Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About pawelzak
pawelzak
New Member
Member since:
04-04-2020
06-05-2020
Community Statistics
| Posts | 4 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 04-04-2020 |
Activity Feed
- Posted Problem with parsing JSON from MQTT input on All Apps and Add-ons. 04-10-2020 06:00 AM
- Tagged Problem with parsing JSON from MQTT input on All Apps and Add-ons. 04-10-2020 06:00 AM
- Tagged Problem with parsing JSON from MQTT input on All Apps and Add-ons. 04-10-2020 06:00 AM
- Tagged Problem with parsing JSON from MQTT input on All Apps and Add-ons. 04-10-2020 06:00 AM
- Tagged Problem with parsing JSON from MQTT input on All Apps and Add-ons. 04-10-2020 06:00 AM
- Posted Re: Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below on Splunk Search. 04-07-2020 03:24 AM
- Posted Re: Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below on Splunk Search. 04-04-2020 01:07 PM
- Posted Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below on Splunk Search. 04-04-2020 01:23 AM
- Tagged Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below on Splunk Search. 04-04-2020 01:23 AM
- Tagged Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below on Splunk Search. 04-04-2020 01:23 AM
- Tagged Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below on Splunk Search. 04-04-2020 01:23 AM
- Tagged Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below on Splunk Search. 04-04-2020 01:23 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
04-10-2020
06:00 AM
I'd like to parse and index JSON data which come from MQTT.
Lets say that (for now) it is simple time-value JSON:
{"time": "2020-04-07 16:30:00", "value": 40}
I've installed MQTT Modular Input, cloned default "_json" Source Type and named it "simple_json". Only thing I've changed was setting "Timestamp fields" to "time".
I've added new MQTT Data Input:
Stanza Name: simple_json_mqtt
Activation Key: valid key for trial version
Data Output: STDOUT
Topic Name: simplejson/1
Broker Host: mqtt-broker (name of docker image with Mosquitto broker)
Broker Port: 1883 (no security)
Client ID: simplejsonmqtt
QOS: 1
Set sourcetype: From list
Select source type from list: simple_json
(other fields left blank/default)
Now I'm sending single message (using MQTTBox):
{"time": "2020-04-07 16:30:00", "value": 40}
In splunk/data/var/log/splunk/splunkd.log I can see:
04-07-2020 15:17:07.800 +0000 ERROR JsonLineBreaker - JSON StreamId:14709566222301315061 had parsing error:Unexpected character while looking for value: 'T' - data_source="mqtt://simple_json_mqtt", data_host="splunk", data_sourcetype="simple_json"
Search for sourcetype="simple_json" returns no results
Lets try with empty lines before and after json:
`
{"time": "2020-04-07 16:31:00", "value": 41}
In log:
04-07-2020 15:19:34.655 +0000 ERROR JsonLineBreaker - JSON StreamId:14709566222301315061 had parsing error:Unexpected character while looking for value: 'T' - data_source="mqtt://simple_json_mqtt", data_host="splunk", data_sourcetype="simple_json"`
Search for sourcetype="simple_json" returns:
{"time": "2020-04-07 16:31:00", "value": 41}
Ok, now lets try to send two "events" in one MQTT message (with empty line at the end):
`{"time": "2020-04-07 16:32:00", "value": 42}
{"time": "2020-04-07 16:33:00", "value": 43}
In log:
04-07-2020 15:23:21.951 +0000 ERROR JsonLineBreaker - JSON StreamId:14709566222301315061 had parsing error:Unexpected character while looking for value: 'T' - data_source="mqtt://simple_json_mqtt", data_host="splunk", data_sourcetype="simple_json"`
Search for sourcetype="simple_json" returns:
{"time": "2020-04-07 16:33:00", "value": 43}
{"time": "2020-04-07 16:31:00", "value": 41}
So i guess there is some kind of problem with LINE_BREAKER setting in source type (by default set to: ([\r\n]+))
In the real world scenario, I won't be able to control format of JSON messages put in MQTT topic:
- order of fields
- existence of fields (lets say that "time" and "value" will be always there but also other objects/arrays/simple fields may appear)
- LINE_BREAKER
It is even possible to configure input type / source type to be able to parse "anything"?
... View more
04-07-2020
03:24 AM
This is exactly what I needed!
Thank you very much!
... View more
04-04-2020
01:07 PM
WOW! That was fast! Thank you!
I only corrected value>45 to value>=45 and it is almost what I wanted to get.
In you version duration is started to being calculated since the first value which crossed threshold (increasing direction). For that value I'd like to have 0 and duration should be started to being calculated for next value (of course only if that next value is still equal or above threshold).
Modified example:
Result of your search:
Is this even possible?
... View more
04-04-2020
01:23 AM
I have a log that contains numerical value which is logged irregularly:
I would like to calculate (and show on timechart) total continuous duration when value is equal or above static threshold. But I'd like to reset this calculation when it goes below that threshold.
For threshold == 45 it should like this:
How can I get this? Thanks for your help.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
