Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About danielrusso1
danielrusso1
Path Finder
Member since:
05-04-2012
06-05-2020
Community Statistics
| Posts | 20 |
| Solutions | 1 |
| Karma Given | 1 |
| Karma Received | 12 |
| Member Since | 05-04-2012 |
Activity Feed
- Got Karma for How to convert Hex to Ascii in Splunk?. 12-22-2020 04:21 PM
- Got Karma for Why am I getting "invalid cron" errors using a cron schedule to stagger scheduled searches in Splunk 6.1.3?. 06-05-2020 12:47 AM
- Got Karma for Re: Why am I getting "invalid cron" errors using a cron schedule to stagger scheduled searches in Splunk 6.1.3?. 06-05-2020 12:47 AM
- Got Karma for How to convert Hex to Ascii in Splunk?. 06-05-2020 12:47 AM
- Got Karma for How to convert Hex to Ascii in Splunk?. 06-05-2020 12:47 AM
- Got Karma for How to convert Hex to Ascii in Splunk?. 06-05-2020 12:47 AM
- Karma Re: How does Splunk choose events to scan? for Ayn. 06-05-2020 12:46 AM
- Got Karma for Insert 90th Percentile as Horizontal Line on Timechart. 06-05-2020 12:46 AM
- Got Karma for Insert 90th Percentile as Horizontal Line on Timechart. 06-05-2020 12:46 AM
- Got Karma for Insert 90th Percentile as Horizontal Line on Timechart. 06-05-2020 12:46 AM
- Got Karma for Insert 90th Percentile as Horizontal Line on Timechart. 06-05-2020 12:46 AM
- Got Karma for Insert 90th Percentile as Horizontal Line on Timechart. 06-05-2020 12:46 AM
- Got Karma for Insert 90th Percentile as Horizontal Line on Timechart. 06-05-2020 12:46 AM
- Posted If a field's count drops to a certain number below the alert condition threshold after being triggered, will the throttle timer reset? on Alerting. 02-25-2015 01:58 PM
- Tagged If a field's count drops to a certain number below the alert condition threshold after being triggered, will the throttle timer reset? on Alerting. 02-25-2015 01:58 PM
- Tagged If a field's count drops to a certain number below the alert condition threshold after being triggered, will the throttle timer reset? on Alerting. 02-25-2015 01:58 PM
- Tagged If a field's count drops to a certain number below the alert condition threshold after being triggered, will the throttle timer reset? on Alerting. 02-25-2015 01:58 PM
- Tagged If a field's count drops to a certain number below the alert condition threshold after being triggered, will the throttle timer reset? on Alerting. 02-25-2015 01:58 PM
- Posted Re: Why am I getting "invalid cron" errors using a cron schedule to stagger scheduled searches in Splunk 6.1.3? on Reporting. 10-31-2014 11:47 AM
- Posted Re: Why am I getting "invalid cron" errors using a cron schedule to stagger scheduled searches in Splunk 6.1.3? on Reporting. 10-31-2014 10:11 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 4 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 6 |
02-25-2015
01:58 PM
I am configuring throttling for a Splunk alert. I have it set to generate an alert for each event, and am throttling for 8hrs on a particular field.
How sophisticated is Splunk's Alert Throttling?
For example:
An alert is generated for the field queuename when count > 0. Queue1's count rises to 1, and an alert is generated. Throttling says another alert for queuename Queue1 will not be generated for 8 hours.
However, what if Queue1's count drops to zero after 1 hour. An hour after that (2 hours total), it rises to 3000. Will an alert be generated? Or will the throttle applied earlier still apply?
In essence, I guess I'm asking if the throttle timer is reset if a field comes out of alarm.
... View more
10-31-2014
11:47 AM
hoping to move to the cloud shortly, that should do it!
... View more
10-31-2014
10:11 AM
Alerts view does not work. Searches, reports, and alerts view does.
... View more
10-30-2014
06:06 AM
Well, the work-around looks like it's working, but the bug still exists, and it is inconvenient.
... View more
10-29-2014
02:08 PM
1 Karma
obviously 🙂
Looks like there could be a bug:
http://answers.splunk.com/answers/139412/scheduling-report-error.html
a212830 gravatar imagea212830 · Jun 10 at 01:07 PM
Turned out to be a bug - you can enter the cron entry via searches-reports and it will work.
I'm finding this work-around works.
... View more
10-29-2014
01:55 PM
What version are you on? I am on 6.1.3
... View more
10-29-2014
01:46 PM
a212830 can you elaborate? I'm having the same issue. When you say you can enter the cron entry via searches-reports, what do you mean?
... View more
10-29-2014
01:37 PM
1 Karma
I'm trying to stagger my scheduled searches in order to spread out resource utilization (20% of searches on the hour, 20% 1 minute after, 20% two minutes after etc.).
I should be able to use cron to accomplish this. There is even an existing Answer that addresses this:
http://answers.splunk.com/answers/118757/scheduling-alerts-via-cron.html
However, I get an "Invalid cron" error when attempting to user the following notation:
*/5 * * * *
1-59/5 * * * *
2-59/5 * * * *
3-59/56 * * * *
4-59/5 * * * *
This should work as well, it is a valid expression, but I get the same Splunk error:
*/5
1/5
2/5
3/5
4/5
What should I do here?
... View more
08-20-2014
11:18 AM
4 Karma
I have a hex value that i need to convert to ascii. is there a way to do this in splunk?
string-value=0x4c617374206f627365727665642076616c756520666f7220526f6c6c6261636b205472616e73616374696f6e73202025203a2031330a20204f627365727665642074696d653a204175672031392c203230313420323a34313a333720504d0a2020526f6c6c6261636b205472616e73616374696f6e73203a20352e320a20205472616e73616374696f6e7320203a2035382e340
convert to:
Last observed value for Rollback Transactions % : 13
Observed time: Aug 19, 2014 2:41:37 PM
Rollback Transactions : 5.2
Transactions : 58.4
... View more
04-03-2014
02:25 PM
ah, of course. thanks!
... View more
04-03-2014
02:16 PM
I would like to take a large epoch time (8492963) and convert it into Days:Hours:Minutes:Seconds (for example 98:07:09:23).
Is there a command to execute this, or does it all need to be done using simple math?
... View more
08-21-2013
07:46 AM
My graph would have CPU on the Y-axis, and response time on the X-axis, plotting values of response time against CPU, independent of time.
How would this be done?
... View more
08-21-2013
07:46 AM
So if my data were:
_time RTime CPU
1:00:00 530ms 50%
1:00:10 700ms 75%
1:00:20 200ms 35%
1:00:30 210ms 37%
1:00:40 600ms 60%
1:00:50 1100ms 98%
1:01:00 650ms 65%
1:01:10 150ms 30%
... View more
08-21-2013
07:46 AM
This produces a chart with both values graphed over a given time period (as intended).
What I am looking to do is chart the page response time for a given CPU utilization.
... View more
08-21-2013
07:45 AM
host=server1 sourcetype="iis"
| bin _time span=10s
| stats avg(time_taken) as time1 by _time
| eval Time=time1/1000
| append
[search host=server1 sourcetype="CPU Load" counter="% Processor Time" | bin _time span=10s | stats avg(Value) as CPU by _time]
| eval series="CPU, Time"
| makemv delim="," series
| mvexpand series
| eval Yvalue = if (series=="CPU", CPU, Time)
| timechart span=10s sum(Yvalue) as Y by series
... View more
08-21-2013
07:45 AM
This works the way you describe it, however I am looking for something slightly different.
First, some notes on your original answer. I did indeed need to scale my response time (from ms to s).
Secondly, CPU and response time are not available in the same events. I think I worked my way through this however. I end up with the following:
... View more
08-20-2013
08:49 AM
I would like to graph the average page response time vs CPU utilization on a specific server over a given time period.
What I envision is CPU utilization on the y-axis (ascending), with the corresponding response time on the x-axis (ascending as well).
Logic tells me you can associate these two values using the _time field.
If someone could point me in the right direction, I would appreciate it.
... View more
- Tags:
- _time
- graph
- statistics
07-30-2013
10:56 AM
You would think so, however the EventCode field appears in 100% of the results for the latter search.
... View more
07-30-2013
09:28 AM
How does Splunk determine which events to scan in order to find results?
For example, say I run a query to find a particular System log event code on a particular server (over a 7 day period):
index=main sourcetype="WinEventLog:System" host=server2 EventCode="33"
I get back 8178 results by scanning 8450 events.
How did Splunk choose the 8450 events to scan?
If I search the total number of System log events over the same period (regardless of event code):
index=main sourcetype="WinEventLog:System" host=dtweb2p*
I get back 10,000 results by scanning 14,589 events.
I understand why I received more results obviously. What I do not understand is why they universe on which Splunk searched increased as well. To me it would seem logical that the number of System log events to search on would be the same.
... View more
05-04-2012
07:19 AM
6 Karma
New to Splunk, need some help.
I would like to build a timechart that does the following:
Graphs average response over a timeframe in hourly increments
Inserts a horizontal line representing the 90th percentile value for response time over the entire period.
I have the average response time taken care of I think:
| timechart avg(time_taken) span=1h
Any ideas?
... View more
- Tags:
- timechart
