Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About JyotiP
JyotiP
Path Finder
Member since:
08-23-2017
07-30-2021
Community Statistics
| Posts | 50 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 3 |
| Member Since | 08-23-2017 |
Activity Feed
- Karma Re: Count the three different value from one response message for Adrian_ftx. 06-05-2020 12:50 AM
- Karma Re: Count the three different value from one response message for jpolvino. 06-05-2020 12:50 AM
- Karma Re: How to select particular path using `where` ? for kamlesh_vaghela. 06-05-2020 12:50 AM
- Karma Re: Regex to remove all the special charater from date and convert it as a string for harsmarvania57. 06-05-2020 12:50 AM
- Got Karma for Re: How to count the number of request hitting server ?. 06-05-2020 12:49 AM
- Got Karma for Re: How to create a graph or table for the following query according to the Status Code ?? Please refer the result below.. 06-05-2020 12:49 AM
- Got Karma for Re: What syntax can I use to run a search that sorts varying runtimes?. 06-05-2020 12:49 AM
- Posted Re: How to select particular path using `where` ? on Splunk Search. 11-05-2019 05:22 AM
- Posted How to select particular path using `where` ? on Splunk Search. 11-05-2019 04:38 AM
- Posted Re: How to change the row value to column value ? on Splunk Search. 10-16-2019 12:15 AM
- Posted How to change the row value to column value ? on Splunk Search. 10-15-2019 11:10 PM
- Posted How to resolve the below issue ? on Splunk Search. 10-15-2019 06:22 AM
- Posted Re: Count the number of api occurrence in 10 second on Splunk Search. 09-27-2019 02:13 AM
- Posted Count the number of api occurrence in 10 second on Splunk Search. 09-27-2019 01:40 AM
- Posted Re: Regex to remove all the special charater from date and convert it as a string on Splunk Dev. 09-23-2019 05:57 AM
- Posted Regex to remove all the special charater from date and convert it as a string on Splunk Dev. 09-23-2019 05:47 AM
- Posted Pass a run time variable in spunk on Dashboards & Visualizations. 09-23-2019 03:55 AM
- Tagged Pass a run time variable in spunk on Dashboards & Visualizations. 09-23-2019 03:55 AM
- Posted Re: Retrive only the key object from the json output on Getting Data In. 09-19-2019 03:47 AM
- Posted Re: Retrive only the key object from the json output on Getting Data In. 09-18-2019 05:57 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-05-2019
05:22 AM
@kamlesh_vaghela only one record from each path is retrieving in both the query, I want all the records
... View more
11-05-2019
04:38 AM
I have the followinf query
sourcetype="server" host=*localqa*
| stats count by Path
| rex field=Path "\/api\/(?<Path>.*)\/(v1|v2|v3)\/(?<Module>.*)"
| streamstats window=2 first(Path) as f_path count as c
| eval Path=case(c=1,Path,Path!=f_path,Path,1=1,"")
| table Path Module count
The output of the above query is
+-------------------------------------------------------------------------------+
|Path | Module |count |
+-------------------------------------------------------------------------------+
|profile | profileTravellroute |212 |
|statements/trialbalance | trialbalance |14 |
|iteneries/breakout | execution |1041 |
| | orderDetails |117 |
|reporting/trans | schemes |712 |
| | fixedIncome |40 |
|reporting | FinalizedReports |161 |
| | PendingReports |8 |
| | reportEntries |14 |
| | closedReport |22 |
| | reportTimes |82 |
| | Reportposition |40 |
| | ReportStates |68 |
+-------------------------------------------------------------------------------+
I want to select records only for reporting
+-------------------------------------------------------------------------------+
|Path | Module |count |
+-------------------------------------------------------------------------------+
|reporting/trans | schemes |712 |
| | fixedIncome |40 |
|reporting | FinalizedReports |161 |
| | PendingReports |8 |
| | reportEntries |14 |
| | closedReport |22 |
| | reportTimes |82 |
| | Reportposition |40 |
| | ReportStates |68 |
+-------------------------------------------------------------------------------+
Tried with
sourcetype="server" host=*localqa*
| stats count by Path
| rex field=Path "\/api\/(?<Path>.*)\/(v1|v2|v3)\/(?<Module>.*)"
| streamstats window=2 first(Path) as f_path count as c
| eval Path=case(c=1,Path,Path!=f_path,Path,1=1,"")
| where Like (Path, 'reporting%')
| table Path Module count
But not working only the following section are coming
+------------------------------------------------------------------------------------------------+
|Path |Module |Count |
+------------------------------------------------------------------------------------------------+
|reporting/trans | schemes |712 |
| fixedIncome |40 |
... View more
- Tags:
- splunk-enterprise
10-16-2019
12:15 AM
@skrajkumar_splunk thanks for sharing the query, I have just modified the positions and it fulfills my requirement,
host=localTest sourcetype="perf" Path "/api/*/" cache="MISS" OR cache="HIT" | chart count over Path by cache
Or
host=localTest sourcetype="perf" Path "/api/*/" cache="MISS" OR cache="HIT" | stats count(eval(cache="MISS")) AS MISS count(eval(cache="HIT")) AS HIT by Path
... View more
10-15-2019
11:10 PM
I have the following query
host=*localTest* sourcetype="perf" Path "/api/*/" cache="MISS" OR cache="HIT"
| stats count by Path,cache
And the output of the above query is
|--------------------------------------------------------------------------|
|Path |cache |count |
|--------------------------------------------------------------------------|
|/api/trigger/v1/firmroute |MISS |251 |
|/api/trigger/v1/route/ |MISS |6 |
|/api/testdata/basket/v1/baskets |HIT |3 |
|/api/testdata/basket/v1/baskets |MISS |6 |
|/api/testdata/reference/v1/CounterPartyAccount |MISS |364 |
|/api/testdata/reference/v1/CounterpartyMasterAccount |MISS |364 |
|/api/testdata/v1/graphql |MISS |4350 |
|/api/testdata/v2/graphql |MISS |1117 |
|/api/infrastructure/statuscloud/v1/status |HIT |6 |
|/api/infrastructure/statuscloud/v1/status |MISS |2 |
|/api/ipa/v1/settings/trading |MISS |14 |
|/api/ipa/v1/settings/trading/ |MISS |2 |
|/api/session/v1/Health |MISS |2872 |
|/api/session/v1/alert |MISS |228 |
|/api/session/v1/health |MISS |2484 |
|/api/session/v1/session |HIT |423003 |
|/api/session/v1/session |MISS |516 |
|--------------------------------------------------------------------------|
But I want my output like
--------------------------------------------------------------------------
Path MISS HIT
--------------------------------------------------------------------------
/api/trigger/v1/firmroute 251
/api/trigger/v1/route/ 6
/api/testdata/basket/v1/baskets 6 3
/api/testdata/reference/v1/CounterPartyAccount 364
/api/testdata/reference/v1/CounterpartyMasterAccount 364
/api/testdata/v1/graphql 4350
/api/testdata/v2/graphql 1117
/api/infrastructure/statuscloud/v1/status 2 6
/api/ipa/v1/settings/trading 14
/api/ipa/v1/settings/trading/ 2
/api/session/v1/Health 2872
/api/session/v1/alert 228
/api/session/v1/health 2484
/api/session/v1/session 516 423003
--------------------------------------------------------------------------
... View more
- Tags:
- splunk-enterprise
10-15-2019
06:22 AM
I have the following query which is giving me all the api which cache value is HIT or MISS.
host=*localTest* sourcetype="perf" Path "/api/*/" cache="MISS" OR cache="HIT" | stats count by Path,cache
and the result of the above script id as follows
/api/prof/v1/rootpath/5922 MISS 1
/api/prof/v1/rootpath/5923 MISS 3
/api/prof/v1/rootpath/5936 MISS 3
/api/analytics/v2/Column MISS 5
/api/analytics/v2/Metadata/Portfolio MISS 34
/api/analytics/v2/Metadata/PositionState MISS 4
/api/analytics/v2/ViewDescriptor MISS 4
/api/benchmarks/ratehistory/v1/activeFinanceBenchmarkIds MISS 5
/api/commissions/voting/v2/Broker MISS 12
/api/reporting/v2/status/events/00917c7c-ae03-4657-965f-0cc2e38410f9 MISS 2
/api/reporting/v2/status/events/02401fb4-522b-4e5b-8d5f-a9bffa7b94fe MISS 2
/api/reporting/v2/status/events/0b29b690-f052-4fc1-baed-c5d1aae53ff5 MISS 2
/api/reporting/v2/status/events/0bc11171-2ce1-4bba-b7fc-0805eb1d4c74 MISS 59
/api/reporting/v2/status/events/0db6e04c-8f82-44fe-96a5-ed96626544d7 MISS 2
/api/reporting/v2/status/events/0dd17dc2-6e35-4ece-88eb-4868996578fc MISS 60
/api/reporting/v2/status/events/123d8971-be15-4e1c-9713-911900156f18 MISS 60
/api/reporting/v2/status/events/1346fe60-ace1-42ec-aa24-d28c7a3b084f MISS 5
/api/reporting/v2/status/events/135e4e87-2325-4d60-9e35-9169f675856b MISS 60
I want to group and add all the which have /api/prof/v1/rootpath/ and /api/reporting/v2/status/events/ to one separate value and rest should be untouched just like below,
/api/prof/v1/rootpath/ MISS 7
/api/analytics/v2/Column MISS 5
/api/analytics/v2/Metadata/Portfolio MISS 34
/api/analytics/v2/Metadata/PositionState MISS 4
/api/analytics/v2/ViewDescriptor MISS 4
/api/benchmarks/ratehistory/v1/activeFinanceBenchmarkIds MISS 5
/api/commissions/voting/v2/Broker MISS 12
/api/reporting/v2/status/events/ MISS 252
... View more
- Tags:
- splunk-enterprise
09-27-2019
02:13 AM
@techiesid this work fine without timechart count span=10s , when I use this no result is coming
... View more
09-27-2019
01:40 AM
I have the following API's, for which I need to count the occurrence of each in every 10 seconds for 1 hour time interval.
/api/login/v1/session
/api/data/v1/graphql
/api/order/v1/orders
/api/order/v1/states
/api/order/orderimporter/v1/importcsv
/api/order/orderimporter/v1/promote
/api/order/orderimporter/v1/stagingOrder
/api/order/v3/graphql
/api/order/desk/v2/quickSend
/api/order/v1/desk/Batch/sync
/api/order/v1/Orders/sync
I tried with
host=*localhost* Path=*** sourcetype=nginx
| where Path in ("/api/platform/v1/session" OR "/api/coredata/v1/graphql" OR "/api/trading/v1/orders")
| table Path
But getting Error in 'where' command: Typechecking failed. 'OR' only takes boolean arguments
Basically I want the count of all the listed api in every 10 seconds for 1-hour interval.
... View more
- Tags:
- in
- splunk-enterprise
09-23-2019
05:47 AM
I have a variable temp = 2019/19/09_04:02:49:344 and I want to remove all the special character from it like 20191909040249344 .
... View more
- Tags:
- splunk-enterprise
09-23-2019
03:55 AM
I have the following query where $eventBreakdownDateTime$ is a selection input which I want to assign it to a variable called temp
AppDomain="AutomationServer"
UserName=*
Token=*
| spath output=Message path=Message
| fieldformat EventDateTime=strftime(_time,"%Y%d%m%H%M%S%3N")
| eval temp = $eventBreakdownDateTime$
| table Message, _time, EventDateTime, SelectedDate, temp
This is giving me an error Error in eval: the expression is malformed
... View more
09-19-2019
03:47 AM
@kamlesh_vaghela nope I want to select only the above-mentioned value in a table.
... View more
09-18-2019
05:57 AM
@kamlesh_vaghela I have updated the JSON
... View more
09-18-2019
05:55 AM
Tried, but not working
... View more
09-18-2019
05:27 AM
@kamlesh_vaghela the JSON output is too big, I only want to select the Kep value and put them in the table,
addNewOrder,login,navigateReport,navigateOrder,openNewOrder,openUrl
... View more
09-18-2019
05:15 AM
I have the following output and I want to extract only the key value of the JSON and those are addNewOrder,navigateReport etc in a table.
Details: {
addNewOrder: {
dur: 7706ms
end: Wed Sep 18 2019 14:38:48 GMT+0530 (India Standard Time)
navigationAPIData: {
connectEnd: 1568797694032
connectStart: 1568797694032
domComplete: 1568797694775
domContentLoadedEventEnd: 1568797694542
domContentLoadedEventStart: 1568797694542
domInteractive: 1568797694542
domLoading: 1568797694255
domainLookupEnd: 1568797694032
domainLookupStart: 1568797694032
fetchStart: 1568797694032
}
start: Wed Sep 18 2019 14:38:40 GMT+0530 (India Standard Time)
}
login: {
dur: 7046ms
end: Wed Sep 18 2019 14:38:17 GMT+0530 (India Standard Time)
navigationAPIData: {
connectEnd: 1568797694032
connectStart: 1568797694032
domComplete: 1568797694775
domContentLoadedEventEnd: 1568797694542
domContentLoadedEventStart: 1568797694542
domInteractive: 1568797694542
domLoading: 1568797694255
domainLookupEnd: 1568797694032
domainLookupStart: 1568797694032
fetchStart: 1568797694032
}
}
navigateReport: {
dur: 2804ms
end: Wed Sep 18 2019 14:38:28 GMT+0530 (India Standard Time)
}
navigateOrder: {
dur: 1804ms
end: Wed Sep 18 2019 14:38:23 GMT+0530 (India Standard Time)
}
openNewOrder: {
dur: 1700ms
end: Wed Sep 18 2019 14:38:33 GMT+0530 (India Standard Time)
}
openUrl: {
dur: 3011ms
end: Wed Sep 18 2019 14:38:00 GMT+0530 (India Standard Time)
}
}
... View more
09-16-2019
08:42 AM
Getting the below error,
Error in 'rex' command: Encountered the following error while compiling the regex '\/api\/(?\w+)\/(?\w+)\/(?\w+)': Regex: unrecognized character after (? or (?-
... View more
09-16-2019
08:14 AM
@wanip_fossil I guess something wrong with the regex. I am getting an error in the regex.
... View more
09-16-2019
03:42 AM
@kamlesh_vaghela yeah this work. What does this streamstats do?
... View more
09-16-2019
03:18 AM
I have the following search:
sourcetype="placingOrder" Code=504 host="localhost*" | stats count by Path
The output is:
Path count
/api/fetchReport/v2/report1 2
/api/fetchReport/v2/report2 8
/api/fetchReport/v2/report3 3
/api/fetchReport/v2/report4 10
/api/Order/v2/OrdrePlaced 9
/api/Order/v3/OrdreNotPlaced 1
I want the output should be:
Path Module count
fetchReport report1 2
report2 8
report3 3
report4 10
Order OrdrePlaced 9
OrdreNotPlaced 1
... View more
09-05-2019
12:20 AM
@Sukisen1981: But for ProductionTenant5 I am getting count is 40 and this is total order placed by the customer in the last 7 days, according to the math is should be 40/7 which is ~5.7
... View more
09-04-2019
11:33 PM
I am fetching production data like the number of completed for the last 7 days for different procustion customer and I want to find the average order per production customer per day, I have used the following query but it is giving me the blank value in the average column
Level = "INFO" PartnerToken IN ("ProductionTenant1","ProductionTenant2","ProductionTenant3","ProductionTenant4","ProductionTenant5","ProductionTenant6")
OperationName="Complete Order"
| dedup OperationId
| stats avg(count) as count by PartnerToken
... View more
- Tags:
- splunk-enterprise
08-27-2019
08:05 AM
thank you so much for the clarification, @jpolvino and so as well @Adrian_ftx
... View more
08-26-2019
10:06 PM
@jpolvino the message contains 3k records, is it feasible to put it all int the eval function or only eval=Message ?
... View more
08-26-2019
06:54 AM
I have the following response :
Message=Login failed for user 'testuser_FSQ5'. Reason: Failed to open the explicitly specified database 't_01_FSQ5'. [CLIENT: 197.168.3.44]
Message=Login failed for user 'testuser_FSQ6'. Reason: Failed to open the explicitly specified database 't_01_FSQ5'. [CLIENT: 197.168.3.44]
Message=Login failed for user 'testuser_FSQ7'. Reason: Failed to open the explicitly specified database 't_01_FSQ5'. [CLIENT: 197.168.3.45]
Message=Login failed for user 'testuser_FSQ5'. Reason: Failed to open the explicitly specified database 't_01_FSQ6'. [CLIENT: 197.168.3.44]
Message=Login failed for user 'testuser_FSQ5'. Reason: Failed to open the explicitly specified database 't_01_FSQ6'. [CLIENT: 197.168.3.44]
Message=Login failed for user 'testuser_FSQ4'. Reason: Failed to open the explicitly specified database 't_01_FSQ7'. [CLIENT: 197.168.3.49]
Message=Login failed for user 'testuser_FSQ4'. Reason: Failed to open the explicitly specified database 't_01_FSQ7'. [CLIENT: 197.168.3.49]
like this I have 3K records, I want to count the number of user like and the corresponding count of database like and the corresponding client.
So my expected output should be like the following:
UserName DatabaseName ClientName Count Reason
testuser_FSQ5 t_01_FSQ5 197.168.3.44 1 Failed to open the explicitly specified database
testuser_FSQ6 t_01_FSQ5 197.168.3.44 1 Failed to open the explicitly specified database
testuser_FSQ7 t_01_FSQ5 197.168.3.45 1 Failed to open the explicitly specified database
testuser_FSQ5 t_01_FSQ6 197.168.3.44 2 Failed to open the explicitly specified database
testuser_FSQ4 t_01_FSQ7 197.168.3.49 2 Failed to open the explicitly specified database
could someone help me with this ?
... View more
07-24-2019
01:22 AM
@vnravikumar I want to include also the newCoverage into the table. And I am using .+\"newCoverage\":\"(?P[^\"]+. I am able to retrieve the result but when the value for
newCoverage is null/blank it is not retrieving anything. What shall I do?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-30-2021
06:52 AM
|
