Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Vicky84
Vicky84
Explorer
Member since:
10-28-2016
09-15-2020
Community Statistics
| Posts | 13 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 10-28-2016 |
Activity Feed
- Posted Re: How to exclude writing existing result to Splunk lookup table. on Splunk Search. 08-28-2020 12:35 AM
- Posted Re: How to exclude writing existing result to Splunk lookup table. on Splunk Search. 08-27-2020 01:23 AM
- Posted Re: How to exclude writing existing result to Splunk lookup table. on Splunk Search. 08-26-2020 06:57 AM
- Posted How to exclude writing existing result to Splunk lookup table. on Splunk Search. 08-26-2020 05:30 AM
- Got Karma for How to search the top users and compare the usage stats of those users with the previous two days?. 06-05-2020 12:48 AM
- Posted Extract a number before a string on Splunk Search. 10-25-2017 03:24 PM
- Tagged Extract a number before a string on Splunk Search. 10-25-2017 03:24 PM
- Tagged Extract a number before a string on Splunk Search. 10-25-2017 03:24 PM
- Tagged Extract a number before a string on Splunk Search. 10-25-2017 03:24 PM
- Posted Re: How to check if load is equally distributed on the host and create an alert? on Alerting. 09-20-2017 11:26 AM
- Posted Re: How to check if load is equally distributed on the host and create an alert? on Alerting. 09-20-2017 11:16 AM
- Posted How to check if load is equally distributed on the host and create an alert? on Alerting. 09-19-2017 03:27 PM
- Tagged How to check if load is equally distributed on the host and create an alert? on Alerting. 09-19-2017 03:27 PM
- Tagged How to check if load is equally distributed on the host and create an alert? on Alerting. 09-19-2017 03:27 PM
- Tagged How to check if load is equally distributed on the host and create an alert? on Alerting. 09-19-2017 03:27 PM
- Posted Re: How to search the top users and compare the usage stats of those users with the previous two days? on Splunk Search. 12-15-2016 10:21 AM
- Posted Re: How to search the top users and compare the usage stats of those users with the previous two days? on Splunk Search. 12-14-2016 03:06 PM
- Posted How to search the top users and compare the usage stats of those users with the previous two days? on Splunk Search. 12-13-2016 03:02 PM
- Tagged How to search the top users and compare the usage stats of those users with the previous two days? on Splunk Search. 12-13-2016 03:02 PM
- Tagged How to search the top users and compare the usage stats of those users with the previous two days? on Splunk Search. 12-13-2016 03:02 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 |
08-28-2020
12:35 AM
Oh I was missing "|search" thanks !
... View more
08-27-2020
01:23 AM
@to4kawa It is first one, as NOT is put after doing spath or rex. Need to exclude apiCallerID that are already in lookup table index=test sourcetype=stats earliest=-5m@m latest=-0m@m| kv
| spath input=Response {} output=response
| stats count by response
| spath input=response
| fields - count response
NOT
[|inputlookup LookuptableGeneratorForDSIDByTestID.csv| fields apiCallerID]
... View more
08-26-2020
06:57 AM
@to4kawa with or without path, how do you use "NOT" to exclude records from lookuptable. Only after massaging the result data with rex ors path, I will get the userID and post that NOT is not working or I am missing something. please correct
... View more
08-26-2020
05:30 AM
I want to keep updating new records to Splunk lookup table and not writing records again for existing users, even if they come in search results. Lookup table structure : apiCallerID, ticketId My base search query is having mvexpand, mvindex & rex commands and then table so when I do "NOT" it does not allow me to any other way or corrections. index=test sourcetype=stats earliest=-5m@m latest=-0m@m| eval temp=ltrim(Response,"[") | eval temp1=rtrim(temp, "]") | eval temp2=split(temp1,"}")| mvexpand temp2| eval temp3=ltrim(temp2,",") | eval testData=mvindex(temp3,-1) | rex field= testData "userID:\s(?<apiCallerID>\d+)" | table apiCallerID NOT [|inputlookup LookuptableGeneratorForDSIDByTestID.csv| fields apiCallerID] Basically if the user is not there I want to add a ticket id along with user in lookup table and in future system will use this to raise any new tickets and prevent duplicate tickets for the existing user.
... View more
10-25-2017
03:24 PM
Completely New to regex, I have a log as below and wanted to extract the percentage i.e. "28" and then check it with threshold limit.
10A 4.5A 4.2A 28% /text/path
... View more
09-20-2017
11:26 AM
May be in a larger context what you are referring may mean more sense and to monitor OS stats but I am not well versed in that and something like below Splunk query would do the task for me.
... View more
09-19-2017
03:27 PM
Hi,
We generally raise tickets in Prod through Splunk by putting search query as Report/Alert and now we have a requirement to alert if the load is not equally distributed b/w the hosts. With the top command I see result is in % but I wasn't able to use it in where cause to calculate the deviation.
Say we have 4 hosts sharing an app and ideally it should be almost equal distribution but in unwanted scenario if load is lesser in Prod on one of the host Or higher on a host, I should have an alert.
log ex : index=data loggerName="xyzzy" threadName="thread1" appName="dataSync"
... View more
12-15-2016
10:21 AM
Hi Nabeel,
It gives results for today but I don't get any result for yesterday if I use this query, can you suggest if there is a way to do so.
My requirement is like :
if X & Y are the top api users for today, get their stats for today & compare from last 2 days
Report :
user (today) (yesterday) (2days earlier)
x 62334 2330 3330
y 46646 44444 414442
So, report will tell X is behaving exceptionally(his today's usage has jumped) while y is a normal usage as his trend has not changed.
... View more
12-14-2016
03:06 PM
Hi Nabeel, That is fine but I want to use the same userID which was highest today and get the stats from previous day for the SAME userID, to compare the stats from last day
... View more
12-13-2016
03:02 PM
1 Karma
I have the search below to pull out the count of users for today & last two days.
I want to modify this to pull the top users and compare the usage stats of those users from the previous two days. I tried with the top command, but I guess I am doing something wrong :
index=apiUser earliest=-d@d | eval timeframe=case(_time>relative_time(now(), "@d"), "Today",_timerelative_time(now(), "-1d@d"), "1 days") | chart count(userID) over userID by timeframe
userID - is the unique user Id of a person using the services
api - is the name of api that he is using (one user can call multiple api's & I am interested in his(10 top users) total count for a day)
... View more
12-12-2016
05:12 PM
Thanks sundareshr.
This gives me a quite a good result I was expecting but can you also tell if there is a way to get only the top users stats in the similar report (don't want all the users result pulled). Like if X is the top api user of today, I want to compare his stats for last to 2 days, to see if there is any spike in the same query/report.
... View more
10-28-2016
04:46 PM
Sorry I am new to Splunk and wondering if can have the report that gives results in a table as below,
data as :
index=api serviceName=find userId=7878
index= api serviceName=find userId=7877
index= api serviceName=find userId=7878
index= api serviceName=person userId=7878
Result should be like :
a) table A : serviceName, count of (unique userId's)
b) Also if its possible to have the result of table A for 1 day, 7 day, 30 days
Please provide the queries also.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-15-2020
05:06 AM
|
