Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About guptap2
guptap2
New Member
Member since:
10-23-2017
06-05-2020
Community Statistics
| Posts | 5 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 10-23-2017 |
Activity Feed
- Posted Alerts showing late in Episode Review on Splunk ITSI. 05-28-2020 02:16 AM
- Tagged Alerts showing late in Episode Review on Splunk ITSI. 05-28-2020 02:16 AM
- Tagged Alerts showing late in Episode Review on Splunk ITSI. 05-28-2020 02:16 AM
- Tagged Alerts showing late in Episode Review on Splunk ITSI. 05-28-2020 02:16 AM
- Posted Re: Two searches with different source and producing results in form of filename in column A and B respectively. on Splunk Search. 07-15-2019 09:48 PM
- Posted Re: Two searches with different source and producing results in form of filename in column A and B respectively. on Splunk Search. 07-15-2019 11:25 AM
- Posted Two searches with different source and producing results in form of filename in column A and B respectively. on Splunk Search. 07-15-2019 11:25 AM
- Tagged Two searches with different source and producing results in form of filename in column A and B respectively. on Splunk Search. 07-15-2019 11:25 AM
- Tagged Two searches with different source and producing results in form of filename in column A and B respectively. on Splunk Search. 07-15-2019 11:25 AM
- Tagged Two searches with different source and producing results in form of filename in column A and B respectively. on Splunk Search. 07-15-2019 11:25 AM
- Tagged Two searches with different source and producing results in form of filename in column A and B respectively. on Splunk Search. 07-15-2019 11:25 AM
- Posted How to get stats count value as 0, if there are no events for that value in splunk search. on Splunk Search. 06-20-2018 01:35 AM
- Tagged How to get stats count value as 0, if there are no events for that value in splunk search. on Splunk Search. 06-20-2018 01:35 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
05-28-2020
02:16 AM
itsi_tracked_alerts showing the correct time of events, however itsi_grouped_alerts showing event after 15-20 min. Which is resulting in a late view of alerts in Episode Review?
index=itsi_grouped_alerts sourcetype="itsi_notable:group" Garbage Collection "f7a3cdb2c5a1bf1108305ea0"
5/28/20
9:16:38.000 AM
{ [-]
ArchiveMon: NO
ConfigurationItem: GOE Hybris Admin Europe 2
CustomUrl: http://monspkprdci05:8000/en-US/app/itsi/dynatrace_dashboard?form.kpi=*Garbage Collection*&form.service=hybadm&form.region=eu2
IsStartForAutomation: false
SupportGroupName: GOE_AO_TA_Accenture
aggregated: true
alert_value: 2
automation: FALSE
count: 2
index=itsi_grouped_alerts sourcetype="itsi_notable:group" Garbage Collection "f7a3cdb2c5a1bf1108305ea0"
5/28/20
9:04:17.769 AM
{ [-]
ArchiveMon: NO
ConfigurationItem: GOE Hybris Admin Europe 2
CustomUrl: http://monspkprdci05:8000/en-US/app/itsi/dynatrace_dashboard?form.kpi=*Garbage Collection*&form.service=hybadm&form.region=eu2
IsStartForAutomation: false
SupportGroupName: GOE_AO_TA_Accenture
aggregated: true
alert_value: 1
automation: FALSE
count: 2
... View more
Labels
- Labels:
-
troubleshooting
07-15-2019
09:48 PM
First Query :index=esbsrv_app host=AM integrationId=I216 code=JBOSS012 transactionId=* earliest=-90d
| eval received_uri=case(code="JBOSS012",uri)
| rex field=received_uri "./((?.))"
| stats min(_time) as time list(received_file) as Received_SFTP by transactionId
| where like(Received_SFTP,"%OH%")
| fields - transactionId
Output : Events (45,294)
Patterns
Statistics (38,129)
Visualization
20 Per Page
Format
Preview
Prev12345678...Next
time Received_SFTP
1562508623.153 I216_OH01_CA_98016413_000_20190707090010.xml
1560342840.230 I216_OH01_US_95490755_000_20190612070502.xml
1562616033.656 I216_OH01_US_98144575_000_20190708150001.xml
1562328016.795 I216_OH01_US_97799891_000_20190705061503.xml
1562992241.185 I216_OH01_US_98661758_000_20190712233006.xml
1561411913.315 I216_OH01_US_96603298_000_20190624163015.xml
1562919670.666 I216_OH01_CA_98570110_000_20190712031606.xml
1561912223.606 I216_OH01_US_97155174_000_20190630113001.xml
1562716885.927 I216_OH01_US_98313633_000_20190709190005.xml
1560100230.619 I216_OH01_US_95272914_000_20190609120501.xml
1561183254.865 I216_OH01_CA_96344206_000_20190622005607.xml
Second Query : index=onlftsprod sourcetype=transaction source="/data/integration/jboss/oh/in/dailytransaction/Archive" earliest=-90d
| eval mytime=strftime(_time,"%Y-%m-%d %H:%M:%S.%Q")
| stats min(mytime) as time by FILENAME
Output: Events (200)
Patterns
Statistics (200)
Visualization
20 Per Page
Format
Preview
Prev12345678...Next
FILENAME time
I006_OH01_94021027_000_20190526045001.xml 2019-05-26 07:00:00.000
I006_OH01_94021921_000_20190526053501.xml 2019-05-26 07:00:00.000
I006_OH01_94022085_000_20190526055001.xml 2019-05-26 07:00:00.000
I006_OH01_94022426_000_20190526060501.xml 2019-05-26 07:00:00.000
I006_OH01_94022608_000_20190526062001.xml 2019-05-26 07:00:00.000
I006_OH01_94022954_000_20190526063501.xml 2019-05-26 07:00:00.000
I006_OH01_94023127_000_20190526065001.xml 2019-05-26 07:00:00.000
I006_OH01_94023504_000_20190526070500.xml 2019-05-26 07:10:00.000
I006_OH01_94023672_000_20190526072000.xml 2019-05-26 07:20:00.000
I006_OH01_94024159_000_20190526073500.xml 2019-05-26 07:40:00.000
I006_OH01_94024303_000_20190526075000.xml 2019-05-26 07:50:00.00
I have to create a third column where all received SFTP filenames should get printed which are not in second query output - FILENAME. Clearly the files not yet in FILENAME table should get copied to new column.
... View more
07-15-2019
11:25 AM
column A is Received_SFTP and column B is FILENAME
... View more
07-15-2019
11:25 AM
There are 2 searches from 2 different sources that are fetching file name details in column A and B respectively.
We need to compare the data of column A and B in a way that values of B already in A should be removed and we get the output from A for files that are not in B till now.
I am using below search but column B data is also coming along:
index=esbsrv_app host=*AM* integrationId=I216 code=JBOSS012 transactionId=* earliest=-90d
| eval received_uri=case(code="JBOSS012",uri)
| rex field=received_uri ".*/((?.*))"
| stats min(_time) as time list(received_file) as Received_SFTP by transactionId
| where like(Received_SFTP,"%OH%")
| fields - transactionId
| appendcols [search index=onlftsprod sourcetype=transaction source="*/data/integration/jboss/oh/in/dailytransaction/Archive*" earliest=-90d
| eval mytime=strftime(_time,"%Y-%m-%d %H:%M:%S.%Q")
| stats min(mytime) as time by FILENAME ]
| eval output=toString(Received_SFTP)+";"+toString(FILENAME) | makemv delim=";" output
| mvexpand output
| fields - time Received_SFTP
| eval abc=if(FILENAME=output,1,0)
| search abc="0"
| stats count by output
| search count=1
Can someone please help in comparing 2 columns and getting results in A which are not in B
... View more
06-20-2018
01:35 AM
We have 7 different filetypes, we are trying to get count of each filetype in table. If count of any of them is 0, it should be displayed, but somehow in my query it is removing the row of the filetype having count 0.
Query :
index=sap_bam sourcetype=sap_d059 earliest=-6h filetype=Billing OR filetype=SalesOrder OR filetype=Clearing OR filetype=Delivery OR filetype=ReturnOrder OR filetype=M39COGSSIT OR filetype=M39AcutualRevenueRec
| dedup source
| eventstats count by filetype
| dedup filetype
| rename count as filecount
| eval alertme=if((filecount=0) OR isnull(filecount),1,0)
| fields sourcetype filetype filecount alertme
| table filetype filecount alertme
Result is :
alertme filecount filecount
SalesOrder 6 0
Billing 6 0
Delivery 6 0
ReturnOrder 6 0
Clearing 5 0
M39COGSSIT 3 0
... View more
- Tags:
- base-search
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
