×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
khandelwaly
Explorer
Member since: ‎12-26-2019
‎10-01-2024
Community Statistics
Posts 23
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎12-26-2019
Activity Feed
View All

Re: splunk does not show all data for type complet...

by SplunkTrust in All Apps and Add-ons
‎10-01-2024 06:52 AM
‎10-01-2024 06:52 AM
Don't stats. Just look for raw events. If you have them, the problem is probably in parsing. If you don't, search why you didn't get them ingested properly. ... View more

Re: How to extract a particular field and value fr...

by SplunkTrust in Splunk Search
‎12-12-2020 11:41 AM
1 Karma
‎12-12-2020 11:41 AM
1 Karma
Assuming you have already got or can get your JSON into a field (I have used _raw in this example) and that it is properly formatted (your text doesn't use proper double-quotes and you are missing a comma between two parts of your list), you could do something like this. | makeresults | eval _raw="{\"timestamp\":\"1607797705\",\"instrumentList\":[{\"name\":\"dbcp.numIdle\",\"value\":\"100\"},{\"name\":\"entity.versions.total\",\"value\":\"66137\"},{\"name\":\"http.session.objects\",\"value\":\"2443\"},{\"name\":\"dbcp.numActive\",\"value\":\"0\"}, {\"name\":\"http.sessions\",\"value\":\"544\"}, {\"name\":\"dbcp.maxActive\",\"value\":\"-1\"}]}" | spath input=_raw | rename "instrumentList{}.name" as name "instrumentList{}.value" as value | eval namevalue=mvzip(name, value, ":") | fields - _raw _time name value | mvexpand namevalue | rex field=namevalue "(?<name>[^:]+):(?<value>.+)" | fields - namevalue | where name="dbcp.numActive" | eval {name}=value I wasn't sure if you wanted the name and value in different fields or a field named as the name with the value in it so I have shown both. ... View more

Re: how to configure inputs.conf?

by SplunkTrust in Getting Data In
‎04-15-2020 05:35 AM
‎04-15-2020 05:35 AM
Did you restart the forwarder after changing inputs.conf? Does Splunk have read access to the logs? Do the files appear in the output of the CLI command splunk list monitor ? ... View more

Re: dedup not giving any results.

by in Splunk Search
‎02-06-2020 10:55 AM
‎02-06-2020 10:55 AM
hi @khandelwaly If this solved your issue, please accept the answer. ... View more

Re: How to show comparison graph of jenkins pipeli...

by in Splunk Search
‎12-27-2019 05:14 PM
‎12-27-2019 05:14 PM
index="jenkins_statistics" (host=jenkins.com/test) event_tag=job_event type=completed "stages{}.name"="" "stages{}.children{}.exec_node"="" | rename stages{}.duration as stageduration | rename stages{}.name as stageName | rename "stages{}.children{}.exec_node" as pipeline_nodes | eval exec_nodes=mvdedup(pipeline_nodes) | eval build_on_node=coalesce(exec_nodes, node) | table build_on_node, job_name, stageName, stageduration | eval stage=build_on_node."_".job_name."_".stageName | chart sum(stageduration) as stageduration by stage | table build_on_node, job_name, stageName, stageduration If you provide the results, we could create query. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-01-2024 12:41 AM
Karma given to
View All