Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About smuderasi
smuderasi
Explorer
Member since:
07-25-2017
11-21-2022
Community Statistics
| Posts | 15 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 2 |
| Member Since | 07-25-2017 |
Activity Feed
- Got Karma for triellis not working in pdf export. 04-14-2021 02:49 AM
- Karma Re: Enabled Alerts List for inventsekar. 10-23-2020 12:26 AM
- Got Karma for Enabled Alerts List. 10-22-2020 09:20 PM
- Posted Enabled Alerts List on Alerting. 10-22-2020 06:40 PM
- Posted Alert Set up on Alerting. 07-13-2020 08:45 PM
- Karma Re: subsearch fields do not appear in the table command.. for DalJeanis. 06-05-2020 12:49 AM
- Karma Re: using field name in like command for woodcock. 06-05-2020 12:49 AM
- Posted Re: When I click on my calendar visualization drilldown, why does it direct to a search instead of my dashboard? on Dashboards & Visualizations. 12-05-2018 06:01 AM
- Posted When I click on my calendar visualization drilldown, why does it direct to a search instead of my dashboard? on Dashboards & Visualizations. 12-03-2018 11:20 PM
- Tagged When I click on my calendar visualization drilldown, why does it direct to a search instead of my dashboard? on Dashboards & Visualizations. 12-03-2018 11:20 PM
- Tagged When I click on my calendar visualization drilldown, why does it direct to a search instead of my dashboard? on Dashboards & Visualizations. 12-03-2018 11:20 PM
- Posted Re: triellis not working in pdf export on All Apps and Add-ons. 07-31-2018 02:55 AM
- Posted triellis not working in pdf export on All Apps and Add-ons. 07-31-2018 12:47 AM
- Tagged triellis not working in pdf export on All Apps and Add-ons. 07-31-2018 12:47 AM
- Posted subsearch fields do not appear in the table command.. on Splunk Search. 09-06-2017 03:30 AM
- Tagged subsearch fields do not appear in the table command.. on Splunk Search. 09-06-2017 03:30 AM
- Tagged subsearch fields do not appear in the table command.. on Splunk Search. 09-06-2017 03:30 AM
- Tagged subsearch fields do not appear in the table command.. on Splunk Search. 09-06-2017 03:30 AM
- Posted Re: Unable to eval correct epoch time on Splunk Search. 08-22-2017 05:08 AM
- Posted Unable to eval correct epoch time on Splunk Search. 08-22-2017 04:27 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-22-2020
06:40 PM
1 Karma
All my Splunk Alerts got disabled due to a wrong config , I want to get the list of enabled alerts prior to the issue for me to re-enable them manually. Any pointers how can i get the list of enabled alerts prior to the issue ( i am aware of the date the wrong config went into system).
... View more
Labels
- Labels:
-
alert condition
07-13-2020
08:45 PM
I want to set up an alert when the server status is not "HEALTH_OK" for three consecutive times in a row. Any pointers on how to schedule such search. I receive data every two minutes. Send Alert If Comments/Alert Frequency Status is not "RUNNING" or State is not "HEALTH_OK" for 3 times consecutively 1 alert every 2 min, for first 10 min, then 1 alert every 30 min
... View more
Labels
- Labels:
-
alert condition
12-05-2018
06:01 AM
the edit drilldown is greyed 😞
... View more
12-03-2018
11:20 PM
calendar visualization drilldown not working.. Below is my source code, When i click on the cell it directs to search instead of dashboard
Calendar
<panel>
<viz type="calendar_app.calendar">
<search>
<query>| inputlookup ******| eval _time=strptime(Date,"%m/%d/%Y")
| timechart span=1d dc(Bill_Run) as Bill_Run
-24h@h
now
True
***************
... View more
07-31-2018
02:55 AM
this way i need to add each panel manually when ever there is change in the month.. I need this to be automatic
... View more
07-31-2018
12:47 AM
1 Karma
I have a lookup with fields as below which gets populated from a scheduled report for over an year , I need to have each graph for each month auto generated when month differs. I used triellis it worked, BUt could not generate the pdf out of it due to limitation. Can someone suggest me the alternative.
CALLDATE CALLS DURATION month
20180601 7893 613054 201806
... View more
- Tags:
- multipanel
09-06-2017
03:30 AM
What is wrong with this search:
host="**" source="*BIP*" NOT source="*BIP98*" NOT source="*BIP99*" |eval path=mvindex(split(source,"-"),0) |
eval thread=mvindex(split(path,"/"),-1) |search "BIP CONTROL" | search "TASK MODE: 0" |
eval EXECUTION_DATE=strftime(strptime(EXECUTION_DATE,"%d %b %Y"),"%Y.%m.%d") | rex "TOTAL\s+ACCOUNTS\s+QUEUED:\s+(?[^,\s]+)" |
rex "TOTAL\s+SUCCESSFULLY\s+PROCESSED:\s+(?[^,\s]+)" | rex "TOTAL\s+LOCKED/SKIPPED:\s+(?[^,\s]+)"|
rex "TOTAL\s+IN\s+ERROR:\s+(?[^,\s]+)" |
rex "MISSING\n\W+\s+\W+\s+\W+\s+\W+\s+\W+\s+\W+\s+\W+\s+\W+\s+\W+\s+\W+\s+\W+\s+\W+\s+\W+\n(?[^,\s]+)" |stats sum(total_accounts)
as Total_Accounts,sum(processed) as Total_Successful,sum(skipped) as "Total_Skipped",sum(error) as "Total_Error" by Bill_run,EXECUTION_DATE
| where Bill_run like "%M%" |
appendcols
[search host="****" sourcetype="kenan_pst" | where source like "%pst_pe_arb_bil_run_bip%" |
eval date=mvindex(split(mvindex(split(source,"/"),-1),"_"),6) | stats earliest(_time) as first_event latest(_time) as
last_event by source ,date | eval first_event=strftime(first_event,"%H:%M:%S") | eval last_event=strftime(last_event,"%H:%M:%S")
| eval time_diff=strptime(last_event,"%H:%M:%S") - strptime(first_event,"%H:%M:%S")
| table time_diff date]
| table Bill_run EXECUTION_DATE Total_Accounts Total_Successful Total_Skipped Total_Error time_diff date
... View more
08-22-2017
04:27 AM
host=*****| eval Time="17:00:00"|eval Time2="13:00:00" |eval Time=strptime(Time,"%H:%M:%S") |eval Time2=strptime(Time2,"%H:%M:%S") | table Time Time2
is giving the epoch time as
Time :1503327600.000000
Time2 :1503399600.000000
when I do a comparison of Time>Time2 is returning wrong result since the epoch is Time2 is greater.
Please help.
... View more
I need count of each Patterns matching the source
... View more
Here is my search, which does not return anything 😞 .The "source like Patterns" is not working.
index=cio_billing host=amsokennl01 | eval Day=strftime(now(),"%a") | lookup job_schedule2 Day as Day OUTPUT Pattern as Patterns | where source like Patterns | stats count as actual_count BY Patterns | table Patterns source Day actual_count
Pattern:
%arb_usg_mps%06%
arbor_collections
pst_nl_arb_payment_processing
%arbor_collections%16.30%
%arb_pay_emergency_payments%
%arb_usg_mps%12%
Source:
pst_pe_arb_usg_mps_2017.08.13_06.30.13.log
pst_pe_arbor_collections_2017.08.14_02.00.06.log
... View more
08-02-2017
08:10 AM
host=dummy | eval Pattern='arb_usg_mps%06' | where like (source,'%Pattern%')
doesnot work . can you help what's wrong in this? But events do exists.
... View more
- Tags:
- splunk-enterprise
07-28-2017
08:15 AM
Thanks for the reply.. This doesnot give me the sourcetype which has not executed I mean which donot have any events
host="amsokennl01" | fields _time sourcetype
| eval runstate="executed"
| appendpipe [ | stats values(_time) as rundays values(sourcetype) as sourcetype | eval runstate ="not executed" | mvexpand sourcetype | mvexpand rundays | rename rundays as _time]
| stats min(runstate) as runstate by sourcetype _time
| eval runday=strftime(_time,"%a") | dedup runday sourcetype runstate
| table runday sourcetype runstate
... View more
07-28-2017
06:18 AM
I want to implement job monitoring use case. Check the events of a process from a particular server and display result as executed if events exists and if no events exists as not executed.
NOt all jobs are meant to execute on every day so there is a business schedule.
I have fed the schedule in look up file as below :
LOG Day
kenan_usage Sun
kenan_usage Mon
kenan_usage Tue
kenan_usage Wed
kenan_usage Thu
kenan_usage Fri
kenan_usage Sat
kenan_collections Sun
kenan_collections Mon
kenan_collections Tue
kenan_collections Wed
kenan_collections Thu
kenan_collections Fri
kenan_collections Sat
kenan_payment Mon
kenan_payment Tue
kenan_payment Wed
kenan_payment Thu
kenan_payment Fri
So when I write a search as "host="amsokennl01" | eval my_day=strftime(now(), "%a") | lookup job_schedule2 Day as my_day OUTPUT LOG | mvexpand LOG | where sourcetype=LOG |dedup LOG | append [ search host="amsokennl01" | eval my_day=strftime(now(), "%a") | lookup job_schedule2 Day as my_day OUTPUT LOG | mvexpand LOG | eval sourcetype1=sourcetype | where sourcetype1=LOG | stats count by sourcetype1 | fields + count sourcetype1 ] | table LOG sourcetype1 count "
its not giving me correct results.
Please help me the best way to implement this use case.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-21-2022
01:38 AM
|
