Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: how to get a search results in ascending order...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
marees123
Path Finder
01-06-2015
03:15 AM
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
01-06-2015
03:49 AM
Hi marees123,
how about something like this:
*swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex "(?i)changed state to (?P.+)" | table host, AnInterface, UpDown, _time | sort +_time
or
*swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex "(?i)changed state to (?P.+)" | table host, AnInterface, UpDown, _time | reverse
or
*swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex "(?i)changed state to (?P.+)" | chart values(AnInterface) AS AnInterface values(UpDown) AS UpDown over _time by host
hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
01-06-2015
03:49 AM
Hi marees123,
how about something like this:
*swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex "(?i)changed state to (?P.+)" | table host, AnInterface, UpDown, _time | sort +_time
or
*swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex "(?i)changed state to (?P.+)" | table host, AnInterface, UpDown, _time | reverse
or
*swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex "(?i)changed state to (?P.+)" | chart values(AnInterface) AS AnInterface values(UpDown) AS UpDown over _time by host
hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
marees123
Path Finder
01-28-2015
11:00 PM
Hi Mus,
I'm using the below query as you suggested,
*swt* "changed state to" */*/* | rex "(?i) Interface (?P[^,]+)" | rex "(?i)changed state to (?P.+)" | table host, AnInterface, UpDown, _time | sort -_time | reverse
Could any one please provide the script, so that splunk will send the below logs to netcool.
data1swt0001 GigabitEthernet1/0/1 down 2015-01-24 23:48:38
data1swt0001 GigabitEthernet1/0/1 down 2015-01-24 23:48:38
data1swt0001 GigabitEthernet1/0/1 up 2015-01-24 23:52:08
data1swt0001 GigabitEthernet1/0/1 up 2015-01-24 23:52:08
Thanks....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
marees123
Path Finder
01-06-2015
04:12 AM
its working perfect... thanks a ton.......
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
01-06-2015
04:16 AM
you're welcome 😉
Get Updates on the Splunk Community!
Troubleshooting the OpenTelemetry Collector
In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...
Adoption of Infrastructure Monitoring at Splunk
Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...
Modern way of developing distributed application using OTel
Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...
