Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About nikitha15
nikitha15
Explorer
Member since:
05-28-2020
09-13-2021
Community Statistics
| Posts | 14 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 05-28-2020 |
Activity Feed
- Posted Add manual input through text box into a new column in a table splunk on Splunk Search. 09-13-2021 01:14 AM
- Tagged Add manual input through text box into a new column in a table splunk on Splunk Search. 09-13-2021 01:14 AM
- Posted Add manual input through text box into a new column in a table in splunk on Splunk Search. 09-08-2021 12:47 AM
- Posted Re: Find the count of a specific field value in json array of objects. on Splunk Search. 07-09-2021 12:15 AM
- Posted Find the count of a specific field value in json array of objects. on Splunk Search. 07-07-2021 10:55 AM
- Tagged Find the count of a specific field value in json array of objects. on Splunk Search. 07-07-2021 10:55 AM
- Posted compare two fields in json data and display data in the third field for the matched data on Splunk Search. 03-15-2021 01:48 AM
- Posted Event annotation for the min and max value of a field on Splunk Enterprise. 06-18-2020 04:54 AM
- Karma Re: How to get a column chart to show count between two dates?? for to4kawa. 06-16-2020 12:25 AM
- Karma Re: How to get a column chart to show count between two dates?? for to4kawa. 06-16-2020 12:24 AM
- Posted How to overlay line chart on a timerange column chart?? on Splunk Search. 06-16-2020 12:23 AM
- Posted Re: How to get a column chart to show count between two dates?? on Splunk Search. 06-15-2020 06:52 AM
- Posted Re: How to get a column chart to show count between two dates?? on Splunk Search. 06-15-2020 04:37 AM
- Posted How to get a column chart to show count between two dates?? on Splunk Search. 06-15-2020 03:20 AM
- Posted Re: How do i find common values between two different fields from two different sourcetypes??? on Splunk Search. 05-29-2020 02:42 AM
- Posted How do i find common values between two different fields from two different sourcetypes??? on Splunk Search. 05-29-2020 02:19 AM
- Tagged How do i find common values between two different fields from two different sourcetypes??? on Splunk Search. 05-29-2020 02:19 AM
- Tagged How do i find common values between two different fields from two different sourcetypes??? on Splunk Search. 05-29-2020 02:19 AM
- Posted How to change _time to the time when i uploaded the data into splunk??? on Getting Data In. 05-28-2020 08:26 AM
- Tagged How to change _time to the time when i uploaded the data into splunk??? on Getting Data In. 05-28-2020 08:26 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
09-13-2021
01:14 AM
Hi , I want to add a text box in a dashboard panel and the manual input value of that textbox should be added to a new column in an already existing table. I understand that this can be done by lookup to save the values but i am not sure how to go ahead with it. This is the data format of the table i have with sample data(the original data i have is confidential). EMAIL NAME IP ID(new column) nish123@gmail.com Nishanth 10.10.10.0 abc098@gmail.com ABC 224.0.0.0 amit187@gmail.com Amit Sharma 63.125.0.0 I want to add a text box to this panel whose values should be inputted into ID column based on the unique value of EMAIL. and i want to save this table with the new values of ID. How can this be done?? Any help would be appreciated.thanks
... View more
- Tags:
- splunk
09-08-2021
12:47 AM
Hi , I want to add a text box in a dashboard panel and the manual input value of that textbox should be added to a new column in an already existing table. I understand that this can be done by lookup to save the values but i am not sure how to go ahead with it. This is the data format of the table i have with sample data(the original data i have is confidential). EMAIL NAME IP ID(new column) nish123@gmail.com Nishanth 10.10.10.0 abc098@gmail.com ABC 224.0.0.0 amit187@gmail.com Amit Sharma 63.125.0.0 I want to add a text box to this panel whose values should be inputted into ID column based on the unique value of EMAIL. and i want to save this table with the new values of ID. How can this be done?? Any help would be appreciated.thanks
... View more
07-09-2021
12:15 AM
Thanks a ton. This worked.
... View more
07-07-2021
10:55 AM
Hi i have a json data which i am working on and i used fieldsummary to get data similar to below image. sample example: suppose i have my result like this I want to get count of value "Denver" in the field values from the above image. I tried spath but it's not working. output should be like: value Count
Denver 1 Any help is appreciated. thanks.
... View more
- Tags:
- splunk
03-15-2021
01:48 AM
Hi all, I have only started working on splunk recently and i am stuck at one query. So, I have JSON data like below: catDevices: [ {
model: A1_1234
Name: ZASNJHCDNA
}
{
model: A1_5678
Name: JNDIHUEDHNJ
}]
Devices : [
JNDIHUEDHNJ
NVBBVUYVBHI
] I want to compare "Devices" with caDevices{}.Name and if it matches i want to display Devices and model list. I tried this query index=main sourcetype=device |rename Devices{} as success | mvexpand success |dedup success |rename catDevices{}. model as Model ,rename catDevices{}.Name as device_name |eval zip = mvzip(Model, device_name) |fields - _raw |mvexpand zip | rex field = zip "(?<MODEL>.*),(?<DEVICE>.*)" | fields - zip | eval Status = if(match(MODEL,"A1*"), if(success == DEVICE, success, "NO MATCH"), "NO MATCH") | table success, MODEL, Status | where Status != "NO MATCH" | stats count(success) It worked but as the data increases , due to mvexpand threshold the result is not accurate. Can you please tell me how i can correct my query or if you can provide a different solution for my question, any help would be appreciated. thanks in advance.
... View more
Labels
- Labels:
-
rex
06-18-2020
04:54 AM
Hey everyone. I have never tried creating event annotation before so i am not able to grasp it properly. I want to show a line for both min and max values of a date field. For ex. Dates. Target 6/09/2020. X 6/10/2020. X . . . . 6/23/2020. X So the min and max values i.e 6/09/2020 and 6/23/2020 of dates field should be shown as lines (event annotation) . For now the dates in between shouldn't display but later i should be able to add data for any dates and it should show as line or area chart. And the event annotation should display target x and the date when we hover on that. All the examples i have seen of annotations are using timecharts . I want something like the mock image below. Any help would be great.Thanks.
... View more
- Tags:
- annotation
Labels
- Labels:
-
using Splunk Enterprise
06-16-2020
12:23 AM
Hey everyone. I am a newbie to splunk and i am stuck at this problem. So i have a column chart which shows data for a time range between two dates ex. 6/9/2020-6/23/2020 like in the pic below. So the query i used for this is Index=main sourcetype = timeline | eval dates= beginning_date."-".ending_date | stats count by dates, target | xyseries dates target count So now what i want is...if i append another search to this which contains data on 6/15/2020, It is treating 6/15/2020 as a seperate date. Like this In the above image i want the line chart on date 2020-06-15 to go on to top of the column chart as that date lies in between 2020-06-09 - 2020-06-23(changed format of time).i want to overlay line chart on top of column chart. Here these are the fields i used beginning date. Ending date 6/9/2020. 6/23/2020 And i want to create the query with these fields and not _time. Any help is appreciated and if there is anything u didn't understand in my question plz let me know. Thanks a lot.
... View more
Labels
- Labels:
-
other
06-15-2020
06:52 AM
Hi...ya this is working but one thing. Does this only work for _time , bcoz i have dates in a seperate field that i have created and if i give that field name it's not working. Or is it bcoz, i created that field so the dates are in a string format and not date format???can u plz help me with this
... View more
06-15-2020
04:37 AM
Hi...i dnt think that is the way i want it to show. I have updated my question and added a pic ...plz check.
... View more
06-15-2020
03:20 AM
Hi everyone, hope u r all doing good.
So i have a query i am not able to figure out.I need to show a visualisation of column chart which shows each bar containing data between two dates. I'll explain it clearly.
As u can see in the picture i attached...it shows a timeline visualisation and data between two dates 6/9/2020-6/23/2020.
In the exact same way i want to show on a column chart. So that later if i add any data between those dates for ex. On 6/15/2020 and 6/16/2020 etc....and if i overlay it , it should show me a line chart on that column chart.I hope i am clear if not plz tell me.
So the query that I used for that timeline graph is:
Index= main sourcetype= timeline | rename "beginning_date" as start_date | rename "ending_date" as end_date | eval _time= strptime(start_date, "%m/%d/%Y") | eval end_time= strptime(end_date, "%m/%d/%Y") | eval duration = (end_time - _time) * 1000 | eval duration = IF(duration < 86400000, 0, duration) | stats count by _time, duration, "target" | table _time "target" duration
so most of this query is from the timeline gallery example dashboard in Splunk. I don't think duration work with a column chart to show 6/9/2020-6/23/2020 format like this.
I have two fields
Beginning_date. Ending_date
6/9/2020. 6/23/2020
Like this and I need to show something like the below pic:
It would be really helpful if anyone could help me with this. Thanks.
... View more
Labels
- Labels:
-
other
05-29-2020
02:42 AM
I am still getting 34k as result .i need 40k. But thanks a lot , i learned a new approach.
... View more
05-29-2020
02:19 AM
Hi all, so the question looks pretty simple but i am not able to figure out the accurate answer. So i need to find the count of common values between two different fields from two different sourcetypes .
I have an index=main and two sourcetypes sourcetype1 and sourcetype2. These two sourcetypes each have a hostname field and i need to find the common values between the two hostname fields.
The query i used is this:
Index=main sourcetype=sourcetype1 | dedup hostname | table hostname | append [ search index=main sourcetype= sourcetype2 | dedup hostname | table hostname ] |table hostname | stats count by hostname | where count >1
The problem is the values in hostname field in sourcetype1 are almost 75k and values in hostname field in sourcetype2 are almost 90k. And i am getting a result of 22k by using that query. But the actual count of common values is almost 40k . So I don't understand where i am gng wrong. Can anyone plz tell me if my query is right or if there is any other approach to this i can use?? Thanks a lot.
... View more
Labels
- Labels:
-
fields
05-28-2020
08:26 AM
Hi, i am new to splunk so i am having a little bit of problem understanding the timestamp concept. So with the data that i am working the _time column has taken the date and time from event data. But i want the _time column to display date and time when i uploaded that data in splunk for indexing.
So basically if this is the format:
(Time ) Events
(11/13/2019.2:30:20 ) 11-13-2019 14:30:20
So this is how the time is being taken from the event but i want it to change to the date 24th april, 2020 (04/24/2020) on which i uploaded the data .
How can i do this?? Plz help me.
... View more
- Tags:
- splunk-enterprise
