Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About kirti_gupta12
kirti_gupta12
Path Finder
Member since:
01-09-2020
01-11-2022
Community Statistics
| Posts | 14 |
| Solutions | 1 |
| Karma Given | 4 |
| Karma Received | 0 |
| Member Since | 01-09-2020 |
Activity Feed
- Posted Splunk - How to not perform search for greater than 30 days in Time Picker. on Splunk Search. 01-10-2022 10:53 AM
- Posted In Splunk dashboard - I should be able to get logs before the last occurrence of a text msg. on Dashboards & Visualizations. 01-06-2022 02:25 PM
- Posted Color a word in a field/Splunk Result on Splunk Search. 11-17-2021 08:33 AM
- Tagged Color a word in a field/Splunk Result on Splunk Search. 11-17-2021 08:33 AM
- Karma Re: Filter splunk results into a List for scelikok. 11-17-2021 08:23 AM
- Posted Re: Filter the Splunk results into a visualization on Splunk Search. 11-16-2021 05:07 PM
- Posted Re: Filter the Splunk results into a visualization on Splunk Search. 11-16-2021 05:07 PM
- Tagged Re: Filter the Splunk results into a visualization on Splunk Search. 11-16-2021 05:07 PM
- Karma Re: Filter the Splunk results into a visualization for somesoni2. 11-16-2021 05:06 PM
- Posted Re: Filter the Splunk results into a visualization on Splunk Search. 11-16-2021 04:45 PM
- Karma Re: Filter the Splunk results into a visualization for somesoni2. 11-16-2021 04:38 PM
- Posted Filter splunk results into a List on Splunk Search. 11-16-2021 04:01 PM
- Posted Re: Filter the Splunk results into a visualization on Splunk Search. 11-16-2021 03:06 PM
- Posted Re: Filter the Splunk results into a visualization on Splunk Search. 11-16-2021 02:29 PM
- Posted Re: Filter the Splunk results into a visualization on Splunk Search. 11-16-2021 12:53 PM
- Posted Re: Filter the Splunk results into a visualization on Splunk Search. 11-16-2021 12:14 PM
- Posted Re: Filter the Splunk results into a visualization on Splunk Search. 11-16-2021 11:35 AM
- Posted Filter the Splunk results into a visualization on Splunk Search. 11-16-2021 11:32 AM
- Karma Re: Add hosts to Splunk multiselect UI for vnravikumar. 06-05-2020 12:50 AM
- Posted Add hosts to Splunk multiselect UI on Getting Data In. 01-09-2020 02:19 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-10-2022
10:53 AM
I have a Panel in a Dashboard which shows results of a Query and picks the time range from a TimePicker. Goal: If the user selects time greater than 30 days in the TimePicker, the search for this specific panel's query should not search for more than 30 days. It should set the time range to 30 days only if user selects time greater than 30 days in TimePicker. For time selected lesser than 30 days, this specific panel should display results for that selected time range. This is how the current query for this panel looks like: eventtype=$app_name$
| timechart span=1h count by _time
... View more
Labels
01-06-2022
02:25 PM
I have a Splunk Dashboard. It has a text field named "Error msg" and a Time-Picker. (Image - "Dashboard items"). If the text field "Error msg" is empty, I am able to display all the logs within the given time frame. Query : index=AppIndex cf_app_name=AppName msg!="*Hikari*" taskExecutor- | fields _time msg | sort -_time |
| table _time msg Now, If I enter a log message in the text field "Error msg", my goal is, for the given time frame, 1. Search all the occurrences of this "Log message". 2. Get the latest occurrence. 3. In the output table, print the logs right before the last occurrence of the msg. In this way, user can trace the error msg and look at the logs (right before the error in the text field) to find what caused the error to happen. Any suggestions on how this can be done via a query?
... View more
Labels
- Labels:
-
Dashboard Studio
11-17-2021
08:33 AM
I have a Splunk query: index=my_index cf_app_name=$app_name$ msg!="*Hikari*" $log_type$ | sort -_time | table msg It populates Splunk with results. Now, the msg field has log_type as INFO, ERROR, WARNING. Example: 2021-11-17 15:03:34.921 INFO 22 --- [ taskExecutor-1] c.c.p.r.e.EventService : Event sent to event ID: 2111 - REPRICING has finished
2021-11-16 22:23:54.905 ERROR 22 --- [ taskExecutor-1] c.c.p.r.service.SftpService : Could not delete file: /-/PCS.P.KSZ4750J.TRIG.FILE - 4: Failure
2021-11-16 22:23:54.905 WARNING 22 --- [ taskExecutor-1] c.c.p.r.service.SftpService : Could not delete file: /-/PCS.P.KSZ4750J.TRIG.FILE - 4: Failure Now, My goals is to COLOR the log_type field in the "msg" to Green if it's INFO, Red if it's ERROR, and Yellow if it's WARNING. I don't want to color the entire msg field, just the words INFO, ERROR and WARNING should be turned to those specific colors. @scelikok @somesoni2
... View more
- Tags:
- color
11-16-2021
05:07 PM
Perfect! Thanks a lot @somesoni2
... View more
- Tags:
- splunk
11-16-2021
05:07 PM
Perfect! Thanks a lot @somesoni2
... View more
11-16-2021
04:45 PM
@somesoni2 this works great but this is showing the time field as the last time. But I want the all the times in a list for a row. Reference: https://community.splunk.com/t5/Splunk-Search/Filter-splunk-results-into-a-List/m-p/575185#M200423
... View more
11-16-2021
04:01 PM
I have a Splunk query that parses the msg field, fetches the fields from the result and displays them in a table. PFA Now, the issue is, each field in the row has a unique time, but more than 1 row could have the same fields, except the time as shown in attached file. Can we enhance the query in a way, that if for more than 1 row, the fields are same except time, then we can have just row with those fields, and times can as be added as a list (separated by commas) to that final row. Example, if 2 rows are Value1, time1, Value2, Value3
Value1, time2, Value2, Value3 Then it could be represented as Value1, {time1, time2}, Value 2, Value3 This would reduce the space the 2 (or more than 2) rows take on the Dashboard page. Here is the existing query: index=myIndex "ERROR * ---" "taskExecutor-*"
| rex field=msg "^(?<Time>\S+\s+\S+)\s+\S+\s+(?<Error_Code>\d+)[^\]]+\]\s+(?<Service_Name>\S+)\s+:\s+(?<Error_Message>.+)"
| table Error_Message Error_Code Service_Name Time
| eventstats count as Count by Error_Message Error_Code Service_Name
| sort -Count Any help would be appreciated.
... View more
11-16-2021
03:06 PM
Hey @somesoni2 Currently, I'm getting the results as the attached screenshot! But if I want to don't wanna show multiple rows with same Error_message, as in, just one unique Error_message, and adding the times (of each of those rows with that Error_msg) in a list field separated by comma, like this in a table: Error_msg: "Could not delete file: /-/PCS.P.KSZ4750J.TRIG.FILE - 4: Failure" Count: 4 Service Name: "c.c.p.r.service.RpsSftpService" Error code: 22 Time: "2021-11-16 22:23:54.905, 2021-11-18 22:23:31.511, 2021-11-17 22:23:31.511" Can you please help enhance the query for the same?
... View more
11-16-2021
02:29 PM
This query works index=rac_sd "ERROR * ---" "taskExecutor-*"
| rex field=msg "^(?<Time>\S+\s+\S+)\s+\S+\s+(?<Error_Code>\d+)[^\]]+\]\s+(?<Service_Name>\S+)\s+:\s+(?<Error_Message>.+)"
| table Error_Message Time Error_Code Service_Name
| eventstats count as Count by Error_Message Error_Code Service_Name
| sort -Count Thanks @somesoni2
... View more
11-16-2021
12:53 PM
@somesoni2 I did as suggested. The error is gone but no results are showing up. I ran the base query: index=rac_sd "ERROR * ---" "taskExecutor-*" | table msg And the results show up. But when I'm using your query, no results are showing up.
... View more
11-16-2021
12:14 PM
@somesoni2 I ran the query: index=rac_sd | rex “^(?<Time>\S+\s+\S+)\s+\S+\s+(?<Error_Code>\d+)[^\]]+\]\s+(?<Service_Name>\S+)\:\s+(?<Error_Message>.+)”
| table Error_Message Time Error_Code Service_Name
| eventstats count as Count by Error_Message Error_Code Service_Name Getting the error: Error in 'SearchParser': Missing a search command before '^'. Error at position '76' of search query 'search index=rac_sd | rex “^(?<Time>\S+\s+\S+)\s...{snipped} {errorcontext = Code>\d+)[^\]]+\]\s+(}'.
... View more
11-16-2021
11:32 AM
I have Splunk results in following format: 2021-11-13 01:02:50.127 ERROR 23 --- [ taskExecutor-2] c.c.p.r.service.RedisService : The Redis Cache had no record for key: null Returning empty list.
2021-10-22 21:11:51.996 ERROR 22 --- [ taskExecutor-1] c.c.p.r.service.SftpService : Could not delete file: /-/XYZ.FILE - 4: Failure
2021-10-22 02:05:14.426 ERROR 22 --- [ taskExecutor-1] c.c.p.r.service.SftpService : Could not delete file: /-/XYZ.FILE - 4: Failure I want to create a Visualization in the following format - In the attached screenshot. The **count variable** is based on the "Error Message" only. Since "Could not delete file: /-/XYZ.FILE - 4: Failure" appeared twice, hence the count is set to 2. As the logs grow, and this message occurrence increase, this count should increase too. I tried using erex and substring from Splunk but kinda failed miserably! Any help on how to form the Splunk query for this visualization would be appreciated. Thanks
... View more
01-09-2020
02:19 PM
I want to populate the list of hosts in the multiselect input option in Splunk.
index=someIndexName * host!="notThis*" | stats values(host) as host
I can see the list of hosts getting populated in Splunk. However, they are not getting populated in multiselect list. It says "populating" and nothing shows up.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-11-2022
06:47 PM
|
