Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About ektasardana
ektasardana
Explorer
Member since:
10-12-2017
06-05-2020
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 10-12-2017 |
Activity Feed
- Got Karma for Multiple base searches in one search. 06-05-2020 12:49 AM
- Posted Re: Multiple base searches in one search on Dashboards & Visualizations. 11-07-2017 12:28 PM
- Posted Multiple base searches in one search on Dashboards & Visualizations. 11-07-2017 10:16 AM
- Tagged Multiple base searches in one search on Dashboards & Visualizations. 11-07-2017 10:16 AM
- Tagged Multiple base searches in one search on Dashboards & Visualizations. 11-07-2017 10:16 AM
- Tagged Multiple base searches in one search on Dashboards & Visualizations. 11-07-2017 10:16 AM
- Posted Re: Use multiple stats and display all results on one chart on Dashboards & Visualizations. 11-07-2017 09:32 AM
- Posted Use multiple stats and display all results on one chart on Dashboards & Visualizations. 11-06-2017 10:59 PM
- Tagged Use multiple stats and display all results on one chart on Dashboards & Visualizations. 11-06-2017 10:59 PM
- Posted Re: Matching two expressions to one field on Splunk Search. 10-13-2017 04:16 PM
- Posted Re: Matching two expressions to one field on Splunk Search. 10-13-2017 02:12 PM
- Posted Re: Rows with same column value should be colored with same color on Dashboards & Visualizations. 10-13-2017 10:15 AM
- Posted Rows with same column value should be colored with same color on Dashboards & Visualizations. 10-12-2017 05:43 PM
- Tagged Rows with same column value should be colored with same color on Dashboards & Visualizations. 10-12-2017 05:43 PM
- Tagged Rows with same column value should be colored with same color on Dashboards & Visualizations. 10-12-2017 05:43 PM
- Tagged Rows with same column value should be colored with same color on Dashboards & Visualizations. 10-12-2017 05:43 PM
- Tagged Rows with same column value should be colored with same color on Dashboards & Visualizations. 10-12-2017 05:43 PM
- Tagged Rows with same column value should be colored with same color on Dashboards & Visualizations. 10-12-2017 05:43 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 |
11-07-2017
12:28 PM
I have separate searches which all use a base search and calculate event duration.
Example: Base_search -> quite complex
search1 uses base_search results and output action1 duration
search2 uses base_search results and output action2 duration
search3 uses base_search results and output action3 duration
Now I want to display on a bar chart the durations with action on x axis and time on y axis.
PS: there is no easy way to combine all the results in one search, thats why I create separate searches
... View more
11-07-2017
10:16 AM
1 Karma
I have three base searches in my dashboard
<query>....</query>
<query>...</query>
<query>...</query>
I need to show the results of each these queries in a single table, so I thought I can use multiple base searches, something like this
<query>...</query>
Is there a way the above can be achieved?
Thanks!!
... View more
11-07-2017
09:32 AM
I am using eval eventA_send_time = if(action = "event A send",_time,null()) to obtain time for each event send and receive. Same goes for others.
Also not sure how this "| eval sessionId = eventType.sessionId" will work since sessionId is not a single column. I have three different columns for ids.
... View more
11-06-2017
10:59 PM
I have a base search query which is quite complicated and I want to use that to calculate multiple stats and display all of them on a single chart. I am having a hard time to solve this problem in Splunk. When searched, found multiple options to do it but nothing really works.
1. Use append and sub search - need the output from base search. not a neat way to copy the big and complicated search again and again
2. Cannot just refer to base search again in sub searches
High level overview of the problem I am trying to solve:
base search returns
Time --- #Action --------- #id1 ---------- #id2 ------------- #id3
_time, event A send, sessionAid
_time, event B send, -------------- sessionBid
_time, event A recv, sessionAid
_time, event B recv, --------------- sessionBid
_time, event C send, ---------------------------------- sessionCid
_time, event C recv, ---------------------------------- sessionCid
I need to calculate the duration between each event's send and receive. I am using stats command for that.
base search results| eval eventA_send_time = ### | eval eventA_recv_time = ###| stats values(eventA_send_time) as send_time values(eventA_recv_time) as recv_time by sessionAid| mvexpand recv_time | eval A_time = recv_time - send_time
Similarly for Event B and C. This works fine if run individually but I need to display durations of event A, B and C on a chart.
Can someone explain how this can be achieved. Really appreciate your help!!
... View more
- Tags:
- splunk-enterprise
10-13-2017
02:12 PM
I tried to do the same as mentioned above but it says the field name already exists. How should I proceed?
... View more
10-13-2017
10:15 AM
Hi cusello,
Thank you for your response. I guess my problem here is a bit different from the one mentioned in the examples. Lets say column D has values "abc","bcd","abc","egg","bcd" so I would like to color row 1 and row 3 with color lets say red and row 2 and row 5 with color green. Also, I don't know the values of column D before hand.
How should I proceed in this case?
Thanks!
... View more
10-12-2017
05:43 PM
Lets say I have a table with fields A, B, C, D. I would like to color rows based on the values of column D. Basically rows with same value of column D, should be in the same color. Is there a way this can be achieved in Splunk? Any help related to this will be appreciated!
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
