cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Kaand
Explorer
Member since: ‎10-01-2020
‎10-14-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎10-01-2020
Activity Feed
View All

Re: Transaction using datamodel

by in Splunk Search
‎10-13-2020 10:57 PM
‎10-13-2020 10:57 PM
Well i may be wrong about transaction, but let me clarify what i need by giving examples. Lets say that i have data as follows: Event ID Time Source Destination 1 08:00:00 S1 D1 2 08:00:45 S1 D1 3 08:01:30 S1 D1 4 08:02:31 S1 D1   By using transaction i want to group Event ID 1, 2 and 3.  Because, the time difference between consecutive events are less than 1min. Here is my desired output: Transaction ID Source Destination Duration   1 S1 D1 90   2 S1 D1 0     Shouldn't transaction command do that? Am i missing something? ... View more

Windows File Server integration with Splunk

by in Getting Data In
‎10-05-2020 02:26 AM
‎10-05-2020 02:26 AM
Hello, What is the best third party app to monitor Windows File Server event logs such as (file read, file creation, permission modification etc.)? I want my file server logs to be simplified and organized.     ... View more
Labels

Re: Post processing gives incorrect results

by in Splunk Search
‎10-01-2020 11:01 PM
1 Karma
‎10-01-2020 11:01 PM
1 Karma
Actually if a merge basesearch1 and 2 into one basesearch and use the postprocess after that, the result i get from the post process is fairly similar to the results i get from the search without basesearch (but not the same).  Therefore, i think the problem must be a resource or a limit issue. I believe somehow the basesearch or the post process search cuts the job in the middle of the search. ... View more

Post processing gives incorrect results

by in Splunk Search
‎10-01-2020 07:56 AM
1 Karma
‎10-01-2020 07:56 AM
1 Karma
Hello Everyone, I am new to the splunk and this community. I have searched everyone for my problem but i could not figure out what is wrong. Basically i am using base search and post process search for a dashboard.  My base search is something like this:     <search id="basesearch1"> <query>index=index1 | fields field1, field2</query> <earliest>-24h@h</earliest> <latest>now</latest> </search>     my second base search that uses first base search:     <search base="basesearch1" id="basesearch2"> <query>search field1=value1</query> </search>     and finally the post process search is:     <search base="basesearch2"> <query>stats count(field1) as count by field2 | sort -count | head 5</query> </search>     When i apply it as a single search query like this there is no problem:     index=index1 | fields field1, field2 | search field1=value1 | stats count(field1) as count by field2 | sort -count | head 5     however, in the dashboard the count numbers does not match with the above search query. I used 2 base searches because in the same dashboard, I need to use basesearch1 and basesearch2 in different panels as well.  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-14-2020 12:02 AM
Karma from
View All