Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About r_s01
r_s01
Explorer
Member since:
12-21-2024
01-14-2025
Community Statistics
| Posts | 11 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 0 |
| Member Since | 12-21-2024 |
Activity Feed
- Posted Re: Trying to check and set values conditionally but below query is giving error on Splunk Search. 01-10-2025 05:26 AM
- Karma Re: Trying to check and set values conditionally but below query is giving error for PickleRick. 01-10-2025 05:23 AM
- Posted Re: Trying to check and set values conditionally but below query is giving error on Splunk Search. 01-10-2025 12:37 AM
- Posted Trying to check and set values conditionally but below query is giving error on Splunk Search. 01-09-2025 11:55 PM
- Tagged Trying to check and set values conditionally but below query is giving error on Splunk Search. 01-09-2025 11:55 PM
- Karma Re: Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NUL for PaulPanther. 01-09-2025 07:35 AM
- Karma Re: Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NUL for PaulPanther. 01-09-2025 07:35 AM
- Posted Re: Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NUL on Splunk Search. 01-09-2025 07:11 AM
- Posted Re: Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NUL on Splunk Search. 01-09-2025 07:04 AM
- Posted Re: Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NUL on Splunk Search. 01-09-2025 06:47 AM
- Posted Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NULL in result on Splunk Search. 01-09-2025 05:52 AM
- Posted Not coming values for message.backendCalls.responseCode field in below query on Splunk Search. 12-25-2024 12:14 AM
- Posted Re: Remove duplicate URLs from search result on Monitoring Splunk. 12-23-2024 04:01 AM
- Karma Re: Remove duplicate URLs from search result for PickleRick. 12-21-2024 03:29 AM
- Posted Re: Remove duplicate URLs from search result on Monitoring Splunk. 12-21-2024 03:12 AM
- Posted Remove duplicate URLs from search result on Monitoring Splunk. 12-21-2024 12:23 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-10-2025
05:26 AM
Tried same approach but nothing is coming under "Statistics" , when i am not checking any condition then i am getting below record, Now if you relate my question with below then you can understand that under 5-key inboundSsoType deep link is coming in response so i just want to replace 5-key string to that deep link.
Below is JSON from where i am trying to check condition.
message: { [-]
backendCalls: [ [+]
]
deviceInfo: { [+]
}
elapsedTime: 210
exceptionList: [ [+]
]
incomingRequest: { [-]
deepLink: https://member.uhc.com
hsidSSOParameters: { [+]
}
inboundSsoType: 5-KEY
... View more
01-10-2025
12:37 AM
I am trying to set message.incomingRequest.deepLink values if(message.incomingRequest.inboundSsoType == "5-KEY", message.incomingRequest.inboundSsoType== "HYBRID" then set message.incomingRequest.inboundSsoType itself and under as Count by i am adding ssoType so that whatever result we have under same ssoType variable will get in my count. index="uhcportals-prod-logs" sourcetype=kubernetes container_name="myuhc-sso" logger="com.uhg.myuhc.log.SplunkLog" message.ssoType="Inbound" | eval ssoType = if(message.incomingRequest.inboundSsoType == "5-KEY", message.incomingRequest.deepLink, message.incomingRequest.inboundSsoType== "HYBRID", message.incomingRequest.inboundSsoType) | stats distinct_count("message.ssoAttributes.EEID") as Count by ssoType, "message.backendCalls{}.responseCode"
... View more
01-09-2025
11:55 PM
Trying to check and set values conditionally but below query is giving error Error :- Error in 'eval' command: Fields cannot be assigned a boolean result. Instead, try if([bool expr], [expr], [expr]). The search job has failed due to an error. You may be able view the job in the Query :- index="uhcportals-prod-logs" sourcetype=kubernetes container_name="myuhc-sso" logger="com.uhg.myuhc.log.SplunkLog" message.ssoType="Inbound" | eval ssoType = if(message.incomingRequest.inboundSsoType == "5-KEY", message.incomingRequest.deepLink, message.incomingRequest.inboundSsoType== "HYBRID", message.incomingRequest.inboundSsoType) | stats distinct_count("message.ssoAttributes.EEID") as Count by ssoType, "message.backendCalls{}.responseCode"
... View more
- Tags:
- error
Labels
- Labels:
-
stats
01-09-2025
07:11 AM
When i am trying with message.backendCalls{}.endPoint then its showing exactly where 404 is coming but i want result on the basis for LOB. any suggestion?
... View more
01-09-2025
07:04 AM
There is still no response for 404 status code, its only coming for below query index="uhcportals-prod-logs" sourcetype=kubernetes container_name="myuhc-sso" logger="com.uhg.myuhc.log.SplunkLog" message.ssoType="Inbound" | chart count by "message.backendCalls{}.responseCode", "message.incomingRequest.lob"
... View more
01-09-2025
06:47 AM
Thanks is there any way though which we can re-adjust the query so that only correct lob values come. There is 404 status codes which should comes for below shared URL When i am trying with message.backendCalls{}.endPoint then its showing exactly where 404 is coming but i want result on the basis for LOB.
... View more
01-09-2025
05:52 AM
index="uhcportals-prod-logs" sourcetype=kubernetes container_name="myuhc-sso" logger="com.uhg.myuhc.log.SplunkLog" message.ssoType="Inbound" | chart count by "message.backendCalls{}.responseCode", "message.incomingRequest.lob"
Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NULL in above shared result, Any idea? or any instruction for debugging so that we can find the root cause. Let me know if more details is needed.
... View more
Labels
- Labels:
-
field extraction
12-25-2024
12:14 AM
When trying to fetch values using below query then its not showing result in statistics, Reason is i want to fetch message.backendCalls.responseCode also in my statistics response its showing nothing there when i am adding same field at the end of below.
Query :-
index="uhcportals-prod-logs" sourcetype=kubernetes container_name="myuhc-sso" logger="com.uhg.myuhc.log.SplunkLog" message.ssoType="Outbound" | spath "message.incomingRequest.partner" | rename message.incomingRequest.partner as "SSO_Partner" | search "SSO_Partner"=* | stats distinct_count("UUID") as Count by SSO_Partner, Membership_LOB, message.backendCalls.responseCode
When i am not adding same field then its showing below results,
Below is showing whole JSON from which i am trying to fetch response code.
{ [-]
@timestamp: 2024-12-25T08:10:57.764Z
Membership_Category: *******
Membership_LOB: ****
UUID: ********
adminId:*************
adminLevel: *************
correlation-id: *************
dd.env:*************
dd.service:*************
dd.span_id:*************
dd.trace_id:*************
dd.version:*************
logger:*************
message: { [-]
backendCalls: [ [-]
{ [-]
elapsedTime: ****
endPoint:*************
requestObject: { [+]
}
responseCode: 200
responseObject: { [+]
}
}
]
... View more
12-23-2024
04:01 AM
I am trying to get response on the basis on coming status codes from message.outgoingResponse.istURL, But problem is that there is no field to read return status code from below shared screen shot URL, is there any way we can get status code as we got from any URL on browser? Query :-
index="uhcportals-prod-logs" sourcetype=kubernetes container_name="myuhc-sso" logger="com.uhg.myuhc.log.SplunkLog" message.ssoType="Outbound" | spath "message.incomingRequest.partner" | rename message.incomingRequest.partner as "SSO Partner" | search "SSO Partner"=sso_SSOPartner_Amwell | stats count by message.outgoingResponse.istURL
... View more
12-21-2024
03:12 AM
Thanks for response, There is a field called URI some URI is coming as duplicate. how i can adjust query so that duplicate URI won't come?
... View more
12-21-2024
12:23 AM
Trying to get success and failure status count using below query but its not filtering out the duplicate URLs, Can someone help me into this? I want result in less number of rows but lob, URI, API_Status and its count should show. "*/prescriptions/eni/api/api-cw/*" (URI != "*/prescriptions/eni/api/api-cw/legacySession/cache*") | stats count by lob,URI,API_Staus Result is coming as below,
... View more
Labels
- Labels:
-
monitoring console
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-14-2025
10:11 AM
|
