Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About manibattula
manibattula
New Member
Member since:
03-10-2020
06-05-2020
Community Statistics
| Posts | 15 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 03-10-2020 |
Activity Feed
- Posted Re: filtering in search also that filter value display one of the filed of stats or table column on Splunk Search. 04-29-2020 11:52 PM
- Posted Re: filtering in search also that filter value display one of the filed of stats or table column on Splunk Search. 04-29-2020 10:16 PM
- Posted Re: filtering in search also that filter value display one of the filed of stats or table column on Splunk Search. 04-29-2020 09:53 PM
- Posted Re: Time slicing issue on Splunk Enterprise. 04-29-2020 09:45 AM
- Posted Re: Time slicing issue on Splunk Enterprise. 04-29-2020 09:29 AM
- Posted Re: Time slicing issue on Splunk Enterprise. 04-29-2020 08:39 AM
- Posted Time slicing issue on Splunk Enterprise. 04-29-2020 07:28 AM
- Tagged Time slicing issue on Splunk Enterprise. 04-29-2020 07:28 AM
- Tagged Time slicing issue on Splunk Enterprise. 04-29-2020 07:28 AM
- Posted Re: filtering in search also that filter value display one of the filed of stats or table column on Splunk Search. 04-29-2020 04:30 AM
- Posted Re: filtering in search also that filter value display one of the filed of stats or table column on Splunk Search. 04-29-2020 04:10 AM
- Posted Re: filtering in search also that filter value display one of the filed of stats or table column on Splunk Search. 04-29-2020 04:05 AM
- Posted Re: filtering in search also that filter value display one of the filed of stats or table column on Splunk Search. 04-29-2020 03:58 AM
- Posted filtering in search also that filter value display one of the filed of stats or table column on Splunk Search. 04-28-2020 10:50 PM
- Tagged filtering in search also that filter value display one of the filed of stats or table column on Splunk Search. 04-28-2020 10:50 PM
- Posted How to set option of numberprecision value based on the query result into the dashboard? on Knowledge Management. 03-10-2020 02:37 AM
- Tagged How to set option of numberprecision value based on the query result into the dashboard? on Knowledge Management. 03-10-2020 02:37 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
04-29-2020
11:52 PM
let me explain clearly
index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC_DD" host="emr-prod-distributor" osm_zone_id*
|spath output=osm_zone_id path=dimensions{2}.value
|bin span=10m _time
|stats count by _time,osm_zone_id
| eval ds_count = if(count >= 1,"0","1")
| eval time=strftime(_time,"%F %T")
| table osm_zone_id,time,ds_count
Result:-
Osm_zone_id _time ds_count
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 21:20:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:00:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:20:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:40:00 0
expected result should be
Osm_zone_id _time ds_count
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 21:20:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:00:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:10:00 1
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:20:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:40:00 0
Which are empty osm_zone_id also I want that time bucket
I am trying with cross join also
s | bin _time span=1h | fields _time | join max=0 [search index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC_DD" host="emr-prod-distributor" | spath output=osm_zone_id path=dimensions{2}.value | dedup osm_zone_id | fields osm_zone_id] | table _time, osm_zone_id
Here, _time and osm_zone_id should be null ,even there is no osm_zone_id I want to make that count is 0
Please verify.
... View more
04-29-2020
10:16 PM
Thanks for immediate response
let me explain clearly
index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC_DD" host="emr-prod-distributor" osm_zone_id*
|spath output=osm_zone_id path=dimensions{2}.value
|bin span=10m _time
|stats count by _time,osm_zone_id
| eval ds_count = if(count >= 1,"0","1")
| eval time=strftime(_time,"%F %T")
| table osm_zone_id,time,ds_count
Result:-
Osm_zone_id _time ds_count
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 21:20:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:00:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:20:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:40:00 0
expected result should be
Osm_zone_id _time ds_count
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 21:20:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:00:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:10:00 1
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:20:00 0
00af8f04-88fc-4dc0-b338-42d2e7e9c163 2020-04-29 22:40:00 0
Which are empty osm_zone_id also I want that time bucket
I am trying with cross join also
s | bin _time span=1h | fields _time | join max=0 [search index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC_DD" host="emr-prod-distributor" | spath output=osm_zone_id path=dimensions{2}.value | dedup osm_zone_id | fields osm_zone_id] | table _time, osm_zone_id
Here, _time and osm_zone_id should be null ,even there is no osm_zone_id I want to make that count is 0
Please verify.
... View more
04-29-2020
09:53 PM
So here I am only getting each 10 minutes span which are having osm_zone_id > 0 , but I need
osm_zone_id = 0 results too.
The query only gives osm_zone_id is more than zero records,I want to include osm_zone_id equal to zero results too
... View more
04-29-2020
09:45 AM
I need the time slicing here like
I want to see four event for span=1h in the last four hours filter .
Something like below
| bin _time span=1h | fields _time
result should be
_time
2020-04-29 10:00
2020-04-29 9:00
2020-04-29 8:00
2020-04-29 7:00
I want to get all the time span irrespective of count have null also,so I am trying to apply cross join using below "join max =0" once I got proper Time slicing
| makeresults | bin _time span=1h | fields _time | join max=0 [search index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC_DD" host="emr-prod-distributor" | spath output=osm_zone_id path=dimensions{2}.value | dedup osm_zone_id | fields osm_zone_id] | table _time, osm_zone_id
Kindly help us.
... View more
04-29-2020
09:29 AM
I need the time slicing here like
I want to see four event for span=1h in the last four hours filter .
Something like below
| bin _time span=1h | fields _time
result should be
_time
2020-04-29 10:00
2020-04-29 9:00
2020-04-29 8:00
2020-04-29 7:00
I want to get all the time span irrespective of count have null also,so I am trying to apply cross join using below "join max =0" once I got proper Time slicing
| makeresults | bin _time span=1h | fields _time | join max=0 [search index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC_DD" host="emr-prod-distributor" | spath output=osm_zone_id path=dimensions{2}.value | dedup osm_zone_id | fields osm_zone_id] | table _time, osm_zone_id
Kindly help us.
... View more
04-29-2020
08:39 AM
Can you please let us know how to handle the above query getting each event with respect to span limit
... View more
04-29-2020
07:28 AM
I have below query and it should gives result of time filter of last four hours (or) last 24 hours.
|makeresults |bucket _time span=1h|stats count by _time
But it giving only latest hour instead of 4 records for last four hours filter (or) 24 records for last 24 hours filter.
Kindly help us.
... View more
Labels
- Labels:
-
configuration
04-29-2020
04:30 AM
One more question,
index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC_DD" host="emr-prod-distributor" osm_zone_id=*
| bin span=10m _time
| stats count by _time osm_zone_id
| eval ds_count = if(count >= 1,"0","1")
| eval time=strftime(_time,"%F %T")
| table osm_zone_id,time,ds_count
So here I am only getting each 10 minutes span which are having osm_zone_id > 0,I want include which are having zero also,is that possible?
... View more
04-29-2020
04:10 AM
Hello to4kawa,
It is working thanks much.
... View more
04-29-2020
04:05 AM
Sorry,Not clear with above statment.
kindly rewrite the entire query again.
... View more
04-29-2020
03:58 AM
I think the above is failing at stats statement
index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC_DD" host="emr-prod-distributor" osm_zone_id=*
| bin span=10m _time
| stats count by _time osm_zone_id
Here there are multiple osm_zone_id's will be appeared in single event timestamp.
Kindly suggest
... View more
04-28-2020
10:50 PM
I have query like below
index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC_DD" host="emr-prod-distributor" osm_zone_id |timechart span=10m count | eval ds_count = if(count >= "1","0","1") |timechart span=10m values(ds_count)
In that "osm_zone_id " is filter ,I want that osm_zone_id is one of the field of search ,something like below.
index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC_DD" host="emr-prod-distributor" osm_zone_id |timechart span=10m count | eval ds_count = if(count >= "1","0","1") |timechart span=10m values(ds_count)| table osm_zone_id,time,ds_count
Kindly suggest us.
... View more
- Tags:
- splunk-enterprise
03-10-2020
02:37 AM
While developing the splunk dash board,I should display result number up to 3 decimal point if those are having values(other thanszero) after dot .
example,if I have 2 querires, 1 case result 99.789 and 2 case having result has 99.000 in this case is should disply 1 case 99.789 but for the second case it displaying 99.000 instead of 99.
I have tried some condition like below.
global declaration for input
<set token="precisionVal">0.000</set>
condition in side the search
<set token="overall_pctg">$result.total_pctg$</set>
</condition>
<condition match=" '$overall_pctg$' == 100">
<set token="precisionVal">0</set>
</condition>
and apply the token in input field like below
$precisionVal$
but still I am getting as 0.[0-9][0-9][0-9]
... View more
- Tags:
- splunk-enterprise
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
