Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About srv007
srv007
Path Finder
Member since:
04-06-2023
04-26-2024
Community Statistics
| Posts | 23 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 0 |
| Member Since | 04-06-2023 |
Activity Feed
- Posted Jmeter Results on splunk dashboard on Splunk Search. 04-25-2024 11:06 PM
- Posted Re: How to remove wild cards/suffix values from values of hostname? on Splunk Search. 08-14-2023 04:52 AM
- Karma Re: How to remove wild cards/suffix values from values of hostname? for ITWhisperer. 08-13-2023 02:16 PM
- Posted Re: How to remove wild cards/suffix values from values of hostname? on Splunk Search. 08-11-2023 03:09 AM
- Posted Re: Remove wild cards/suffix values from values of hostname on Splunk Search. 08-09-2023 11:11 AM
- Posted How to remove wild cards/suffix values from values of hostname? on Splunk Search. 08-09-2023 11:09 AM
- Posted Re: Duplicate values for each fields coming up where lookup is used on Dashboards & Visualizations. 06-20-2023 07:50 AM
- Posted Re: Duplicate values for each fields coming up where lookup is used on Dashboards & Visualizations. 06-20-2023 07:42 AM
- Posted Re: Duplicate values for each fields coming up where lookup is used on Dashboards & Visualizations. 06-20-2023 07:38 AM
- Karma Re: Duplicate values for each fields coming up where lookup is used for ITWhisperer. 06-20-2023 07:38 AM
- Posted Re: Duplicate values for each fields coming up where lookup is used on Dashboards & Visualizations. 06-20-2023 07:23 AM
- Posted Re: Duplicate values for each fields coming up where lookup is used on Dashboards & Visualizations. 06-20-2023 06:50 AM
- Posted Re: Duplicate values for each fields coming up where lookup is used on Dashboards & Visualizations. 06-20-2023 06:43 AM
- Posted Re: Duplicate values for each fields coming up where lookup is used on Dashboards & Visualizations. 06-20-2023 05:47 AM
- Posted Re: Duplicate values for each fields coming up where lookup is used on Dashboards & Visualizations. 06-20-2023 05:16 AM
- Posted Re: Duplicate values for each fields coming up where lookup is used on Dashboards & Visualizations. 06-20-2023 05:08 AM
- Posted Re: Duplicate values for each fields coming up where lookup is used on Dashboards & Visualizations. 06-20-2023 04:09 AM
- Tagged Duplicate values for each fields coming up where lookup is used? on Dashboards & Visualizations. 06-19-2023 12:43 PM
- Tagged Duplicate values for each fields coming up where lookup is used? on Dashboards & Visualizations. 06-19-2023 12:43 PM
- Posted Duplicate values for each fields coming up where lookup is used? on Dashboards & Visualizations. 06-19-2023 11:41 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-25-2024
11:06 PM
We have a requirement to have a splunk dashboard which shows all the testcases that we have run from Jmeter for visibility purpose. I want to understand how can we achieve this. Jmeter gives the option to export the detailed reports in csv format which can be uploaded to splunk but that would be manual approach, every time uploading csv file would be time consuming one. Is there anyway we can integrate Jmeter with Splunk which allows to dump the reports on splunk. The limitation here is since its a project in an organization, any external app or plugin can not be installed which is not approved by the organization.
... View more
Labels
- Labels:
-
field extraction
-
search job inspector
08-14-2023
04:52 AM
This did help actually. few hosts have entries like ###gbl12344 - old### anyway to fetch only hostname for such cases?
... View more
08-11-2023
03:09 AM
Any guidance/help is appreciated
... View more
08-09-2023
11:11 AM
##Note - Also point to be noted that some hostname can be of 6 characters some can be 8 and like so extracting hostname as number of characters might not be suitable.
... View more
08-09-2023
11:09 AM
below is my search query index="inm_inventory"
|table inventory_date, region, vm_name, version
|dedup vm_name | search vm_name="*old*" OR vm_name="*restore*" output as below : The challenge here is each vm_name has different suffix added and its not standard since any user adds any comment to to it so it could be anything. how do i perform look for the vm names since lookup file only has hostnames and no suffix. i have a lookup file named itso.csv which has details like hostname(all in lower case), tier, owner, country. I want to use lookup in my main search for the fields tier, owner, country end requirement is to do lookup for the vm_name in itso.csv file and add details like tier, countrycode, owner in the main search output.
... View more
- Tags:
- wildcard
Labels
- Labels:
-
eval
-
field extraction
-
lookup
-
regex
06-20-2023
07:50 AM
index=standard_tanium source="Prod-CSV" script=read.ps1" |rename field01 as user |rename field02 as login-count |rename CSV-Timestamp as Script_run |rex mode=sed field=user "/[&?].*//g" |table Script_run IDBC-Hostname user login-count |lookup read-login.csv user-id as user OUTPUTNEW user-id |lookup owner.csv hostname as IDBC-Hostname OUTPUTNEW tier sownername servicename |search user-id=* |sort -login-count |stats values(*) as * by Script_run IDBC-Hostname user login-count |table Script_run IDBC-Hostname user login-count tier sownername servicename
... View more
06-20-2023
07:42 AM
Update -- i added | table and the fields to show and this as fixed the above mentioned too. Kudos!!
... View more
06-20-2023
07:38 AM
Thanks Mate, this did help. all repeated fields are gone, at the same time not affecting the hostname. so output is below : The only concern is can we remove user-id from getting displayed as same info already being shown under user. And if we can re-allign the order of the fields. example -- Script_run IDBC-Hostname user login-count tier sownername servicename
... View more
06-20-2023
07:23 AM
owner.csv has only one entry for each hostname? >> correct So each event has one value for IDBC-Hostname >> can have more, hostname can re-appear but against different user and its run daily, so can have more than one entry for same hostname.
... View more
06-20-2023
06:50 AM
index=standard_tanium source="Prod-CSV" script=read.ps1" |rename field01 as user |rename field02 as login-count |rename CSV-Timestamp as Script_run |rex mode=sed field=user "/[&?].*//g" |table Script_run IDBC-Hostname user login-count |lookup read-login.csv user-id as user OUTPUTNEW user-id |lookup owner.csv hostname as IDBC-Hostname OUTPUTNEW tier sownername servicename |search user-id=* |sort -login-count |fields Script_run IDBC-Hostname user login-count tier sownername servicename When i add lookup for owner.csv then its creating duplicates for the lookup fields. owner.csv has tier,sownername servicename field values which i'm comparing and adding to my main search read-login.csv has user account info. read.ps1 has info about about all hostnames and login count. Using read-login.csv im fetching details for accounts mentioned in that csv only, and doing lookup with owner.csv i'm adding the extra fields to the search results.
... View more
06-20-2023
06:43 AM
index=standard_tanium source="Prod-CSV" script=read.ps1" |rename field01 as user |rename field02 as login-count |rename CSV-Timestamp as Script_run |rex mode=sed field=user "/[&?].*//g" |table Script_run IDBC-Hostname user login-count |lookup read-login.csv user-id as user OUTPUTNEW user-id |search user-id=* |sort -login-count |fields Script_run IDBC-Hostname user login-count tier sownername servicename This gives output as below-- Script_run IDBC-Hostname user login-count tier sownername servicename 2023/06/19 12:25 abc12345 11133121-990 4 2023/06/15 17:25 xzyz1112 33421111-990 2 2023/06/14 19:15 arsd1123 7877333-750 1 2023/06/12 12:25 abc12345 9911128-630 3
... View more
06-20-2023
05:47 AM
Below is the result : Script_run IDBC-Hostname user login-count 2023/06/19 12:25 abc12345 11133121-990 4 2023/06/15 17:25 xzyz1112 33421111-990 2 2023/06/14 19:15 arsd1123 7877333-750 1 2023/06/12 12:25 abc12345 9911128-630 3 Here it is expected to have repeated hostnames as the user id is varying and we need sum total of login-count so we shouldnt dedup hostnames. Now the problem of duplicate value happens for fields which we using for lookup like tier
... View more
06-20-2023
05:16 AM
still same, no help.
... View more
06-20-2023
05:08 AM
still same result, no changes
... View more
06-20-2023
04:09 AM
want to understand why the lookup fields are appearing repeated and how to fix it. I did try |mvexpand tier | dedup IDBC-Hostname but then that removes duplicate entries which shouldn't happen as it can be case same server repeated and we need data for it. This dedup affects login-count since dedup removes duplicate hostnames.
... View more
06-19-2023
11:41 AM
Below is the splunk query that i'm using.
index=standard_tanium source="Prod-CSV" script=read.ps1"
|rename field01 as user
|rename field02 as login-count
|rename CSV-Timestamp as Script_run
|rex mode=sed field=user "/[&?].*//g"
|table Script_run IDBC-Hostname user login-count
|lookup read-login.csv user-id as user OUTPUTNEW user-id
|lookup owner.csv hostname as IDBC-Hostname OUTPUTNEW tier sownername servicename
|search user-id=*
|sort - login-count
| fields Script_run IDBC-Hostname user login-count tier sownername servicename
the above query is working fine, just duplicate values coming for tier sownername servicename Output : Script_run IDBC-Hostname user login-count tier sownername servicename 2023/06/19 12:25 abc12345 11133121-990 4 2 Bob ADF-Co
2 Bob ADF-Co
2 Bob ADF-Co
2 Bob ADF-Co
2023/06/15 17:25 xzyz1112 33421111-990 2 1 Sam AXF-Co
1 Sam AXF-Co
1 Sam AXF-Co
1 Sam AXF-Co
... View more
Labels
- Labels:
-
dashboard
05-05-2023
05:06 AM
I managed to get the data displayed in below format by using chart command. index=this_is_demo source="demo-kv" script=demo.ps1 hostname IN (*) |chart limit=0 list(value) over hostname by key |transpose 0 My only requirement left is use filters where we can select the keys such as username or puppet status and it should display the selected filter only.
... View more
05-04-2023
01:35 PM
And later on need to apply drop down filter on those fields such as username, Puppet status.
... View more
05-04-2023
01:31 PM
This is how the output is from above query which is not what im looking for. What i want to achieve is something like below -- Sorry if i have not been clear much
... View more
05-03-2023
02:01 AM
Requirement is to break key value into fields and show data in below format for each hosts -- hostname : server1.com username : john hardware manufacturer : HP Puppet status : Active CPU count : 12 hostname : server2.com username : Tim hardware manufacturer : IBM Puppet status : Fail CPU count : 12
... View more
05-02-2023
08:42 AM
The data is in key value format instead of field value due to limitation of fields to be used.
There are 10+ key value for each host. I'm looking to convert these key value data into fields so that i can apply the drop down filter as input and search result get updated as per the field selected in the drop down input.
Here is an example of how my data is appearing in splunk.
index=this_is_demo source="demo-kv" script=demo.ps1 hostname IN (*)
hostname - server1.com IP - 128.xx.xx.xx group - key - username value - john script -demo.ps1
hostname - server1.com IP - 128.xx.xx.xx group - key - hardware manufacturer value - HP script -demo.ps1
hostname - server1.com IP - 128.xx.xx.xx group - key - Puppet status value - active script -demo.ps1
hostname - server1.com IP - 128.xx.xx.xx group - key - CPU count value - 12 script -demo.ps1
Appreciate all the knowledge and guidance here. 🙂
... View more
04-06-2023
08:50 AM
I have a splunk search query which shows the details but the problem here is it only shows the results if the hostname passed in the text box is with fqdn. If hostname entered is without fqdn it won't show any result. How do I make the query to work if I pass abc123.xyz.com or abc123.
Apologizes if it's already answered, very new to Splunk.
... View more
Labels
- Labels:
-
table
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-26-2024
01:55 AM
|
