Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About mahbs
mahbs
Path Finder
Member since:
10-11-2017
06-05-2020
Community Statistics
| Posts | 85 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 5 |
| Member Since | 10-11-2017 |
Activity Feed
- Karma Re: Creating a comparison report for mayurr98. 06-05-2020 12:49 AM
- Karma Re: How to count rows that have non-zero values for somesoni2. 06-05-2020 12:49 AM
- Karma Re: Understanding the LOOKUP command for elliotproebstel. 06-05-2020 12:49 AM
- Karma Re: Purpose of the "AS" statement in SPLUNK for HiroshiSatoh. 06-05-2020 12:49 AM
- Got Karma for How do I set the inputs.conf file for continuous monitoring of an input file for appended data?. 06-05-2020 12:49 AM
- Got Karma for Understanding the LOOKUP command. 06-05-2020 12:49 AM
- Got Karma for Understanding the LOOKUP command. 06-05-2020 12:49 AM
- Got Karma for Understanding the LOOKUP command. 06-05-2020 12:49 AM
- Got Karma for How to compare data with last 7 days of data?. 06-05-2020 12:49 AM
- Posted Re: How to compare data with last 7 days of data? on Splunk Search. 02-12-2018 07:48 AM
- Posted Re: How to compare data with last 7 days of data? on Splunk Search. 02-12-2018 07:03 AM
- Posted How to compare data with last 7 days of data? on Splunk Search. 02-12-2018 03:55 AM
- Posted how to write an "if" statement for a value in all the fields? on Splunk Search. 01-31-2018 08:45 AM
- Posted Re: How to negate Join Command on Splunk Search. 01-26-2018 03:43 AM
- Posted How to negate Join Command on Splunk Search. 01-26-2018 03:17 AM
- Posted Re: Validating the file name in splunk on Splunk Dev. 01-24-2018 02:04 AM
- Posted Validating the file name in splunk on Splunk Dev. 01-24-2018 01:58 AM
- Posted Re: Result of subsearch field repeated instead of displaying unique values on Splunk Search. 01-18-2018 02:16 AM
- Posted Re: Result of subsearch field repeated instead of displaying unique values on Splunk Search. 01-18-2018 01:56 AM
- Posted Re: Result of subsearch field repeated instead of displaying unique values on Splunk Search. 01-18-2018 01:56 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-12-2018
07:03 AM
Hi @mayurr98, sorry, this didn't work. I didn't quite understand what you did here, unfortunately.
... View more
02-12-2018
03:55 AM
1 Karma
Hi,
I've got a query that's failing at the "where" statement. I'm trying to show data in the last 7 days based on data i've imported. This is the query:
source=* host="xxx" index="xxx" sourcetype="xxx" "Issue Type"="Bug" | streamstats dc(source) as distinct_source | head (distinct_source == 1) | eval NewTime=strptime(Created,"%d/%b/%y %H:%M %p") | eval _time=NewTime | eval epoch7days_ago=relative_time(now(), "-7d@d") | where _time>epoch7days_ago
I'm not sure why I'm getting no results at the where statement.
... View more
01-31-2018
08:45 AM
Hi,
Is there a way of writing an if condition that basically says, "if value x exists in all of tabled fields, then create a new field, and insert the value "valid" into it".
Is that possible?
... View more
01-26-2018
03:17 AM
Hi,
I have two sets of records, let's call them V1 and V2. They both share a common field called ITEM. I basically need a way of saying return to me to items that are not common. So for instance, I would use a join command to join item values that are common - I need the opposite of that, wherein where items dont match, return that data.
Thanks
... View more
- Tags:
- splunk-enterprise
01-24-2018
02:04 AM
Hey @mayurr98, not a list, but I've created dashboards per file. The Splunk picks up the file from the splunk server and ingests it. For that file that is being picked up, in that dashboard, I want to create a panel that basically checks to see if the file name conforms to the intended design
... View more
01-24-2018
01:58 AM
Hi,
I was just wondering, is there a way to validate the name of the file that is being ingested into splunk?
So for example, if the file name is: "filename 20180124" I would have thought a regular expression could be used to validate that, but the question is, how do I use a query to display the file name into the console and then validate it?
Could someone shed some light on this?
Thanks
... View more
- Tags:
- splunk-enterprise
01-18-2018
02:16 AM
yeah but that's not the problem at the moment
... View more
01-18-2018
01:56 AM
There's also count column at the end
... View more
01-18-2018
01:56 AM
I'm getting a list of all the data for the fields I have specified in the query
... View more
01-18-2018
01:42 AM
I'm not sure if the join is working properly
... View more
01-18-2018
01:40 AM
Hi,
yep, the sub-search is where source=src2. Essentially C_4has multiple values, and im trying to seperate these values into seperate records which is working for the most part, but c_4 for some reason isn't displaying all the multiple values, it's just repeating, where as all the other fields are displaying the multiple data.
This is the output I want:
ITEM: 1234 F_2=22 F_3=21 F_4=23
ITEM: 1234 C_2=1 C_3=2 C_4=2
I hope that makes sense
... View more
01-18-2018
01:26 AM
Hi,
I have a could of fields that contain multiple values, and I am trying to seperate them into sepereate records. The following query works 90%. The only issue is that the last field in the subsearch is not displaying the unique valeus, for example it may contain the value: 2,3 but it will only display 2. Every other field works fine in terms of displaying all the unique values per record. This is the current query I have:
index=index sourcetype=csv source=src1 host=host1
| stats count by ITEM field2 field3 field4
| rename field2 as F_2 field3 as F_3 field4 as F_4
| join ITEM
[ search index=index sourcetype=csv source=src2 host=host2
| stats count by SKU c_2 c_3 c_4
| rename SKU as ITEM | rename c_2 as C_2 c_3as C_3 c_4as C_4 ]
| eval DIFF1=F2-C_2
| eval DIFF2=F_3-C_3
| sort limit=0 ITEM
| table ITEM, F_2, F_3, F_4, c_2, c_3, c_4, DIFF1, DIFF2
Can someone suggest what I can do to fix the problem?
Thanks
... View more
- Tags:
- splunk-enterprise
01-18-2018
12:21 AM
@mayurr98, Hi this works partially. It's not separating one of the fields in the sub search. It's just repeating it.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
