Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About cindywee
cindywee
New Member
Member since:
11-24-2016
06-05-2020
Community Statistics
| Posts | 5 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 11-24-2016 |
Activity Feed
- Posted Re: How to convert row values into fields with count? on Splunk Search. 08-22-2019 12:47 PM
- Posted How to convert row values into fields with count? on Splunk Search. 08-22-2019 12:22 PM
- Tagged How to convert row values into fields with count? on Splunk Search. 08-22-2019 12:22 PM
- Tagged How to convert row values into fields with count? on Splunk Search. 08-22-2019 12:22 PM
- Tagged How to convert row values into fields with count? on Splunk Search. 08-22-2019 12:22 PM
- Tagged How to convert row values into fields with count? on Splunk Search. 08-22-2019 12:22 PM
- Tagged How to convert row values into fields with count? on Splunk Search. 08-22-2019 12:22 PM
- Posted Can you help me combine 2 queries into a timechart? on Splunk Search. 11-28-2018 10:45 PM
- Tagged Can you help me combine 2 queries into a timechart? on Splunk Search. 11-28-2018 10:45 PM
- Tagged Can you help me combine 2 queries into a timechart? on Splunk Search. 11-28-2018 10:45 PM
- Posted Re: ITSI User usage report on Splunk ITSI. 11-15-2017 10:52 PM
- Posted ITSI User usage report on Splunk ITSI. 11-15-2017 02:13 AM
- Tagged ITSI User usage report on Splunk ITSI. 11-15-2017 02:13 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
08-22-2019
12:47 PM
You are a genius. The most simple solution is always to right solution.
... View more
08-22-2019
12:22 PM
Hi. How do I get from the first table to look like the second table?
I have tried chart, transpose, different combination of eval and stats functions but just cannot get it to look right. I am working off a csv data set.
... View more
11-28-2018
10:45 PM
Hi all,
I have the following data and I need some help to progress further.
I have fields: _time uniqueId action user host
The events are paired. Both events share the same uniqueId, user and host, and each will have an "action" which is "action connect" or "action disconnect".
I am trying to create a single 5mins span timechart, showing number of "paired events" and the average duration for that 5 mins.
I am able to do that with separate queries but I am unable to join them into one, or find a better query.
index=myindex action=\*action*
| stats min(_time) as Start, max(_time) as End, by uniqueId user host
| eval Duration = tostring((End - Start), "duration")
| eval Start_time=strftime(Start,"%F %T")
| eval End_time=strftime(End,"%F %T")
| where Duration!="00:00:00"
| table uniqueId user host Start_time End_time Duration
index=myindex action=\*action*
|bin _time span=5m
| stats count(uniqueId) as Sessions by _time
Thanks
... View more
11-15-2017
10:52 PM
Hi there. I need to track and report who logged into ITSI, either to view or create glasstables, base searches and entities etc . Thanks.
... View more
11-15-2017
02:13 AM
Hi, need some expert help tuning a search query focused only on ITSI users per week. I have the following query but it is running really slow.
index="_internal" host= app=itsi NOT user="splunk-system-user"| timechart span=1d count as count_user by user usenull=f
Any suggestions are welcomed.
Thanks.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
