Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Noob_splunker
Noob_splunker
Explorer
Member since:
06-28-2020
09-09-2020
Community Statistics
| Posts | 11 |
| Solutions | 0 |
| Karma Given | 6 |
| Karma Received | 0 |
| Member Since | 06-28-2020 |
Activity Feed
- Karma Re: How to compute the duration based on Time picker for ITWhisperer. 09-09-2020 05:33 AM
- Posted How to compute the duration based on Time picker on Splunk Search. 09-09-2020 03:31 AM
- Posted Re: Compare Dates and exclude event if it is older on Splunk Search. 07-11-2020 09:21 PM
- Posted Compare Dates and exclude event if it is older on Splunk Search. 07-11-2020 04:32 PM
- Tagged Compare Dates and exclude event if it is older on Splunk Search. 07-11-2020 04:32 PM
- Posted Re: How to extract from multivalue field result on Splunk Search. 07-05-2020 09:29 PM
- Karma Re: How to extract from multivalue field result for renjith_nair. 07-05-2020 09:28 PM
- Posted Re: How to compute duration for different rows on Getting Data In. 07-05-2020 03:42 PM
- Karma Re: How to compute duration for different rows for renjith_nair. 07-05-2020 03:40 PM
- Karma Re: How to compute duration for different rows for to4kawa. 07-05-2020 03:40 PM
- Posted How to extract from multivalue field result on Splunk Search. 07-05-2020 03:39 PM
- Tagged How to extract from multivalue field result on Splunk Search. 07-05-2020 03:39 PM
- Karma Re: Help in using CASE Statement for to4kawa. 07-04-2020 10:55 PM
- Posted How to compute duration for different rows on Getting Data In. 07-04-2020 08:28 PM
- Tagged How to compute duration for different rows on Getting Data In. 07-04-2020 08:28 PM
- Posted Re: Help in using CASE Statement on Splunk Search. 07-04-2020 03:57 PM
- Tagged Re: Help in using CASE Statement on Splunk Search. 07-04-2020 03:57 PM
- Posted Help in using CASE Statement on Splunk Search. 07-04-2020 01:57 PM
- Tagged Help in using CASE Statement on Splunk Search. 07-04-2020 01:57 PM
- Karma Re: Area Chart to show duration between two dates for richgalloway. 06-28-2020 02:32 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
09-09-2020
03:31 AM
Basically, I want to get duration based on the time picker. Example, If i select Year to Date in the time picker, i want to know how many minutes are there in Year to Date and assign it as a new field, let say UptimeDuration.
... View more
Labels
- Labels:
-
fields
07-11-2020
09:21 PM
Hi @richgalloway Thanks for your reply. I tried to add it before or after the transaction but it is still giving me the old dates. Regards,
... View more
07-11-2020
04:32 PM
Hi, How do I compare dates and exclude the event if it is older? I have here my table from transaction command. I want to compare the ReportedTime to Occurtime. If it is older then NeSn will be excluded. ReportedTime NeSn Occurtime 2020-07-01 23:38 117629897 29/04/2020 12:03 117629923 11/06/2020 23:26 117629924 11/06/2020 23:26 117629925 11/06/2020 23:26 117629926 11/06/2020 23:26 117629927 11/06/2020 23:26 118106613 5/07/2020 21:30 114218693 14/04/2020 6:32 Regards,
... View more
- Tags:
- extract
Labels
- Labels:
-
transaction
07-05-2020
09:29 PM
yup it worked after i renamed it! thanks much!
... View more
07-05-2020
03:42 PM
thanks for giving me an idea. i'll try to apply it in my query.
... View more
07-05-2020
03:39 PM
Hi, Below is the result from my transaction command. How do I extract only one date from the multiple dates below? I only need the first one which is 2020-07-05 22:02:01. 2020-07-05 22:02:01 2020-07-05 22:02:36 2020-07-05 22:02:58 2020-07-06 03:02:41 I tried mvindex and split but it doesnt give me a result. Thanks,
... View more
- Tags:
- extract
Labels
- Labels:
-
field extraction
07-04-2020
08:28 PM
Hi, I'm trying to compute the duration between two rows. I need the duration for Battery_duration and Battery_duration2. NodeBTime = Alarm ID 22214 Occurtime PowerTime = Alarm ID 25622 Occurtime CellTime = Alarm ID 29245Occurtime Battery_duration = NodeBTime - PowerTime Battery_duration2 = CellTime - NodeBTime AlarmID Occurtime ClearTime duration NodeBTime CellTime PowerTime Battery_duration Battery_duration2 29245 3/07/2020 14:09 3/07/2020 14:13 3/07/2020 14:09 25622 3/07/2020 9:01 3/07/2020 14:11 3/07/2020 9:01 22214 3/07/2020 13:59 3/07/2020 14:11 3/07/2020 13:59 Here is my query: |fillnull ClearTime |eval ClearTime=if(ClearTime=0,strftime(now(),"%Y-%m-%d %H:%M:%S"),ClearTime) |eval dur_sec=strptime(ClearTime,"%Y-%m-%d %H:%M:%S.%N")-strptime(Occurtime,"%Y-%m-%d %H:%M:%S.%N") |eval dur_sec=round((strptime(ClearTime,"%Y-%m-%d %H:%M:%S.%N")-strptime(Occurtime,"%Y-%m-%d %H:%M:%S.%N"))) |eval duration=tostring(dur_sec,"duration") |convert num(duration) |eval duration=round(duration/60,2) | eval PowerTime=if((AlarmID="25622"),Occurtime,null) | eval NodeBTime=if((AlarmID="22214"),Occurtime,null) | eval CellTime=if((AlarmID="29245"),Occurtime,null) | eval Battery_duration=strptime(NodeBTime,"%Y-%m-%d %H:%M:%S.%N")-strptime(PowerTime,"%Y-%m-%d %H:%M:%S.%N") | eval Battery_duration=round((strptime(NodeBTime,"%Y-%m-%d %H:%M:%S.%N")-strptime(PowerTime,"%Y-%m-%d %H:%M:%S.%N"))) | table AlarmID Occurtime ClearTime duration NodeBTime, CellTime PowerTime Battery_duration Battery_duration2 State Here is my result: It doesnt give me any result for Battery_duration and Battery_duration2. What is missing? Thanks,
... View more
- Tags:
- duration
Labels
- Labels:
-
time
07-04-2020
03:57 PM
@to4kawaawesome! | eval impact=case(match(filter,"3G Outage"),"Full Outage",match(filter,"Cell Blocked"),"Partial Outage",1=1,"No service impact") this works fine for me! Thanks!
... View more
- Tags:
- case
07-04-2020
01:57 PM
Hi there, I want to group the filter into Full Outage or Partial Outage. filter impact 3G Outage Full Outage Cell Blocked Power Outage Power Outage Partial Outage Cell Blocked Here is my query: | eval impact=case( searchmatch("Cell Blocked"),"Partial Outage", searchmatch("3G Outage"),"Full Outage",1=1,"No service impact") Result: The correct impact should be Full Outage. Can anyone help me out? Thanks,
... View more
- Tags:
- case
Labels
- Labels:
-
field extraction
06-28-2020
01:13 PM
Hi @richgalloway thanks for your reply. My desired result is more of like this. Y-axis is the duration.
... View more
06-28-2020
01:58 AM
Hi Splunkers, I'm a newbie in Splunk. I'm trying to create a chart to show the duration between two dates (Occurtime and ClearTime but I'm unable to get my desired result. Here's my Data: Data1 1593323763.234,AlarmName="Mains Input Out of Range",State="Unacknowledged & Cleared",EventType="Power System",Occurtime="2020-06-28 11:09:42",ClearTime="2020-06-28 17:55:05" Data2 1593323716.209,,AlarmName="NodeB Unavailable",State="Unacknowledged & Cleared",EventType="Running System",Occurtime="2020-06-28 11:59:32",ClearTime="2020-06-28 17:55:13" Here is my query: |eval dur_sec=strptime(ClearTime,"%Y-%m-%d %H:%M:%S.%N")-strptime(Occurtime,"%Y-%m-%d %H:%M:%S.%N") |eval dur_sec=round((strptime(ClearTime,"%Y-%m-%d %H:%M:%S.%N")-strptime(Occurtime,"%Y-%m-%d %H:%M:%S.%N"))) |eval duration=tostring(dur_sec,"duration") |convert num(duration) |eval duration=round(duration/60,2) | eval filter=case( searchmatch("AC Failure*"),"Power Outage", searchmatch("Cell Blocked*"),"Cell Blocked", searchmatch("NodeB Unavailable"),"3G Outage", searchmatch("eNodeB S1 Control Plane Transmission Interruption"),"4G Outage",1=1,"No Filter match") | chart max(duration) over Occurtime by filter Can anyone help me?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-09-2020
03:49 AM
|
