×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Patrick91
Engager
Member since: ‎04-14-2015
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎04-14-2015
Activity Feed
View All

Re: Compare and show the difference of two events

by in Splunk Search
‎07-02-2015 02:04 AM
‎07-02-2015 02:04 AM
Ok, so I get the outcome of the search. That's Good 🙂 As a check to see if I understand the search correctly. The events that are part of the field Severity are being matched on all known fields. If the 2 events have the same field present it returns a 1 and when a field is present on one event but not the other event it gets a 0. Right? ... View more

Re: Compare and show the difference of two events

by in Splunk Search
‎07-01-2015 11:59 PM
‎07-01-2015 11:59 PM
It did not seem to work. But I tried it with _raw instead of Severity and it seemed to work. So I guess my field extraction did not work. I tried it by selecting an event and then selecting the Severity but I get this massage: The extraction failed. If you are extracting multiple fields, try removing one or more fields. Start with extractions that are embedded within longer text strings. So I tried it using settings > Fields > new. But i guess the extraction is not working. Any tips on how to get this working for the above Severity? Edit: The field extraction seemed to work with the following: (?i)Severity= (?P"<"Severity">"(?:[^”]+)) ... View more

Compare and show the difference of two events

by in Splunk Search
‎07-01-2015 04:45 AM
‎07-01-2015 04:45 AM
Hello Splunkers, I'm very new to Splunk and I cannot seem to get the data that I want. I want to perform a search that compares 2 events. The events have the same field "Severity". I want the search result showing me what the difference is between the 2 events. If it is possible showing me what lines are different The events are coming form 2 different hosts but in the same index. The events are almost identical but there are some differences. Here is an example of a event: 5593CF4E.0000-13: .cpp,336,"setError") +5593CF4E.0000 Error Type= CTX_MetafileNotfound +5593CF4E.0000 Severity= CTX_Warning +5593CF4E.0000 Native Error Code = 0 +5593CF4E.0000 SQL State= NULL +5593CF4E.0000 Reason Code= 0 +5593CF4E.0000 executing: openMetaFile (5593CF4E.0001-13:khdxbase.cpp,339,"setError") +5593CF4E.0001 ERROR MESSAGE: "Unable to open Metafile * ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All