cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
anissabnk
Path Finder
Member since: ‎02-24-2021
a month ago
Community Statistics
Posts 55
Solutions 1
Karma Given 2
Karma Received 0
Member Since ‎02-24-2021
Activity Feed
Topics I've Started
View All

Re: automatic lookup

by in Monitoring Splunk
a month ago
a month ago
someone can help me please ?  It's very important ... View more

automatic lookup

by in Monitoring Splunk
‎03-19-2024 08:09 AM
‎03-19-2024 08:09 AM
Hello evryone,  I have a probleme with automatic lookup and role users.  I will explain :  With admin role, everythin is okay, the automatic lookup work and no warnings on my dashboard.  When I use an another role, it doesn't work  I've checked all the rights for lookups and knowledge objects, assigning them to the role in question. But nothing works; I'm really out of ideas. Thank you very much for your help.   ... View more
Labels

Re: developpement

by in Splunk Search
‎02-07-2024 12:50 AM
‎02-07-2024 12:50 AM
Ok for me, but How to have the result in the chronological order.  For now, I have this result, but not yet in a chronological order.  I have modified my spl request like this :  | union maxtime=500 timeout=500 [ search index="idx_arv_ach_appels_traites" AND (activite_cuid="N1 FULL" OR activite="FULL AC") AND (NOT activite_cuid!="N1 FULL" AND NOT activite!="FULL AC")|eval date_month_year=date_month." ".date_year| stats sum(appels_traites) as "Nbre appels" by date_month_year] [ search index="idx_arv_ach_tracage" (equipe_travail_libelle="*MAROC N1 AC FULL") | eval date=strftime(_time,"%Y-%m-%d") | eval date_month_year=date_month." ".date_year | dedup date,code_alliance_conseiller_responsable,num_client | chart count(theme_libelle) as "Nbre_de_tracagesD" by date_month_year] [search index="idx_arv_ach_cas_traces" source="*ac_at*" (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01") (LibEDO="*MAROC N1 AC FULL"OR"*SENEGAL N1 AC FULL*") AND (code_resolution="474"OR"836"OR"2836"OR"2893"OR"3085"OR"3137"OR"3244"OR"4340"OR"4365"OR"4784"OR"5893"OR"5896"OR"5897"OR"5901"OR"5909"OR"5914"OR"6744"OR"7150"OR"8020"OR"8531"OR"8534"OR"8535"OR"8548"OR"8549"OR"8709"OR"8876"OR"8917"OR"8919"OR"8946"OR"8961"OR"8962"OR"8970"OR"8974"OR"8998"OR"8999"OR"9000"OR"9001"OR"9004"OR"9006"OR"9007"OR"9010"OR"9011"OR"9012"OR"9048"OR"9052"OR"9058"OR"9059"OR"9069"OR"9088"OR"9089"OR"9090"OR"9095"OR"9107"OR"9108"OR"9116"OR"9148"OR"9150"OR"9169"OR"9184"OR"9190"OR"9207"OR"9208"OR"9209"OR"9211"OR"9214"OR"9223"OR"9239"OR"9240"OR"9241"OR"9248"OR"9251"OR"9274"OR"92752"OR"9276"OR"9288"OR"9299"OR"9300"OR"9302"OR"9323"OR"9324"OR"9366"OR"9382"OR"9385"OR"9447"OR"9450"OR"9455"OR"9466"OR"9467"OR"9476"OR"9516"OR"9559"OR"9584"OR"9603"OR"9627"OR"9633"OR"9640"OR"9654"OR"9670"OR"9710"OR"9735"OR"9740"OR"9782"OR"9784"OR"9785"OR"9786"OR"9794"OR"9817"OR"9839"OR"9919"OR"9932"OR"10000"OR"10010"OR"10017"OR"10022"OR"10048"OR"10049"OR"10053"OR"10081"OR"10099"OR"10100"OR"10103"OR"10104"OR"10105"OR"10116"OR"10118"OR"10142"OR"10143"OR"10153"OR"10160"OR"10162"OR"10165"OR"10185"OR"10189"OR"10190"OR"10191"OR"10199"OR"10206"OR"10209"OR"10216"OR"10229"OR"10233"OR"10241"OR"10256"OR"10278"OR"10280"OR"10288"OR"10289"OR"10290"OR"10299"OR"10330"OR"10331"OR"10367"OR"10432"OR"10474"OR"10496"OR"10499"OR"10506"OR"10524"OR"10525"OR"10526"OR"10527"OR"10528"OR"10530"OR"10531"OR"10532"OR"10534"OR"10535"OR"10536"OR"10537"OR"10538"OR"10540"OR"10541"OR"10543"OR"10557"OR"10558"OR"10560"OR"10561"OR"10579"OR"10592"OR"10675"OR"10676"OR"10677"OR"10678"OR"10680"OR"10681"OR"10704"OR"10748"OR"10759"OR"10760"OR"10764"OR"10766"OR"10768"OR"10769"OR"10770"OR"10771"OR"10783"OR"10798"OR"10799"OR"10832"OR"10857"OR"10862"OR"10875"OR"10928"OR"10929"OR"10933"OR"10934"OR"10941"OR"10947"OR"10962"OR"10966"OR"10969"OR"10977"OR"10978"OR"11017"OR"11085"OR"11114"OR"11115"OR"11116"OR"11138"OR"11139"OR"11140"OR"11141"OR"11142"OR"11143"OR"11144"OR"11219"OR"11252"OR"11239"OR"11268"OR"11326"OR"11327"OR"11328"OR"11329"OR"11410"OR"11514"OR"11552"OR"11992"OR"12012"OR"12032"OR"12033"OR"12034"OR"12035"OR"12036"OR"12037"OR"12038"OR"12039"OR"12040"OR"12041"OR"12152") |eval date_month_year=date_month." ".date_year | chart sum(total) as "Nbre_de_tracagesB" by date_month_year] [search index="idx_arv_ach_cas_traces" source="*ac_at*" (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01") (LibEDO="*MAROC N1 AC FULL"OR"*SENEGAL N1 AC FULL*") |eval date_month_year=date_month." ".date_year| chart sum(total) as "Nbre_de_tracages_total" by date_month_year] [search index="idx_arv_ach_cas_traces" source="*ac_at*" (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01") (LibEDO="*MAROC N1 AC FULL"OR"*SENEGAL N1 AC FULL*")| chart sum(total) as "Nbre_de_tracages_total" by date_month_year] [search index="idx_arv_ach_enquetes_satisfaction" source="*maroc_base_1*" (conseiller_createur_equipe="*MAROC N1 AC FULL") |eval date_month_year=date_month." ".date_year | chart count(appreciation) as "Nbre_de_retour_enquete" by date_month_year] [search index="idx_arv_ach_enquetes_satisfaction" source="*maroc_base_1*" (conseiller_createur_equipe="*MAROC N1 AC FULL") |eval date_month_year=date_month." ".date_year | eval nb5=case(appreciation="5", 5) | eval nb123=case(appreciation>="1" and appreciation<="3", 3) | eval nb1234=case(appreciation>="1" and appreciation<="4", 4) | eval nbtotal=case(appreciation>="1" and appreciation<="5", 5)| stats count(nb5) as "Nbre_de_5", count(nb123) as "Nbre_de_123", count(nb1234) as "Nbre_de_1234", count(nbtotal) as "Nbre_total" by date_month _year | eval pourcentage=round((Nbre_de_5/Nbre_total-(Nbre_de_123/Nbre_total))*100,2)." %" | rename pourcentage as deltaSAT | table deltaSAT date_month] | stats values("Nbre appels") as "Nbre appels" values("Nbre_de_retour_enquete") as "Nbre_de_retour_enquete" values(Nbre_de_tracagesD) as Nbre_de_tracagesD values("Nbre_de_tracagesB") as "Nbre_de_tracagesB" values("Nbre_de_tracages_total") as "Nbre_de_tracages_total" values(deltaSAT) as deltaSAT by date_month_year | eval pourcentage=round((Nbre_de_tracagesB/Nbre_de_tracages_total)*100, 2)." %" | rename pourcentage as "Tx traçages bloquants" | eval TxTracage=round((Nbre_de_tracagesD/'Nbre appels')*100,2)." %" | rename TxTracage as "Tx traçages dédoublonnés" | rename Nbre_de_tracagesD as "Nbre traçages dédoublonnés" |sort  date_month_year I tried to sort but it doesn't work.    Thank you  ... View more

developpement

by in Splunk Search
‎02-06-2024 08:11 AM
‎02-06-2024 08:11 AM
Hello,    I have a question on a spl request.  I have those extracted fields about the entry data.   I used this spl request :  | union maxtime=500 timeout=500 [ search index="idx_arv_ach_appels_traites" AND (activite_cuid="N1 FULL" OR activite="FULL AC") AND (NOT activite_cuid!="N1 FULL" AND NOT activite!="FULL AC")| stats sum(appels_traites) as "Nbre appels" by date_month] [ search index="idx_arv_ach_tracage" (equipe_travail_libelle="*MAROC N1 AC FULL")             | eval date=strftime(_time,"%Y-%m-%d")             | dedup date,code_alliance_conseiller_responsable,num_client             | chart count(theme_libelle) as "Nbre_de_tracagesD" by date_month ] [search index="idx_arv_ach_cas_traces"  source="*ac_at*" (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01") (LibEDO="*MAROC N1 AC FULL"OR"*SENEGAL N1 AC FULL*") AND (code_resolution="474"OR"836"OR"2836"OR"2893"OR"3085"OR"3137"OR"3244"OR"4340"OR"4365"OR"4784"OR"5893"OR"5896"OR"5897"OR"5901"OR"5909"OR"5914"OR"6744"OR"7150"OR"8020"OR"8531"OR"8534"OR"8535"OR"8548"OR"8549"OR"8709"OR"8876"OR"8917"OR"8919"OR"8946"OR"8961"OR"8962"OR"8970"OR"8974"OR"8998"OR"8999"OR"9000"OR"9001"OR"9004"OR"9006"OR"9007"OR"9010"OR"9011"OR"9012"OR"9048"OR"9052"OR"9058"OR"9059"OR"9069"OR"9088"OR"9089"OR"9090"OR"9095"OR"9107"OR"9108"OR"9116"OR"9148"OR"9150"OR"9169"OR"9184"OR"9190"OR"9207"OR"9208"OR"9209"OR"9211"OR"9214"OR"9223"OR"9239"OR"9240"OR"9241"OR"9248"OR"9251"OR"9274"OR"92752"OR"9276"OR"9288"OR"9299"OR"9300"OR"9302"OR"9323"OR"9324"OR"9366"OR"9382"OR"9385"OR"9447"OR"9450"OR"9455"OR"9466"OR"9467"OR"9476"OR"9516"OR"9559"OR"9584"OR"9603"OR"9627"OR"9633"OR"9640"OR"9654"OR"9670"OR"9710"OR"9735"OR"9740"OR"9782"OR"9784"OR"9785"OR"9786"OR"9794"OR"9817"OR"9839"OR"9919"OR"9932"OR"10000"OR"10010"OR"10017"OR"10022"OR"10048"OR"10049"OR"10053"OR"10081"OR"10099"OR"10100"OR"10103"OR"10104"OR"10105"OR"10116"OR"10118"OR"10142"OR"10143"OR"10153"OR"10160"OR"10162"OR"10165"OR"10185"OR"10189"OR"10190"OR"10191"OR"10199"OR"10206"OR"10209"OR"10216"OR"10229"OR"10233"OR"10241"OR"10256"OR"10278"OR"10280"OR"10288"OR"10289"OR"10290"OR"10299"OR"10330"OR"10331"OR"10367"OR"10432"OR"10474"OR"10496"OR"10499"OR"10506"OR"10524"OR"10525"OR"10526"OR"10527"OR"10528"OR"10530"OR"10531"OR"10532"OR"10534"OR"10535"OR"10536"OR"10537"OR"10538"OR"10540"OR"10541"OR"10543"OR"10557"OR"10558"OR"10560"OR"10561"OR"10579"OR"10592"OR"10675"OR"10676"OR"10677"OR"10678"OR"10680"OR"10681"OR"10704"OR"10748"OR"10759"OR"10760"OR"10764"OR"10766"OR"10768"OR"10769"OR"10770"OR"10771"OR"10783"OR"10798"OR"10799"OR"10832"OR"10857"OR"10862"OR"10875"OR"10928"OR"10929"OR"10933"OR"10934"OR"10941"OR"10947"OR"10962"OR"10966"OR"10969"OR"10977"OR"10978"OR"11017"OR"11085"OR"11114"OR"11115"OR"11116"OR"11138"OR"11139"OR"11140"OR"11141"OR"11142"OR"11143"OR"11144"OR"11219"OR"11252"OR"11239"OR"11268"OR"11326"OR"11327"OR"11328"OR"11329"OR"11410"OR"11514"OR"11552"OR"11992"OR"12012"OR"12032"OR"12033"OR"12034"OR"12035"OR"12036"OR"12037"OR"12038"OR"12039"OR"12040"OR"12041"OR"12152") | chart sum(total) as "Nbre_de_tracagesB" by date_month ] [search index="idx_arv_ach_cas_traces"  source="*ac_at*" (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01") (LibEDO="*MAROC N1 AC FULL"OR"*SENEGAL N1 AC FULL*")| chart sum(total) as "Nbre_de_tracages_total" by date_month] [search index="idx_arv_ach_enquetes_satisfaction"  source="*maroc_base_1*" (conseiller_createur_equipe="*MAROC N1 AC FULL") | chart count(appreciation) as "Nbre_de_retour_enquete" by date_month] [search index="idx_arv_ach_enquetes_satisfaction"  source="*maroc_base_1*" (conseiller_createur_equipe="*MAROC N1 AC FULL") | eval nb5=case(appreciation="5", 5) | eval nb123=case(appreciation>="1" and appreciation<="3", 3) | eval nb1234=case(appreciation>="1" and appreciation<="4", 4)             | eval nbtotal=case(appreciation>="1" and appreciation<="5", 5)| stats count(nb5) as "Nbre_de_5", count(nb123) as "Nbre_de_123", count(nb1234) as "Nbre_de_1234", count(nbtotal) as "Nbre_total" by  date_month             | eval pourcentage=round((Nbre_de_5/Nbre_total-(Nbre_de_123/Nbre_total))*100,2)." %"             | rename pourcentage as deltaSAT | table deltaSAT date_month] |  stats values("Nbre appels") as "Nbre appels" values("Nbre_de_retour_enquete") as "Nbre_de_retour_enquete" values(Nbre_de_tracagesD) as Nbre_de_tracagesD values("Nbre_de_tracagesB") as "Nbre_de_tracagesB" values("Nbre_de_tracages_total") as "Nbre_de_tracages_total" values(deltaSAT) as deltaSAT by date_month             | eval pourcentage=round((Nbre_de_tracagesB/Nbre_de_tracages_total)*100, 2)." %"             | rename pourcentage as "Tx traçages bloquants"             | eval TxTracage=round((Nbre_de_tracagesD/'Nbre appels')*100,2)." %"             | rename TxTracage as "Tx traçages dédoublonnés"             | rename Nbre_de_tracagesD as "Nbre traçages dédoublonnés"             |eval date_month=case(date_month=="january", "01-Janvier", date_month=="february", "02-Février", date_month=="march", "03-Mars", date_month=="april", "04-Avril", date_month=="may", "05-Mai", date_month=="june", "06-Juin", date_month=="july", "07-Juillet", date_month=="august", "08-Août", date_month=="september", "09-Septembre", date_month=="october", "10-Octobre", date_month=="november", "11-Novembre", date_month=="december", "12-Décembre") | sort date_month | eval date_month=substr(date_month, 4)             | fields date_month, "Tx traçages bloquants", "Nbre appels", "Nbre traçages dédoublonnés", "Tx traçages dédoublonnés"             | transpose 15 header_field=date_month   I obtain this result but I have a problem :  I haven't worked on the date_year field and I don't get a table in a chronoligcal order.    Can you help me please ?       ... View more
Labels

calculate a weighted average

by in Splunk Search
‎10-13-2023 04:34 AM
‎10-13-2023 04:34 AM
Hello, I would like to calculate a weighted average on an average call time. The logs I have available are of this type: I want to be able to obtain the calculation of the average time this way The formula applied is as follows:   Here is what I have done so far: index=rcd statut=OK partenaire=000000000P | eval date_appel=strftime(_time,"%b %y") | dedup nom_ws date_appel partenaire temps_rep_max temps_rep_min temps_rep_moyen nb_appel statut tranche_heure heure_appel_max | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, null()) | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel, null()) | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, null()) | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min, null()) | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, null()) | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max, null()) | eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, null()) | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen, null()) | stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO min(temps_rep_min_OK) as temps_rep_min_OK, min(temps_rep_min_KO) as temps_rep_min_KO max(temps_rep_max_OK) as temps_rep_max_OK, max(temps_rep_max_KO) as temps_rep_max_KO, values(temps_rep_moyen_OK) AS temps_rep_moyen_OK, values(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws, values(date_appel) as date_appel | eval temps_rep_moyen_KO_calcul=sum(temps_rep_moyen_KO*nb_appel_KO)/(nb_appel_KO) | eval temps_rep_moyen_OK_calcul=sum(temps_rep_moyen_OK*nb_appel_OK)/(nb_appel_OK) | fields - tranche_heure_bis , tranche_heure_partenaire | sort 0 tranche_heure |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO     I cannot get the final average_ok time displayed temps_moyen= [(nb_appel_1 * temps_moyen 1)+(nb_appel_2 * temps_moyen 2)+...)/sum of nb_appel . I really need help please. Thank you so much     ... View more

Eval case statement

by in Splunk Search
‎10-02-2023 06:42 AM
‎10-02-2023 06:42 AM
Hello,   I hope everything is okay.   I need your help.   I am using this spl request : "index="bloc1rg" AND libelle IN (IN_PREC, OUT_PREC, IN_BT, OUT_BT, IN_RANG, OUT_RANG) earliest=-1mon@mon latest=-1d@d | append [search index="bloc1rg" AND libelle IN (IN_PREC, OUT_PREC, IN_BT, OUT_BT, IN_RANG, OUT_RANG) earliest=-1mon@mon latest=-1d@d | chart count over id_flux by libelle | eval IN_BT_OUT_BT=IN_BT+OUT_BT | eval IN_PREC_OUT_PREC=IN_PREC+OUT_PREC | eval IN_RANG_OUT_RANG=IN_RANG+OUT_RANG | where IN_BT_OUT_BT>=2 | where IN_PREC_OUT_PREC >=2 | where IN_RANG_OUT_RANG >=2 | transpose | search column=id_flux | transpose | fields - "column" | rename "row 1" as id_flux] | stats last(_time) as last_time by id_flux libelle "   I have this results : I can't get what I want. Let me explain. For a given id_flux, I'd like to have the response time defined as follows: - out_rang time - in_rang time - time out_prec - time in_prec -time out_bt - time in_bt     Voilà ce que j'ai utilisé comme requête complète : search index="bloc1rg" AND libelle IN (IN_PREC, OUT_PREC, IN_BT, OUT_BT, IN_RANG, OUT_RANG) earliest=-1mon@mon latest=-1d@d |chart count over id_flux by libelle |eval IN_BT_OUT_BT=IN_BT+OUT_BT |eval IN_PREC_OUT_PREC=IN_PREC+OUT_PREC |eval IN_PREC_OUT_PREC=IN_PREC+OUT_PREC | eval IN_RANG_OUT_RANG=IN_RANG+OUT_RANG |where IN_BT_OUT_BT>=2 |where IN_PREC_OUT_PREC >=2 |where IN_RANG_OUT_RANG >=2 |transpose |search column=id_flux |transpose |fields - "column" |rename "row 1" as id_flux] | eval sortorder=case(libelle=="IN_PREC",1,libelle=="OUT_PREC" AND statut=="KO",2,libelle=="OUT_PREC" AND statut=="OK",3,libelle=="IN_BT",4,libelle=="OUT_BT",5, libelle=="IN_RANG",6, libelle=="OUT_RANG" AND statut=="KO",7, libelle=="OUT_RANG" AND statut=="OK",8) | sort 0 sortorder |eval libelle=if(sortorder=2,"ARE", (if (sortorder=3,"AEE", (if(sortorder=7, "BAN",(if(sortorder=8, "CCO", libelle))))))) |table libelle sortorder _time |chart avg(_time) over sortorder by libelle | filldown AEE, ARE, IN_BT, IN_PREC, OUT_BT, IN_RANG, OUT_RANG |eval OK=abs(OUT_BT-IN_BT)/1000 |eval AEE=abs(AEE-IN_PREC)/1000 |eval ARE=abs(ARE-IN_PREC)/1000 |eval CCO=abs(CCO-IN_RANG) |eval BAN=abs(BAN-IN_RANG) |fields - sortorder |stats values(*) as * |table AEE ARE BAN CCO OK |transpose |rename "row 1" as "temps de traitement (s)" |rename column as "statut"   ... View more
Labels

How do I make a Custom dashboard with js?

by in Splunk Enterprise
‎06-26-2023 10:58 AM
‎06-26-2023 10:58 AM
Hello everyone,  I need some help with a spl request.  <row> <panel> <title>SUIVI DES FLUX - TRANSMISSION WS</title> <input type="dropdown" token="partenaire" searchWhenChanged="true"> <label>PARTENAIRE</label> <search> <query>index=rcd earliest=@mon latest=now |table partenaire |dedup partenaire</query> <earliest>$earliest$</earliest> <latest>$latest$</latest> </search> <choice value="*">ALL</choice> <initialValue>*</initialValue> <default>*</default> <change> <condition value="*"> <set token="new_search">index=rcd earliest=@mon latest=now |search $partenaire$ |eval date_appel=strftime(_time,"%b %y") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws, values(date_appel) as date_appel |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO |append [ search index=rcd earliest=-1d@d latest=@d partenaire=$partenaire$ |eval time=strftime(_time,"%Y-%m-%d") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws values(partenaire) as partenaire , values(date_appel) as date_appel |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO] |eval partenaire="$partenaire$"</set> </condition> <condition match="NOT match('value', &quot;*&quot;)"> <set token="new_search">index=rcd earliest=@mon latest=now |search $partenaire$ |eval date_appel=strftime(_time,"%b %y") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws, values(date_appel) as date_appel by partenaire |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO |append [ search index=rcd $partenaire$ earliest=-1d@d latest=@d |eval time=strftime(_time,"%Y-%m-%d") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws values(partenaire) as partenaire , values(date_appel) as date_appel |mvexpand partenaire |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO]</set> </condition> </change> <fieldForLabel>partenaire</fieldForLabel> <fieldForValue>partenaire</fieldForValue> </input> <html> <div id="htmlPanelWithToken"> </div> </html> </panel> </row>   I use two searches with a value condition depending on the value of filter : partenaire. I need to use this search to make it work with my js script. I don't know how to add the value conditions to the query below. <search id="mySearch"> <done> <set token="tokHTML">$result.data$</set> </done> <query>index=rcd_statuts_count libelle=web_service_supervision_count | search partenaire IN ($partenaire$) |eval date_appel=strftime(_time,"%b %y")|table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO | eventstats sum(nb_appel_OK) as sum_nb_appel_ok sum(nb_appel_KO) as sum_nb_appel_ko |append [ search index=rcd earliest=-1d@d latest=@d | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws values(partenaire) as partenaire , values(date_appel) as date_appel |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO | eventstats sum(nb_appel_OK) as sum_nb_appel_ok sum(nb_appel_KO) as sum_nb_appel_ko]</query> <done> <condition> <set token="nom_ws">$nom_ws$</set> <set token="partenaire">$partenaire$</set> <set token="date_appel">$date_appel$</set> <set token="sum_nb_appel_ok">$result.sum_nb_appel_ok$</set> <set token="sum_nb_appel_ko">$result.sum_nb_appel_ko$</set> </condition> </done> Thank you so much       ... View more

Re: How to merge cells in custom table format?

by in Splunk Enterprise
‎06-13-2023 01:53 AM
‎06-13-2023 01:53 AM
I still need help please @kamlesh_vaghela., if you can help me 😉 The table must display all available time slots for the current day. For example, if the table is consulted at 1:45pm, only time slots 00-01 to 12-13 will be visible for the day's data. My log looks like this: 2023-06-13 08:55:00.385, nom_ws="WS-INT-LIENS", date_appel="2023-06-13", partenaire="0000003064", temps_rep_max="343", temps_rep_min="343", temps_rep_moyen="343", nb_appel="1", statut="OK", tranche_heure="9-10"   ... View more

Re: Custom Table format- How to merge cells?

by in Splunk Enterprise
‎06-12-2023 06:20 AM
‎06-12-2023 06:20 AM
Thank you so much for your help.       ... View more

Re: Custom Table format- How to merge cells?

by in Splunk Enterprise
‎06-02-2023 08:00 AM
‎06-02-2023 08:00 AM
. ... View more

How to merge cells in custom table format?

by in Splunk Enterprise
‎06-01-2023 06:38 AM
‎06-01-2023 06:38 AM
Hello, I have a question for a custom table.   I have to do this, but in Splunk it's not possible to merge cells.   I have to do this :   For the moment, I made this :   ... View more
Labels

Re: How to remove decimal value from values in a ...

by in Splunk Search
‎05-03-2023 12:18 AM
‎05-03-2023 12:18 AM
Yes but the other values for total have disappeared ... View more

Re: How to remove decimal value from values in a ...

by in Splunk Search
‎05-02-2023 01:34 AM
‎05-02-2023 01:34 AM
Unfortunately, it doesn't work   ... View more

How to remove decimal value from values in a tabl...

by in Splunk Search
‎05-02-2023 12:05 AM
‎05-02-2023 12:05 AM
Hello everyone, I need your help for something, please. I need to remove the decimal value for this fields: - total - hier My spl request is : | union [ search index="pasrau_statuts_count" libelle IN ("Envoi SNGI OK", "Envoi SNGI KO", "RECU") | lookup lk_etapes_pasrau_2020_rj libelle output evenement, ordre ] | join type=outer libelle [ search index=pasrau_statuts_count earliest=-100d@d latest=@d libelle IN ("Envoi SNGI OK", "Envoi SNGI KO", "RECU") | eval hier=count | table libelle hier ] | eval delta=case(hier < count, "+".(count-hier), hier > count, "-".(hier-count), hier=count, "0") | eval libelle=ordre+libelle, total=ordre+"."+count, hier=ordre+"."+hier | dedup libelle sortby lookup |stats list(libelle) as libelle , list(total) as total list(hier) as hier list(delta) as "DeltaJ/J-1" by evenement | sort libelle |rex field=libelle mode=sed "s/^[0-9]+//g" |rex field=total mode=sed "s/^[0-9]\.+//g" |rex field=hier mode=sed "s/^[0-9]\.+//g"   Thank you so much     ... View more
Labels

Re: How do we display the date and time of update ...

by in Other Usage
‎03-31-2023 04:48 AM
‎03-31-2023 04:48 AM
Thank you for your answer. Yes I have thought about tokens.   But I need some help to do this specific think : display the date of update and time on monthly report?   If someone, have an issue ? Please   Thanks ... View more

How do we display the date and time on monthly rep...

by in Other Usage
‎03-27-2023 05:28 AM
‎03-27-2023 05:28 AM
Hello everyone, I need your help Display the date and time of the monthly report update at the top of theReport.   Thank you so much       ... View more

Re: Help with creation of a table

by in Dashboards & Visualizations
‎03-22-2023 02:20 AM
‎03-22-2023 02:20 AM
Can you share with me an example of the spl request please ... View more

Re: Help with creation of a table

by in Dashboards & Visualizations
‎03-22-2023 02:00 AM
‎03-22-2023 02:00 AM
So, how can I do, to have the order tha I mentioned ? Thank you ... View more

How to create a table?

by in Dashboards & Visualizations
‎03-21-2023 08:39 AM
‎03-21-2023 08:39 AM
Hello everyone, I have a question for you   I have this table :   But , I want to have first : - the evenement Dépôt in the second line : the evenement Pré-contrôle   I don't know how to do this. Can you help me please. ... View more
Labels

Re: how to combine values

by in Splunk Search
‎02-27-2023 01:06 AM
‎02-27-2023 01:06 AM
Hello,  To precise something,  `EasyVistaGeneric` "Statut" = "En service" AND ("Identifiant réseau"="IMP*" OR "Identifiant réseau"="ECR*" OR "Identifiant réseau"="PCW*") |dedup "Identifiant réseau" |eval entité=mvindex(split('Entité (complète)',"/"),0) |table entité |dedup entité   For the fields entité, we have those fields :  I want to merge the results of the fields marked with green :  entité MTPM Toulon Opera Centre Communal d'Action Sociale Ecoles de Toulon Commune de Toulon Utilisateurs externes Metropole 2019 Le Revest ESAD Office Intercommunal du Tourisme METROPOLE TOULON PROVENCE MEDITERRANEE Prestataires DCSI Utilisateurs externes SIG Commune de Le Revest-les-Eaux Ecole Supérieure d'Art et Design METROPOLE TPM Caisse des ecoles de TOULON Opéra de Toulon CCAS de Toulon Office Intercommunal de Tourisme ... View more

Re: how to combine values

by in Splunk Search
‎02-27-2023 12:57 AM
‎02-27-2023 12:57 AM
@MuS @niketn  ... View more

Re: how to combine values

by in Splunk Search
‎02-27-2023 12:03 AM
‎02-27-2023 12:03 AM
`EasyVistaGeneric` "Statut" = "En service" AND ("Identifiant réseau"="IMP*" OR "Identifiant réseau"="ECR*" OR "Identifiant réseau"="PCW*") |dedup "Identifiant réseau" |eval entité=mvindex(split('Entité (complète)',"/"),0) | eval RESULT ='Commune de Toulon' + 'METROPOLE TPM' + 'MTPM' | timechart span=1y count by entité useother=f usenull=f | fields - 'Commune de Toulon' 'METROPOLE TPM' 'MTPM' |rename "count" as "Nombre"   It doesn't work :   ... View more

Re: how to combine values

by in Splunk Search
‎02-24-2023 08:04 AM
‎02-24-2023 08:04 AM
Ok, I want to have for the columns multiple entité : - I want to merge "METROPOLE TPM" colum with "MTPM" colum and "Toulon"  and "Commune de Toulon" to have only one column instead of having 4 columns.  That's what I want to display:  CCAS de Toulon | Centre Communal d'Action Sociale | RESULT | Le Revest ...   ... View more

Re: how to combine values

by in Splunk Search
‎02-24-2023 06:31 AM
‎02-24-2023 06:31 AM
Yes I know, But how I can modify my request to have both results : entité + RESULT ( as an "entité") `EasyVistaGeneric` "Statut" = "En service" AND ("Identifiant réseau"="IMP*" OR "Identifiant réseau"="ECR*" OR "Identifiant réseau"="PCW*") |dedup "Identifiant réseau" |eval entité=mvindex(split('Entité (complète)',"/"),0) | timechart span=1y count by entité useother=f usenull=f ... View more
Contact Me
Online Status
Offline
Date Last Visited
a month ago
Karma given to
View All