Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About uagraw01
uagraw01
Communicator
Member since:
06-03-2020
Monday
Community Statistics
| Posts | 139 |
| Solutions | 0 |
| Karma Given | 29 |
| Karma Received | 3 |
| Member Since | 06-03-2020 |
Activity Feed
- Karma Re: Splunk query for ITWhisperer. a week ago
- Posted Re: Splunk query on Splunk Search. a week ago
- Posted Re: Splunk query on Splunk Search. a week ago
- Posted Re: Splunk query on Splunk Search. a week ago
- Posted Splunk query- How to use spath command for the below logs? on Splunk Search. a week ago
- Tagged Splunk query- How to use spath command for the below logs? on Splunk Search. a week ago
- Posted Re: Alert on Alerting. 2 weeks ago
- Posted Re: Alert on Alerting. 2 weeks ago
- Posted Re: Alert on Alerting. 2 weeks ago
- Posted Re: Alert on Alerting. 2 weeks ago
- Posted Re: Alert on Alerting. 2 weeks ago
- Posted How to create an Alert based off basis of threshold? on Alerting. 2 weeks ago
- Posted Re: SPL query on Splunk Search. 3 weeks ago
- Posted Re: SPL query on Splunk Search. 3 weeks ago
- Karma Re: SPL query for gcusello. 3 weeks ago
- Posted How can I rename items with SPL query? on Splunk Search. 3 weeks ago
- Posted Re: Query for Splunk on Splunk Search. 3 weeks ago
- Posted Re: Query for Splunk on Splunk Search. 3 weeks ago
- Posted How can I optimize my search to run faster? on Splunk Search. 3 weeks ago
- Posted Re: How to optimize my SPL? on Splunk Search. a month ago
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
a week ago
How to use spath command for the below logs i have attached in the screenshot.
... View more
- Tags:
- other
Labels
- Labels:
-
other
@ITWhisperer I have attached the screenshot of my requirement. I hope the screenshot is clear to you.
... View more
@ITWhisperer So, your threshold is just your rate rounded to 2 decimal places? ----Yes that is the threshold Do you recalculate highRisk in the stats along with total by Offering_id? ----Yes, I have calculated from offereingID What do you want to alert on? ---I want an alert triggred for top 10 offering id on the basis of threshold. A clearer definition of what you are trying to achieve would help. I am confused on over what will be generic threshold i would be set.
... View more
@ITWhisperer I have attached one screenshot. Please check this at once for the rate calculation. We are taking the sum of all the highrisk event and then divided it by total number of events.
... View more
@ITWhisperer But how can define the threshold for each offeringID here?. Every offeringID must have different threshold. Threshold value should be dynamic for each value. So I am unable to understand how can i apply this.
... View more
2 weeks ago
Hello Splunkers,
As per the below details i need to create an alert on the basis of threshold value. But in this case every offeringID has different rate. So how can i calculate the threshold for each offeringID and how can I map this under an alert as a generic thershold value. Please suggest some ideas on this.
As well as if any one aware about in dat -incache-memory in Splunk.
... View more
Labels
- Labels:
-
other
3 weeks ago
Hello Splunkers,
How can i rename all the OrderNumber1, OrderNumber2, OrderNumber3 as OrderNumber. And Country1, Country2,Country4 as Country. I have attached the screenshot also.
Appreciated in advance
... View more
Labels
- Labels:
-
other
3 weeks ago
@PickleRick Thanks for sharing all your valuable things on Splunk search performance. This is very huge learning thing for me while creating a SPL query. I have one other issue related to the search performance. In that I want to optimize my all alert queries. Here I have hardcorded all the services name by giving using the "OR" clause. The services are coming from the raw data without having any field name. How we can optimize this kind of search without using the multiple OR condition.
... View more
3 weeks ago
@richgalloway Thanks for your response. I will try and let you know the progress.
... View more
3 weeks ago
Hello Splunkers
While running the attached query, results are populating very slow. From that query i want to achieve trend graph by using the line visualisation. But graphs are populating very slow. Please recommend how can I optimize my query to get the results quickly. Please check the attachment for the query.
... View more
Labels
- Labels:
-
other
a month ago
@Gr0und_Z3r0 My ask here is to optimize my existing query. Because here we are using or condition to fetch the services name from the raw data . I also want to use tstats command in my existing query but it is basically running on the metadata fields. So if you can suggest any approach from which I can optimise my search.
... View more
a month ago
@venky1544 As per the attached screen my raw data is looking like this and i have highlighted that service name in the event screenshot
... View more
04-14-2022
11:12 AM
@SinghK Actually i have very limited access here. Search time field exaction i can't do here. I have no power broker nor admin access. Have dependencies on other teams.
... View more
04-14-2022
09:37 AM
@venky1544 Thanks for your answer and investing your time on my query. Just let me know by this way can we optimize the query ? Let me suggest : 1. Can I use lookup and put all the services and join the index search with lookup. ( Is that optimize my search ?) 2. Can I use data model and fetch the data directly by using the pivot ? (Is that optimize my search ?) Please provide your suggestion on these points as well.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Monday
|
Karma given to
