Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About JMPP
JMPP
Explorer
Member since:
01-30-2024
05-01-2025
Community Statistics
| Posts | 11 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 1 |
| Member Since | 01-30-2024 |
Activity Feed
- Posted Re: Send an Email for each lookup .csv processed. on Splunk Search. 05-01-2025 12:10 PM
- Karma Re: Send an Email for each lookup .csv processed. for yuanliu. 05-01-2025 11:58 AM
- Posted Re: Send an Email for each lookup .csv processed. on Splunk Search. 04-29-2025 03:35 PM
- Posted Send an Email for each lookup .csv processed. on Splunk Search. 04-29-2025 11:53 AM
- Posted Re: Sum categories from a main search. on Splunk Search. 06-04-2024 09:43 AM
- Got Karma for Re: CSV file different format when downloaded from report generated.. 06-02-2024 01:18 PM
- Posted Sum categories from a main search. on Splunk Search. 05-31-2024 01:35 PM
- Posted Re: CSV file different format when downloaded from report generated. on Other Usage. 05-30-2024 11:33 AM
- Posted Re: CSV file different format when downloaded from report generated. on Other Usage. 04-15-2024 02:11 PM
- Posted Re: CSV file different format when downloaded from report generated. on Other Usage. 04-08-2024 11:04 AM
- Karma Re: CSV file different format when downloaded from report generated. for tscroggins. 04-08-2024 11:02 AM
- Posted CSV file different format when downloaded from report generated. on Other Usage. 04-05-2024 08:23 AM
- Karma Re: How can I search events based on another lookup file subsearch using like. for richgalloway. 02-01-2024 06:26 AM
- Posted Re: How can I search events based on another lookup file subsearch using like. on Splunk Search. 01-30-2024 01:13 PM
- Posted How can I search events based on another lookup file subsearch using like. on Splunk Search. 01-30-2024 05:35 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
05-01-2025
12:10 PM
Hi, Your response was the key to make the idea I had happened. I have to made some changes to the query. Since I have a long file list, I decided to list them with "| rest" command, then I was getting wildcard issues and I had to make macros to overcome that problem. Now I working with the Splunk admin team because I am getting the error below casuse by "| sendemail" and it is caused by a missing admin access: [map]: command="sendemail", 'rootCAPath' while sending mail to: jpichardo@jaggaer.com I cannot use "| sendresults" command because the version we have does not support it. | rest /servicesNS/-/-/data/lookup-table-files f=title splunk_server=local ```To avoid the "you do not have the "dispatch_rest_to_indexers" capability" warning``` | fields title | search title="lk_file*.csv" | dedup title | map maxsearches=9999 search="inputlookup $title$ |eval filename=$title$ | search path!=`macroDoubleQuotation` | stats values(duration_time) AS duration_time by path filename | `macroMakemvNewLineDelimeter` duration_time | eval duration_time=`macroSplitSpace` | `macroPerformanceP90` | sort path | `macroSendMailPerformanceSlaList` Thanks so much for help me with!!!. Regards,
... View more
04-29-2025
03:35 PM
Hi @livehybrid The goal is a single execution of the search/query below for each file e.g.: lk_file_abc3477.csv, lk_file_xare000csv, lk_file_ppbc34ee.csv, etc.. and send an email for each of them individually. | inputlookup lk_file_abc3477.csv | stats values(duration_time) AS duration_time by path | makemv delim="\n " duration_time | eval duration_time=split(duration_time," ") | stats p90(duration_time) as "90th percentile (sec)" by path | sort path Regards
... View more
04-29-2025
11:53 AM
Hi Splunk Community team, Please help: I have N number of lookup lk_file_abc3477.csv, lk_file_xare000csv, lk_file_ppbc34ee.csv, etc.... files. I have a splunk search/script that will be processing the same data type and same number of columns and my question is, is there any way to process each file and send an email for each individually, using Reports or Alerts option or any other way in one single execution? Regards,
... View more
06-04-2024
09:43 AM
Hi @dtburrows3, Thanks so much it helped me a lot your suggestions, for now I will go with eventstats solutions. For foreach command I need to go deep on it since it is more complex. @PickleRick I will try xyseries, same as I did before to have the expected single values for the productcat# fields. Need to push this report to Production ASAP.
... View more
05-31-2024
01:35 PM
Hi Cummunity team, I have a complex query to gather the data below, but a new request came up, it was asked to me to add in the report email subject the product category totals by Category. with the $result.productcat1$ and $result.productcat2$ I could apprach that, but the way I'm calculating the totals I'm not getting the expected numbers, because I'm appeding the columns from a subquery and transposing the values with xyseries. Could you please suggest how can I sum(Sales Total) by productcat1 and productcat2 in a new field but keeping the same output as I have now?, e.g.: something like if ProducCategory="productcat1"; then productcat1=productcat1+SalesTotal, else productcat2=productcat2+SalesTotal ``` But Print the original output ``` Consider productcat1 and productcat2 are fixed values. ENV ProducCategory ProductName SalesCondition SalesTotal productcat1 productcat2 prod productcat1 productR blabla 9 152 160 prod productcat1 productj blabla 8 prod productcat1 productc blabla 33 prod productcat2 productx blabla 77 prod productcat2 productpp blabla 89 prod productcat2 productRr blabla 11 prod productcat1 productRs blabla 6 prod productcat1 productRd blabla 43 prod productcat1 productRq blabla 55 Thanks in advance.
... View more
Labels
- Labels:
-
stats
05-30-2024
11:33 AM
1 Karma
Hi @tscroggins, Thanks for all your comments, I'm running with 8.2v and the 1st suggestion you made worked, but we didn't see the changes until the restart of the Search heads were made. Now the CSV files are comming with the right format. One thing I noticed, If I clone an existing report with CSV format configuration, the new one will adopt that configuration too. Thanks
... View more
04-15-2024
02:11 PM
@tscroggins, Is the suggested configuration restricted to certain Splunk Versions?, because we have tried different options but we are not seeing the CSV formated as expected also the instances were restarted. Thanks in advance, we have ran the reports simple as possible. e.g.: "index=os earliest=-5m |timechart span=1m values(host)" Regards
... View more
04-08-2024
11:04 AM
Hi @tscroggins Really appreciate your comments, I'm currently working with the changes You've suggested. Thanks and Regards,
... View more
04-05-2024
08:23 AM
Hi Everyone, For some reason I'm getting different CSV format file when I downloaded vs from the report generated on scheduled report functionality. - When I downloaded the file from the splunk search option I am getting some like: {"timestamp: 2024-04-02T22:42:19.655Z sequence: 735 blablaclasname: com.rr.jj.eee.rrr anotherblablaclasnameName: com.rr.rr.rrrr.rrr level: ERRROR exceptionMessage: blablabc .... } - When I received by email the file using the same query I'm getting something like: {"timestamp: 2024-04-02T22:42:19.655Z\nsequence: 735\nblablaclasname: com.rr.jj.eee.rrr\nanotherblablaclasnameName: com.rr.rr.rrrr.rrr\nlevel: ERRROR\n\nexceptionMessage: blablabc\n....} *.conf file I am seeing: LINE_BREAKER = \}(\,?[\r\n]+)\{? Regards
... View more
Labels
- Labels:
-
CSV
01-30-2024
01:13 PM
Hi @richgalloway Your sugestion to use return helped me to make the query works. I have made to make some adjustments too : ..main search |where like(onerowevent, [| inputlookup blabla.csv| <whatever_condition_to_make_onecompare_field>| eval onecompare="\"%".onecompare."%\""|return $onecompare] The only thing is, when I'm using ' |return $onecompare ', I'm missing one row from the output, even if I test the subsearch separately. I will figure out what is making ' return ' clause skip the row. Regards,
... View more
01-30-2024
05:35 AM
Hi, Would you mind to help on this?, I have been working for days to figure out how can I pass a lookup file subsearch as "like" condition in main search, something like: To examples: 1)
. . main search| where like(onerowevent, "%".[search [| inputlookup blabla.csv| <whatever_condition_to_make_onecompare_field>|table onecompare }]."%"]])
2)
. . main search| eval onerowevent=if(like(onerowevent,, "%".[search [| inputlookup blabla.csv| <whatever_condition_to_make_onecompare_field>|table onecompare }]."%"]])),onerowevent,"")
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-01-2025
11:57 AM
|
