Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About mikebrittain
mikebrittain
Explorer
Member since:
05-05-2010
06-05-2020
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 2 |
| Member Since | 05-05-2010 |
Activity Feed
- Got Karma for Combining URL fields in reporting. 06-05-2020 12:45 AM
- Got Karma for Applying backreferences followed by numerics within rex. 06-05-2020 12:45 AM
- Posted Re: Applying backreferences followed by numerics within rex on Splunk Search. 12-14-2010 03:21 PM
- Posted Re: Creating new fields based on a list of keys and a list of values on Splunk Search. 12-13-2010 10:20 PM
- Posted Applying backreferences followed by numerics within rex on Splunk Search. 12-13-2010 10:17 PM
- Tagged Applying backreferences followed by numerics within rex on Splunk Search. 12-13-2010 10:17 PM
- Tagged Applying backreferences followed by numerics within rex on Splunk Search. 12-13-2010 10:17 PM
- Posted Creating new fields based on a list of keys and a list of values on Splunk Search. 10-27-2010 05:37 PM
- Tagged Creating new fields based on a list of keys and a list of values on Splunk Search. 10-27-2010 05:37 PM
- Tagged Creating new fields based on a list of keys and a list of values on Splunk Search. 10-27-2010 05:37 PM
- Posted Re: Combining URL fields in reporting on Splunk Search. 05-07-2010 02:50 AM
- Posted Re: Combining URL fields in reporting on Splunk Search. 05-07-2010 01:14 AM
- Posted Combining URL fields in reporting on Splunk Search. 05-06-2010 07:40 PM
- Tagged Combining URL fields in reporting on Splunk Search. 05-06-2010 07:40 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 1 |
12-14-2010
03:21 PM
This doesn't seem to work. The result is a single column for all of the results, rather than split by ten-millions. The column created in Splunk is shown as "\g{1}0m".
... View more
12-13-2010
10:20 PM
I'll accept this answer, but I think the end result will be that we will make some changes to our log format instead.
... View more
12-13-2010
10:17 PM
1 Karma
I'm trying to do some data massaging on a field "volume" that has values like "91456789", "83234512", "30124231" to substitute them with values like (respectively) "90m", "80m", and "30m". In other words, bucketing these values into 10 million range buckets.
I'm applying the following regular expression in "sed" mode. The problem being that the backreference "\1" doesn't interpolate correctly because it's followed by a "0". If I remove the "0", it works fine (with the exception that the values come out as "9m", "8m", and "3m".
rex field=volume mode=sed "s/^(\d)\d+$/\10m/"
In PHP, I would use something like ${1}0m to escape the backreference followed by a numeric. Which also begs the question, what regular expression engine is used by Splunk?
The following substitution does work in the sense that the backreference is populated in the search results, but I cannot seem to format the resulting string with a "0" adjacent to the backreference.
s/^(\d)\d+$/\1 0m/
... View more
10-27-2010
05:37 PM
My data set is web server access logs that include two custom values we insert. The values are lists of keys and lists of values, and can be seen at the end of this entry:
127.0.0.1 - - [27/Oct/2010:17:25:48 +0000] "GET /index.html HTTP/1.1" 200 13211 - "Mozilla/4.0 (compatible; MSIE 7.0)" - 12;14;15;18;22;23;25;35;37;106;47 0;23;1;0;0;1;0;0;1;1;0
The key list is "12;14;15;18;22;23;25;35;37;106;47" and the value list is "0;0;0;0;0;1;0;0;1;1;0".
These key and value lists can have arbitrary lengths. In this case, there are 11 values in each list separated by semi-colons. But in other log entries, there could be just 1 or 2 values, or there could even be 20 values.
I'm trying to figure out how I can create fields based on the first list and assign values to them based on the second list. For example, the fields/values I'd like to see generated would be:
example_12=0
example_24=23
example_15=1
... View more
- Tags:
- list
- multivalue
05-07-2010
02:50 AM
This is a good start. Unfortunately, most of our URLs are not this standardized.
It looks like "rex" will work using mode=sed.
... View more
05-07-2010
01:14 AM
Sadly, our site URLs have pretty wide variations in format and that's not going to work for me.
... View more
05-06-2010
07:40 PM
1 Karma
I'm trying to build a report of slowest pages/scripts on our server based on times for serving those scripts. This will help us track down our worst performing scripts so we can do a bit of performance tuning.
The search I'm using looks like this:
source=".../access.log" | stats avg(response_time) by script_path | sort avg(response_time) desc
The problem with this report is that the top script paths listed include unique IDs, something like this:
/view/item/12345
/view/item/12346
/view/item/12347
I was thinking I could group these together by doing a regex on script_path to replace the digit portion with a single "0" so that the average of response_time is based on all of the similar URLs.
/view/item/0
Having trouble with the search syntax. Any help?
... View more
- Tags:
- regex
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:02 AM
|
