.8401
INFO
2021-08-09 12:27:01.0352
ERROR
2021-08-09 12:27:00.8901
INFO
2021-08-09 12:27:00.8701
INFO
2021-08-09 12:27:01.0452
ERROR
It should ignore the events which i marked in "arial black", because "seconds" value starting decreasing.
... View more
Labels
06-22-2023
04:34 AM
DeviceID
Completed
Crashed
1
17
1
2
13
4
3
12
3
How to create a donut chart like the below snippet in splunk.
so here instead of 15884 ,the total of complete and crash should come
Similarly completed and crash count
... View more
Labels
- Labels:
-
chart
04-03-2023
03:37 AM
Hi Giuseppe , Thanks for your reply. But need help in final visualization part after table command
... View more
04-03-2023
03:05 AM
How to represent good visualization with the following fields
DeviceID, Software Version (Eg 1.22.2222.34) , Software Version Release Date (2020-02-03 00:00:00) , Software Version last timestamp ( 2020-02-05 02:04:45) and Total_Days ( 2)
Total Days is the difference between Software Version Release Date and Software Version last timestamp.
Chart should cover all fields
... View more
Labels
- Labels:
-
chart
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-20-2023
09:00 AM
|
