Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- About Mallik657
Mallik657
Explorer
Member since:
09-21-2022
10-08-2024
Community Statistics
| Posts | 23 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 09-21-2022 |
Activity Feed
- Posted Re: How to Calculate Percentage for a single value and display both Value and Percentage in the Bracket in the same Pane on Splunk Search. 10-05-2024 10:39 AM
- Posted Re: How to Calculate Percentage for a single value and display both Value and Percentage in the Bracket in the same Pane on Splunk Search. 10-05-2024 09:22 AM
- Posted Re: How to Calculate Percentage for a single value and display both Value and Percentage in the Bracket in the same Pane on Splunk Search. 09-30-2024 11:14 PM
- Posted Re: How to Calculate Percentage for a single value and display both Value and Percentage in the Bracket in the same Pane on Splunk Search. 09-30-2024 11:13 PM
- Posted How to Calculate Percentage for a single value and display both Value and Percentage in the Bracket in the same Panel on Splunk Search. 09-30-2024 09:32 AM
- Posted Re: Query to compare both row & column status for a server and get unique final status count based on dept, Location on Dashboards & Visualizations. 09-02-2024 11:03 PM
- Posted Re: Query to compare both row & column status for a server and get unique final status count based on dept, Location on Dashboards & Visualizations. 09-02-2024 09:32 AM
- Posted Re: Query to compare both row & column status for a server and get unique final status count based on dept, Location on Dashboards & Visualizations. 09-02-2024 02:53 AM
- Posted Re: Query to compare both row & column status for a server and get unique final status count based on dept, Location on Dashboards & Visualizations. 09-02-2024 02:36 AM
- Posted Re: Query to compare both row & column status for a server and get unique final status count based on dept, Location on Dashboards & Visualizations. 09-02-2024 12:57 AM
- Posted Query to compare both row & column status for a server and get unique final status count based on dept, Location,Company on Dashboards & Visualizations. 09-01-2024 11:44 PM
- Posted Re: Query to compare both row & column value for a server status and get unique final status count based on fileds s on Dashboards & Visualizations. 09-01-2024 06:41 AM
- Posted Query to compare both row & column value for a server status and get unique final status count based on fileds search. on Dashboards & Visualizations. 08-31-2024 11:01 PM
- Posted Re: Query to compare both row & column value for a server and get unique final status based on comparison. on Dashboards & Visualizations. 08-29-2024 09:36 AM
- Tagged Query to compare both row & column value for a server and get unique final status based on comparison. on Dashboards & Visualizations. 08-29-2024 06:19 AM
- Posted Query to compare both row & column value for a server and get unique final status based on comparison. on Dashboards & Visualizations. 08-29-2024 06:12 AM
- Posted Re: Query on get Combined and Unique Values on Reporting. 01-30-2024 05:46 AM
- Posted Query on get Combined and Unique Values on Reporting. 01-30-2024 01:54 AM
- Posted Re: Create a Table view of Columns from Source file on Dashboards & Visualizations. 11-16-2023 03:40 AM
- Posted Re: Create a Table view of Columns from Source file on Dashboards & Visualizations. 11-15-2023 11:44 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-05-2024
10:39 AM
1. I need to dedup servers in first query. Count only Unique Servers.
2. I need to consider all the Servers with duplicates in the second query and then CompletedStatus then count the completed.
|.
index=abc source="/opt/src/datasource.tmp" | dedup _raw | dedup Servers | table Servers | stats count(Servers) as Total
||.
index=abc source="/opt/src/datasource.tmp" | dedup _raw | table Servers, CompletedStatus | stats count(CompletedStatus) as Completed
So 2 queries are compulsory.
... View more
10-05-2024
09:22 AM
Hi Sir, I have two queries like below and I need to join both of queries and then divide Completed by Total and calculate percentage and display the percentage in bracket along with Completed count as shown in the above screenshot in panel. 1. index=abc source="/opt/src/datasource.tmp" | dedup _raw | table Servers | stats count(Servers) as Total 2. index=abc source="/opt/src/datasource.tmp" | dedup _raw | table CompletedServers | stats count(CompletedServers) as Completed
... View more
09-30-2024
11:14 PM
I have provided the sample data. I have huge data in few thousand lines. Which is pushed to Splunk. Query should be generic to accept any data size. Its not just 10 values.
... View more
09-30-2024
11:13 PM
I have provided the sample data. I have huge data in few thousand lines. Which is pushed to Splunk. Query should be generic to accept any data size.
... View more
09-30-2024
09:32 AM
I have a Sample Data like below. Now i need to display single value count of Completed and Pending in 2 different single value panel with their percentage in the bracket. (Screenshot is Attached) Total=10 Completed=6 Pending=4 Now I need to display Single value count of completed 6(60%) and second single value count of Pending 4(40%) with Percentage in the bracket in the 2 Panels show in Photo. Please provide me the query ServerName UpgradeStatus ========== ============= Server1 Completed Server2 Completed Server3 Completed Server4 Completed Server5 Completed Server6 Completed Server7 Pending Server8 Pending Server9 Pending Server10 Pending
... View more
09-02-2024
11:03 PM
Sorry its not complete. Can you help me with complete query to achieve above result. First need to get Final status then display the final status count based on dropdown selection like department, Location, Company. I have given the sample.csv raw data. Can you give me single value count query to get the final status count for servers and then again display the the count based on department, location or company dropdown selection.
... View more
09-02-2024
09:32 AM
Thank you. But this is not my requirement. My requirement is when i select a dropdown like Location Bangalore, I need to get the Final Status count of servers for Bangalore. If i select Company DRDO, I need to get final Status count for all servers that are DRDO company. same applies for department drop down. The Final Status of the server is derived from second column of the smaple.csv. Where, if any of the second column status value is No, then Final status is No. If all the status column value is Yes, then Yes for given server. So final status depends on status column values for that particular server. same applies for other servers also. I need to display total final status count as default. When someone select drop down like Location, then final Status count shoudl refresh based on Location selected. or Department selected or Company selected. Please help me with splunk query to achieve this.
... View more
09-02-2024
02:53 AM
Sample query for dropdown. other tags exist.
<input type="dropdown" token="department" searchWhenChanged="true">
index=abc laas_appId=xyz source="/opt/src/var/sample.csv" | search department="$department$" Company="$Company$" Location="$Location$" | dedup department | table department
<input type="dropdown" token="Location" searchWhenChanged="true">
index=abc laas_appId=xyz source="/opt/src/var/sample.csv" | search department="$department$" Company="$Company$" Location="$Location$" | dedup Location | table Location
<input type="dropdown" token="Company" searchWhenChanged="true">
index=abc laas_appId=xyz source="/opt/src/var/sample.csv" | search department="$department$" Company="$Company$" Location="$Location$" | dedup Company | table Company
... View more
09-02-2024
02:36 AM
Dropdown is also dynamically populated from sample.csv file. Yes if i select multiple from dropdown. it should display accordingly like DRDO, Bangalore for both conditions. This is actually i need to apply all over my other search results like Pie chart. table format. etc. that are displayed in my dashboard. But for now, I am trying to sort it out for single value count. so i can apply same logic for pie chart etc.
... View more
09-02-2024
12:57 AM
Sorry, I am a beginner. Where is the complete query. When i select a location Bangalore from drop down. The single value count for Final Status column should be displayed for that Location. If i select Company Name DRDO from dropdown, it should display Final Status single value count for that company. Eg: Single value count for Bangalore location is 3. Single value count for Company DRDO is 1.
... View more
09-01-2024
11:44 PM
I have a sample data pushed to Splunk as below: Help me with Splunk query where I want only unique server names with final status as second column. compare both horizontally & vertically for each server second column status, The condition is if any of the second column value is No for that server then consider No as final status for that server, if all the second column values are Yes for a Server, then consider that server final status as Yes. sample.csv: ServerName, Status, Department, Company, Location Server1,Yes,Government,DRDO,Bangalore Server1,No,Government,DRDO,Bangalore Server1,Yes,Government,DRDO,Bangalore Server2,No,Private,TCS,Chennai Server2,No,Private,TCS,Chennai Server3,Yes,Private,Infosys,Bangalore Server3,Yes,Private,Infosys,Bangalore Server4,Yes,Private,Tech Mahindra,Pune Server5,No,Government,IncomeTax India, Mumbai Server6,Yes,Private,Microsoft,Hyderabad Server6,No,Private,Microsoft,Hyderabad Server6,Yes,Private,Microsoft,Hyderabad Server6,No,Private,Microsoft,Hyderabad Server7,Yes,Government,GST Council,Delhi Server7,Yes,Government,GST Council,Delhi Server7,Yes,Government,GST Council,Delhi Server7,Yes,Government,GST Council,Delhi Server8,No,Private,Apple,Bangalore Server8,No,Private,Apple,Bangalore Server8,No,Private,Apple,Bangalore Server8,No,Private,Apple,Bangalore Note : The Department, Location & Company is same for any given server, Only Server status differs for each row of the server. I already have a query to get the Final Status for a server. Below query gives me unique Final status count of each server. | eval FinalStatus = if(Status="Yes", 1, 0) | eventstats min(FinalStatus) as FinalStatus by ServerName | stats min(FinalStatus) as FinalStatus by ServerName | eval FinalStatus = if(FinalStatus=1, "Yes", "No") | stats count(FinalStatus) as ServerStatus But what I want is I have a 3 dropdown on the top of the classic dashboard where 1. Department 2. Company 3. Location - Dropdown list Whenever I select a department, or Company or Location from any of the dropdowns, I need to get the Final Status count of each server based on any of the fields search. For say, If Bangalore is selected from Location dropdown, I need to get the final status count for a servers. if i search a Company DRDO from dropdown, I should be able to get final status count for servers based on company. I think its like | search department="$department$" Company="$Company$" Location="$Location$" Please help with spunk query.
... View more
Labels
09-01-2024
06:41 AM
Table ServerName, Final Status is not necessary here. What i want is whenever i search based on department, Company, Location, I should get the count of servers unique in its status. based on condition i mentioned above. If any No in status, then everything to that server status is no. If all status column value are Yes, then only its Yes. So now. I want to display count of Status based on search department, or Company or Location. Provide the Final Status count for a server, based search of any of the above fields. Note Final status should be Unique for each server based on if else condition.
... View more
08-31-2024
11:01 PM
I have a sample data pushed to splunk as below: Help me with splunk query where I want only unique server names with final status as second column. compare both horizantally & vertically for each server second column status, if any of the second column value is No for that server then consider No as final status for that server, if all the second column values are Yes for a Server, then consider that server final status as Yes.
sample.csv: ServerName,Status,Department,Company,Location
Server1,Yes,Government,DRDO,Bangalore Server1,No,Government,DRDO,Bangalore Server1,Yes,Government,DRDO,Bangalore Server2,No,Private,TCS,Chennai Server2,No,Private,TCS,Chennai Server3,Yes,Private,Infosys,Bangalore Server3,Yes,Private,Infosys,Bangalore Server4,Yes,Private,Tech Mahindra,Pune Server5,No,Government,IncomeTax India, Mumbai Server6,Yes,Private,Microsoft,Hyderabad Server6,No,Private,Microsoft,Hyderabad Server6,Yes,Private,Microsoft,Hyderabad Server6,No,Private,Microsoft,Hyderabad Server7,Yes,Government,GST Council,Delhi Server7,Yes,Government,GST Council,Delhi Server7,Yes,Government,GST Council,Delhi Server7,Yes,Government,GST Council,Delhi Server8,No,Private,Apple,Bangalore Server8,No,Private,Apple,Bangalore Server8,No,Private,Apple,Bangalore Server8,No,Private,Apple,Bangalore
Output should looks similar to below:
ServerName,FinalStatus Server1,No Server2,No Server3,Yes Server4,Yes Server5,No Server6,No Server7,Yes Server8,No
The Status count of any server should show based on search of any of the fields Department, Company, Location. The Department , Company, Location value wont change for any given server. Only status value will change.
I already have a query to get the output. Below query gives me unique status of each server.
| eval FinalStatus = if(Status="Yes", 1, 0)
| eventstats min(FinalStatus) as FinalStatus by ServerName
| stats min(FinalStatus) as FinalStatus by ServerName
| eval FinalStatus = if(FinalStatus=1, "Yes", "No")
| table ServerName, FinalStatus
But what I want is whenever I search a department, or Company or Location, I need to get the Final Status count of each server based on these fields search. for say, based on Location search, I need to get the final status count for a servers. if i search a Company, I should be able to get final status count for servers based on company.
I think its like
| search department="$department$" Company="$Company$" Location="$Location$"
Please help with spunk query.
... View more
Labels
- Labels:
-
Classic dashboard
-
form
-
panel
-
single value
-
table
08-29-2024
09:36 AM
Its not working & not giving required output . below is my sample query:
index=abc laas_appId=XYZ source="/opt/var/directory/sample.csv" | dedup _raw | table ServerName,Status | eval FinalStatus = if(Status="Yes", 1, 0) | eventstats min(FinalStatus) as FinalStatus by ServerName | eval FinalStatus = if(FinalStatus=1, "Yes", "No") | table ServerName, FinalStatus
... View more
08-29-2024
06:12 AM
I have a sample data pushed to splunk as below: Help me with splunk query where I want only unique server names with final status as second column. compare both horizantally & vertically for each server second column status, if any of the second column value is No for that server then consider No as final status for that server, if all the second column values are Yes for a Server, then consider that server final status as Yes. sample.csv: ServerName,Status Server1,Yes Server1,No Server1,Yes Server2,No Server2,No Server3,Yes Server3,Yes Server4,Yes Server5,No Server6,Yes Server6,No Server6,Yes Server6,No Server7,Yes Server7,Yes Server7,Yes Server7,Yes Server8,No Server8,No Server8,No Server8,No Output should looks similar to below: ServerName,FinalStatus Server1,No Server2,No Server3,Yes Server4,Yes Server5,No Server6,No Server7,Yes Server8,No
... View more
- Tags:
- @reporting
Labels
- Labels:
-
Classic dashboard
-
single value
-
table
01-30-2024
05:46 AM
Result should get common in both databases and also unique/rest values from database2. Please help me with query. Databse1 Database2 Result A A A B B B C C C D E E E F F G G H H
... View more
01-30-2024
01:54 AM
Hi, I have database1 and database2, I have query1 to get the data from database1 and query2 to get data from database2. query3 to get unique values from databse2 which doesn't exist in database1. Now my requirement is to combine the common values in both the databases using a query1 & query2 and also unique values from query2 from database2 which doesn't exist in database1. Please provide me the Splunk query.
... View more
Labels
- Labels:
-
other
11-16-2023
03:40 AM
@ITWhisperer Yes that's right. Once in a week the the progress data file will be pushed to Splunk. So how can we compare previous week and this week data for Training completion percentage? So that i know the progress from the last week to this week. I can post a new question if needed 🙂
... View more
11-15-2023
11:44 PM
Thank you @ITWhisperer Can you also help me on how I can add another column "Previous week Training Completion%" So that I can compare what is the progress from previous week to present week Training completion.
... View more
11-09-2023
04:25 AM
I have a source file with comma separated fields, I have to create a table where I need combine and show statistics of different products. Data file fields - TeamName,EmploymentType,Skills,TrainingCompleted Source File data: TeamA,Contract,Java,Yes TeamA,Contract,DotNet,No TeamA,Contract,C++,Yes TeamA,Contract,ReactJS,No TeamB,Permanent,Java,Yes TeamB,Permanent,DotNet,No TeamB,Permanent,C++,Yes TeamB,Permanent,ReactJS,No TeamC,Contract,Java,Yes TeamC,Contract,DotNet,No TeamC,Contract,C++,Yes TeamC,Contract,ReactJS,No TeamD,Permanent,Java,Yes TeamD,Permanent,DotNet,No TeamD,Permanent,C,Yes TeamD,Permanent,ReactJS,No TeamE,Contract,Java,Yes TeamE,Contract,DotNet,No TeamE,Contract,Java,Yes Now the requirement is to create a table view of source file with below columns: TeamName EmploymentType Skills TrainingCompleted Team Appearance Training Completion% TeamA Contract Java,DotNet,ReactJS,C++ 2 4 50% TeamB Permanent Java,DotNet,ReactJS,C++ 2 4 50% TeamC Contract Java,DotNet,ReactJS,C++ 2 4 50% TeamD Permanent Java,DotNet,ReactJS,C 2 4 50% TeamE Contract Java,Dotnet 2 3 67% Please give me the exact query. I am beginner in Splunk.
... View more
Labels
- Labels:
-
dashboard
-
Dashboard Studio
-
table
09-22-2022
03:12 AM
@gcusello Would you please provide the exact query formation from my individual queries to create a table from multiple single values. I am a beginner here and no idea of what your trying to explain.
... View more
09-22-2022
12:26 AM
@gcusello Actually its different search query. I have given it this way. But, I want to combine all single value queries to form a single table as pasted above just like an excel table. How can i do this? I am new to splunk. No previous experience. I would like to know the exact answer for the above queries. so that i can copy the same with different values.
... View more
09-21-2022
11:47 PM
Hi, I am creating a single value panel with different search query for each. I want to combine all these values into a table, It should look like an excel table in the splunk dashboard. My individual query for each single value wizard looks like below. I want to combine all these queries and form a table with values. 1. index=abcd laas_appID=xyz OSBUILD=Linux3.1 | where OSVendor="Redhat" | stats count by OSBUILD 2. index=abcd laas_appID=xyz OSBUILD=Linux3.2 | where OSVendor="Redhat" | stats count by OSBUILD 3. index=abcd laas_appID=xyz OSBUILD=Linux3.3 | where OSVendor="Redhat" | stats count by OSBUILD 4. index=abcd laas_appID=xyz OSBUILD=Linux3.1 | where OSVendor="Ubuntu" | stats count by OSBUILD etc 5. index=abcd laas_appID=xyz OSBUILD=Linux3.1 | where OSVendor="Solaries" | stats count by OSBUILD etc Table shoud look Like the below in dashboard: OS Type Redhat Ubuntu Solaris Linux 3.1 12 84 54 Linux 3.2 13 45 123 Linux 3.3 56 658 678
... View more
Labels
- Labels:
-
Dashboard Studio
-
panel
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-08-2024
10:45 AM
|
