Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About kakarsu
kakarsu
New Member
Member since:
01-01-2018
06-05-2020
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 01-01-2018 |
Activity Feed
- Posted Re: Creating End_Loading_Time on Splunk Search. 11-26-2018 06:49 PM
- Posted Re: Creating End_Loading_Time on Splunk Search. 11-25-2018 05:09 PM
- Posted Re: Creating End_Loading_Time on Splunk Search. 11-20-2018 11:18 PM
- Posted Creating End_Loading_Time on Splunk Search. 11-19-2018 07:54 PM
- Tagged Creating End_Loading_Time on Splunk Search. 11-19-2018 07:54 PM
- Posted Re: regex multivalue grouping on Splunk Search. 10-09-2018 05:32 PM
- Posted regex multivalue grouping on Splunk Search. 10-04-2018 05:42 PM
- Tagged regex multivalue grouping on Splunk Search. 10-04-2018 05:42 PM
- Tagged regex multivalue grouping on Splunk Search. 10-04-2018 05:42 PM
- Posted Re: how can I pass a token from a map panel on click a value or name for a different region in dynamic drill down to different page ? on Dashboards & Visualizations. 01-10-2018 05:22 PM
- Posted Re: Geostats Map Drilldown on Splunk Search. 01-02-2018 08:17 PM
- Posted Re: Geostats Map Drilldown on Splunk Search. 01-02-2018 02:23 PM
- Posted Geostats Map Drilldown on Splunk Search. 01-01-2018 10:12 PM
- Tagged Geostats Map Drilldown on Splunk Search. 01-01-2018 10:12 PM
- Tagged Geostats Map Drilldown on Splunk Search. 01-01-2018 10:12 PM
- Tagged Geostats Map Drilldown on Splunk Search. 01-01-2018 10:12 PM
- Tagged Geostats Map Drilldown on Splunk Search. 01-01-2018 10:12 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
11-25-2018
05:09 PM
Thank you very much @FrankVl much appreciated mate. I had to update the next regex command to match the criteria for them and it is working as I was expecting.
While I will accept your solution as correct I was wondering to know if you can post me some good sites where I can learn more about Regex specifically the one that teaches the " | rex field=event mode=sed"
I have known the regex101 and www.udemy.com but never thought regex will have this functionality.
Once again thank you and Regards,
... View more
11-20-2018
11:18 PM
Thank you very much for the quick response, one should have mentioned that within this log I have another pair of logs that contains as below (Please bear in mind that below data is dummy, the time and action names vary):
"11:00:31:800,3200,ABCDeposit, Selected_Action;11:00:33:940,3201,ABCSelectAmount,Selected_Amount;11:00:35:320,3202,ABCSelectAccount,Selected_Account,;11:00:42:670,3203,ABCConfirm,Selected_Button;11:00:50:350,3204,ACBSuccessfulEnd,Confirmed"
And another one:
"11:00:31:800,3200,ABCDeposit, Selected_Action;11:00:33:940,3201,ABCSelectAmount,0;11:00:35:320,3202,ABCSelectAccount,0;11:00:42:670,3203,ABCConfirm,0;11:00:50:350,3204,ACBSuccessfulEnd,0"
How do I get the | rex field=event mode=sed for the above logs?
I tried to analyse your code but failed. 😞
Thanks a million in advance!
... View more
11-19-2018
07:54 PM
Hi Splunkers,
I am faced with another problem where the logs I have contain only 3 fields with Start_Loading_Time, _Event_Reference, Event_Name.
An example of this log is shown below in the dummy data:
11:00:31:800,3200,ABCDeposit;11:00:33:940,3201,ABCSelectAmount;11:00:35:320,3202,ABCSelectAccount;11:00:42:670,3203,ABCConfirm;11:00:50:350,3204,ACBSuccessfulEnd
.......
.......
.......
I have used the split function to split the above record by ";", which will give me below:
11:00:31:800,3200,ABCDeposit
11:00:33:940,3201,ABCSelectAmount
11:00:35:320,3202,ABCSelectAccount
11:00:42:670,3203,ABCConfirm
11:00:50:350,3204,ACBSuccessfulEnd
I have then used the below regex to capture the two fields I'm after:
(?Start_Loading_Time[^\,]+)\,\d*\,(?Event_Name\w+[^\n]+)
What I am trying to create is to get "11:00:33:940" -1milisecond as End_Loading_Time for ABCDeposit and use "11:00:33:940" as Start_Loading_Time for ABCSelectAmount similarly I want to capture "11:00:35:320" -1milisecond as End_Loading_Time for ABCSelectAmount and use "11:00:35:320" Start_Loading_Time for ABCSelectAccount and so on.
Any suggestion or help would be much appreciated.
Many Thanks in advance!
... View more
- Tags:
- splunk-enterprise
10-04-2018
05:42 PM
Hi Guys,
I am pretty new to regex and need help with getting repeated values from one event (record).
Splunk is showing one event "EventType" as below
00:00:00:000,210234,ABCMachineIdleState,0;00:00:03:280,210235,ABCClientSelection,1;00:00:04:050,210236,ABCClientVerification,4;00:00:06:550,210237,ABCClientAuthorisation,4;00:00:07:780,210238,ABCClientBookSelection,0;00:01:09:050,210239,ABCClientDateSelection,0;00:01:10:660,210240,ABCClientLocationSelection,0;00:01:12:230,210241,ABCClientRequestReview,0;00:01:14:740,210242,ABCClientRequestConfirmation,4;00:01:16:420,210243,ABCClientSubmitRequst,0;00:01:28:770,210244,ABCClientRequestResultDisplay,4;
New record...."
The above record contains time as (hh:mm:ss:ms), ReferenceNumber, ActionType,Status.
I have regex constructed as below:
"\.?(?\d\d\:\d\d\:\d\d\:\d\d\d)*(?\d\d\d\d)*(?<SubCategory>ABC\w*)*(?\d)?"
The above query will only capture the first instance for each record and each field:
"00:00:00:000,210234,MachineIdleState,0;"
BUT what I need is to capture all of the following ActionTypes from each record. I guess what I need is some sort of loop to capture all fields and its corresponding values within the record.
Please bear in mind that I will need to create these new fields in the dataModel.
Any help will be much appreciated!
Thanks in advance!
... View more
01-10-2018
05:22 PM
Hi Flynt,
Would you know if this has been resolved now? or if there is a way to pass a single field value from the Map drilldown to another dashboard?
I have been trying to work this out for days and it either gets the first value from the list or pass 1 which is the count value or "null".
Unfortunately, I use Splunk Enterprise which have very limited access to install any app or add ons.
impatiently need to get this sorted.
Regards,
Sultan
... View more
01-02-2018
08:17 PM
Thanks, unfortunately, I'm using enterprise Splunk within our industry with very limited accessibility over the config files and no privilege to add any new app to Splunk platform.
Overall all I need is to be able to click on a single point on the map, capture either the Branch_ID or branch_Name (only one) and past it to the other dashboard. I have pasted the query with drilldown code in the above comments.
Any help would be much appreciated!
Many thanks!
... View more
01-02-2018
02:23 PM
Hi,
Below is the query I use:
|inputlookup branch_INFO |fields Branch_Number, Branch_Name, SITE_LATD, SITE_LGTD | geostats latfield=SITE_LATD longfield=SITE_LGTD count by Branch_Name globallimit=0 maxzoomlevel=18
AND
Below is the drilldown code:
<link>https://logit/en-GB/app/PROD/branch_view?form.BranchSearch=$click.value$</link>
<drilldown>
... View more
01-01-2018
10:12 PM
I have a lookup file that contains the name, ID, Latitude and Longitude of all our branches. I have designed a map to locate all the branches on the map. I need to drilldown on-click by capturing the Branch_ID from the list and open another existing dashboard where I can see more details of that branch.
The problem I have is that I cannot select one Branch_ID. Any help? While I click on the dot on the map it opens the other dashboard and tries to search for "null" in the form. Hope I am not confusing.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
