Hi I am trying to use earliest and latest on Date time Could you please advise the right format to use , i am not sure the below spl format is correct Event Code="1234" AND earliest="5/8/2024:10:07:20" latest="5/8/2024:10:17:20
... View more
Splunk search " EventCode="4688" AND earliest="5/8/2024:10:07:20" latest="5/8/2024:10:17:20 " Could you please the time search is correct
... View more
Hi Deepak
I am bit confused using the time command
Filed name - event.Properties.duration
How do i execute this in the command.
I tried the below but sure i am missing something
index=testing | "event.Properties.duration"="*"
| makeresults
| eval millis_sec = 5000
| eval seconds = millis_sec/1000
| table millis_sec, seconds
... View more
Hi Team
How to convert millsec value to seconds
index=testing | timechart max("event.Properties.duration")
Can anyone helps to with spl query search converting value millsec value to seconds
... View more
Hi Thanks for the responce yes, i have gone through aggregate function, could you please help how to implement in the code Exp 1 - chart eval(avg(size)/max(delay)) AS ratio BY host user OR timechart eval(round(avg(cpu_seconds),2)) BY processor
... View more
Create a composite field with the two labels concatenated and count by that I am not sure how to create composite filed, could you please advice on this please
... View more
Hi Team Can anyone help me with Splunk search query to split the successful login from invalid? Ex - I want to exclude OK from the search, want to see only the locket out, invalid, invalid parameter Thanks
... View more
Hi Can anyone help me with below query I have created a pie chart based on the error message, however i am not sure how to add country along index=test | iplocation Properties.ip | dedup Properties.ip | stats count by event.Properties.errMessage
... View more
The below 2 commands are not working | `histogram("event.Properties.duration", 31)` bin "$var$" bins=$bins$ | stats count by "$var$" | makecontinuous "$var$" | fillnull count What type of graph or visualization would you like to create? Just want to create a dashboard tile to show the metric
... View more
Hi All Anyone can confirm is there any prebuilt dashboard available for SAP - customer data cloud. If no pre-built dashboard, then how would i like to pull all the logs from the SAP system to monitor infrastructure metrics in splunk dashboard Note - Currently i have enabled all the logs are sent via connector, however i cant see end point logs
... View more
yes i can see the output in the column from the below search source=*metrics.log group=per_index_thruput earliest=-1w@d latest=-0d@d | timechart span=1d sum(kb) as Usage by series | eval Usage = round(Usage /1024/1024, 3) How do i convert the column into GB value , also when i filter last 30 days i am able to see only last 7 days instead 30 days. How do i fix this issue Note - When i specify the index , like for example index=aws i am not getting any search result from the search query ?? Thanks
... View more
Hi Team I tried the below search but not getting any result, index=aws component=Metrics group=per_index_thruput earliest=-1w@d latest=-0d@d | timechart span=1d sum(kb) as Usage by series | foreach * [eval <<FIELD>>=round('<<FIELD>>'/1024/1024, 3)]
... View more
Sorry, i am trying to achieve the same output which i have used with eval apply the same concept for the dashboard studio. Not sure how do i edit t
... View more