Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About rchams
rchams
Explorer
Member since:
01-18-2020
09-14-2020
Community Statistics
| Posts | 10 |
| Solutions | 1 |
| Karma Given | 5 |
| Karma Received | 0 |
| Member Since | 01-18-2020 |
Activity Feed
- Karma Re: Files not show in the Results will need be show in the results with Status=pending for richgalloway. 09-14-2020 01:45 PM
- Posted Re: Files not show in the Results will need be show in the results with Status=pending on Splunk Search. 09-14-2020 06:05 AM
- Posted Re: Files not show in the Results will need be show in the results with Status=pending on Splunk Search. 09-11-2020 01:53 PM
- Posted Files not show in the Results will need be show in the results with Status=pending on Splunk Search. 09-11-2020 11:00 AM
- Posted Re: How to apply color based on the field on Dashboards & Visualizations. 08-24-2020 10:50 AM
- Posted Re: How to apply color based on the field on Dashboards & Visualizations. 08-24-2020 09:47 AM
- Posted How to apply color based on the field on Dashboards & Visualizations. 08-24-2020 08:47 AM
- Posted Re: How to compare two time same time frames with different day's. on Splunk Search. 06-16-2020 07:06 PM
- Posted Re: How to compare two time same time frames with different day's. on Splunk Search. 06-15-2020 07:02 AM
- Posted Re: How to compare two time same time frames with different day's. on Splunk Search. 06-12-2020 01:19 PM
- Posted How to compare two time same time frames with different day's. on Splunk Search. 06-12-2020 10:51 AM
- Karma Re: How to report a peak count per day based on a per minute count? for allanw_splunk. 06-05-2020 12:47 AM
- Karma Re: couldn't send SIGTERM to pid 5632: Operation not permitted for adityapavan18. 06-05-2020 12:46 AM
- Karma Re: couldn't send SIGTERM to pid 5632: Operation not permitted for edavson. 06-05-2020 12:46 AM
- Karma Re: How do I find all duplicate events? for Lowell. 06-05-2020 12:45 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
09-14-2020
06:05 AM
@richgalloway The fillnull command changing null values to zero but i'm looking for different results. If one of the file is missing in my results, the missing file show as with Status=Pending in the results. For example: the result i'm seeing is: filename status filename1 Transferred filename3 Transferred In the result filename2 is no results looking for result like below, if the filename2 has no results it should be show as Pending Results looking like: filename status filename1 Transferred filename2 Pending filename3 Transferred
... View more
09-11-2020
01:53 PM
@richgalloway Thanks for the response but the link is not useful for my request.
... View more
09-11-2020
11:00 AM
index=XXXX sourcetype=XXXX ("filename1" OR "filename2" OR filename3) | rex "(?<status>passed) request\=\[\/\w+\/(?<to_DST_Filename>.*.txt)\.\w+\." | rex "(?<status>orig) request\=\[(?<to_DST_Filename1>.*.txt)\.\w+\." | eval to_DST_Filename = coalesce(to_DST_Filename,to_DST_Filename1) | fields _time to_DST_Filename | eval Staus_1 = if(substr(to_DST_Filename,3,4)="hold","Duplicate","Transferred") | eval Status1 = if(like(to_DST_Filename,"%dup%"),"Duplicate","Transferred") | eval Status = coalesce(Status_1,Status1) | fields _time to_DST_Filename Status | table _time to_DST_Filename Status | rename _time as "Time_Sent_by_SI" | convert ctime(Time_Sent_by_SI) | dedup to_DST_Filename | search to_DST_Filename!="" AND Status=Transferred In the above search the three files "filename1" OR "filename2" OR "filename3" will not always have results. I'm looking for the results like, if any file is not shown in the results, result will be show with file name and status=pending. Looking for Results like below: Filename Status filename1 Transferred filename2 Transferred filename3 Pending
... View more
Labels
- Labels:
-
other
08-24-2020
10:50 AM
| eval range = case(esb_http_status_code like "40%" AND http_count>0, "elevated", esb_http_status_code like "50%" AND http_count>0, "high", 1=1, "low") this one worked
... View more
08-24-2020
09:47 AM
Hi gcusello, @gcusello The range logic is not working for colors. I'm looking for colors based on the field value. httpResponsecode count 200 5 500 6 The range is applying for count not the httpResponsecode. I'm looking for the result like, if httpResponsecode is 200 the count of the 200 shows in green.
... View more
08-24-2020
08:47 AM
Please help to find out the way to apply color based on field.
my query:
index=<> sourcetype=<>
|timechart count(httpResponsecode) as httpcount by httpResponsecode
Required solution:
Color is not based on count, color is based on field value
if httpResponsecode = 200-299 the count of the httpResponsecode shows in GREEN
httpResponsecode = 300-399 the count of the httpResponsecode shows in GREEN
httpResponsecode = 400-499 the count of the httpResponsecode shows in YELLOW
httpResponsecode = 500-599 the count of the httpResponsecode shows in RED
Note: I'm not looking for trendline and sparkline as well. I just need total count of each httpResponsecode but the count value shown in different color based on the httpResponsecode value.
... View more
- Tags:
- color
06-16-2020
07:06 PM
@to4kawa I want to compare the average response time value in 1 hr for span=15 mins to same 1 hr time in yesterday (like 4 aggregate values). example i want to compare the average response time for the period 06/15/2020 3 PM to 4 PM with 06/16/2020 3 PM to 4 PM . Only 4 aggregate comparison values should be appear as my results. average value comparison Looking for results like below timeframe today-value yesterday-value 15.15.00 00000 00000 15.30.00 44444 44444 15.45.00 11111 11111 16.00.00 22222 22222
... View more
06-15-2020
07:02 AM
@to4kawa @Hi Thanks for the query. It's comparing total day, i'm looking for specific time frame today with yesterday. The query which you provided gives the today all day time frame comparison with yesterday all day comparison, if i'm looking 1 hr window for today need to compare with same 1 hr time frame yesterday only. Only those results needs to be displayed.
... View more
06-12-2020
01:19 PM
If i use timewrap it gives the total day average like yesterday total average comparing with today time frame(example like last 60mins). I'm looking for the search to compare the average value in the same time frame like 1 pm to 1.30 pm today with 1 pm to 1.30 pm yesterday. my search is : index=XXXX sourcetype=XXXXX esb_service="XXXXXX" esb_environment=prod esb_event=esbRespBE | eval esb_backend_time=round(esb_backend_time/1000,2) | bin _time span=15m | stats max(esb_backend_time) as response_time by esb_service,_time | eval response_time = round(response_time,2)
... View more
06-12-2020
10:51 AM
How to compare the average value of the field in two different time frames i.e same time today with same time yesterday. Compare the today time frame with yesterday's time frame.
... View more
Labels
- Labels:
-
subsearch
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-14-2020
06:10 PM
|
Karma given to
