Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About juanvarelagloba
juanvarelagloba
Explorer
Member since:
06-22-2015
06-05-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 0 |
| Member Since | 06-22-2015 |
Activity Feed
- Karma Re: If I get ResultA adding "dedup" to my search and ResultB without it, how do I include both results on the same chart? for woodcock. 06-05-2020 12:47 AM
- Karma Re: If I get ResultA adding "dedup" to my search and ResultB without it, how do I include both results on the same chart? for woodcock. 06-05-2020 12:47 AM
- Karma Re: Combine timechart in one chart by fields. for martin_mueller. 06-05-2020 12:47 AM
- Posted Re: Combine timechart in one chart by fields. on Splunk Search. 06-23-2015 12:16 PM
- Posted Combine timechart in one chart by fields. on Splunk Search. 06-23-2015 11:49 AM
- Tagged Combine timechart in one chart by fields. on Splunk Search. 06-23-2015 11:49 AM
- Tagged Combine timechart in one chart by fields. on Splunk Search. 06-23-2015 11:49 AM
- Tagged Combine timechart in one chart by fields. on Splunk Search. 06-23-2015 11:49 AM
- Tagged Combine timechart in one chart by fields. on Splunk Search. 06-23-2015 11:49 AM
- Posted Re: If I get ResultA adding "dedup" to my search and ResultB without it, how do I include both results on the same chart? on Splunk Search. 06-22-2015 12:30 PM
- Posted Re: If I get ResultA adding "dedup" to my search and ResultB without it, how do I include both results on the same chart? on Splunk Search. 06-22-2015 12:29 PM
- Posted Re: If I get ResultA adding "dedup" to my search and ResultB without it, how do I include both results on the same chart? on Splunk Search. 06-22-2015 12:05 PM
- Posted If I get ResultA adding "dedup" to my search and ResultB without it, how do I include both results on the same chart? on Splunk Search. 06-22-2015 10:57 AM
- Tagged If I get ResultA adding "dedup" to my search and ResultB without it, how do I include both results on the same chart? on Splunk Search. 06-22-2015 10:57 AM
- Tagged If I get ResultA adding "dedup" to my search and ResultB without it, how do I include both results on the same chart? on Splunk Search. 06-22-2015 10:57 AM
Topics I've Started
06-23-2015
12:16 PM
I feel silly now 😕 Thanks a bunch!
... View more
06-23-2015
11:49 AM
I have this query:
index=betas host="*433*" level=ERROR
(source="*RequestUpg*" class="*RequestUpgEndPoint*") OR
(source="*DisplayUpgPassengerItineraries*" class="*DisplayUpgPassengerItinerariesEndPoint*") OR
(source="*ApiUpg*"
class="*GetCustomersService*" OR
class="*ItineraryService*" OR
class="*RequestUpgService*" OR
class="*GetCustomersController*" OR
class="*AuthenticationServiceFilter*")
| timechart span=1d count by class
It does exactly what I want except it produces several charts:
I want it to produce one chart with this exact labels altogether in one chart, how should I approach it?
... View more
06-22-2015
12:30 PM
Also, shouldn't it be comma separated? I made it so and seems to work just fine, is there a difference?
... View more
06-22-2015
12:29 PM
This was exactly what I was after. Thanks a lot! There's only a slight problem with the fields (which I already solved but am curios about).
It seems that *successes doesn't get rid of the successes filed for some weird reason.
... View more
06-22-2015
12:05 PM
I am not exactly sure what you're doing there cause I'm pretty new to splunk, but it doesn't seem it is what I was looking for, I probably explained myself incorrectly.
I have updated my question to be more clear, I basically need to have ratio 1 that does not have deduplication by pnr, and have ratio 2 which has the deduplcation in the same chart, I think the update will make it much clearer.
... View more
06-22-2015
10:57 AM
index=betas host="*433*" description="POSTULATION_SUCCESS" OR description="POSTULATION_FAIL"
| dedup pnr
| bucket _time span=1d
| stats count(eval(description="POSTULATION_SUCCESS")) as successes count(eval(description="POSTULATION_FAIL")) as failures by _time
| eval total=failures+successes
| eval ratio=successes/total
| fields - total successes failures
I get certain results when I add dedup pnr and certain results without it.
I'm interested in having them both on the same chart.
What would be a good approach for this?
EDIT: To make my point clearer
This
index=betas host="*433*" description="POSTULATION_SUCCESS" OR description="POSTULATION_FAIL"
| dedup pnr
| bucket _time span=1d
| stats count(eval(description="POSTULATION_SUCCESS")) as successes count(eval(description="POSTULATION_FAIL")) as failures by _time
| eval total=failures+successes
| eval ratio=successes/total
| fields - total successes failures
produces a chart like this:
And this:
index=betas host="*433*" description="POSTULATION_SUCCESS" OR description="POSTULATION_FAIL"
| bucket _time span=1d
| stats count(eval(description="POSTULATION_SUCCESS")) as successes count(eval(description="POSTULATION_FAIL")) as failures by _time
| eval total=failures+successes
| eval ratio=successes/total
| fields - total successes failures
Note that the dedup is gone but the rest is identical produces this:
I need to put this to lines in the same chart.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
