Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About vita86
vita86
Explorer
Member since:
04-20-2020
12-08-2020
Community Statistics
| Posts | 10 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 04-20-2020 |
Activity Feed
- Posted Re: How to delete sourcetype or source ? on Getting Data In. 10-14-2020 01:00 PM
- Posted How to delete sourcetype or source ? on Getting Data In. 10-14-2020 02:15 AM
- Posted Re: How to do to extract a particular value for a field on Dashboards & Visualizations. 07-28-2020 04:54 AM
- Posted Re: How to do to extract a particular value for a field on Dashboards & Visualizations. 07-28-2020 01:15 AM
- Posted Re: How to do to extract a particular value for a field on Dashboards & Visualizations. 07-28-2020 12:55 AM
- Posted Re: How to do to extract a particular value for a field on Dashboards & Visualizations. 07-27-2020 02:41 PM
- Posted How to do to extract a particular value for a field on Dashboards & Visualizations. 07-27-2020 08:31 AM
- Posted Re: How to exclude invoices with ID = 350 on Splunk Search. 04-22-2020 07:12 AM
- Posted Re: How to exclude invoices with ID = 350 on Splunk Search. 04-21-2020 12:32 AM
- Posted How to exclude invoices with ID = 350 on Splunk Search. 04-20-2020 01:00 PM
- Tagged How to exclude invoices with ID = 350 on Splunk Search. 04-20-2020 01:00 PM
- Tagged How to exclude invoices with ID = 350 on Splunk Search. 04-20-2020 01:00 PM
- Tagged How to exclude invoices with ID = 350 on Splunk Search. 04-20-2020 01:00 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
10-14-2020
01:00 PM
Thanks for your reply. I have this error message : Error in 'delete' command: You have insufficient privileges to delete events. How can I do please ? Thanks in advance
... View more
10-14-2020
02:15 AM
Hello, I added a file csv in splunk but the name is not correct for sourcetype. And i want to restart. now : source="test.csv" sourcetype="csv" I will want : source="test.csv" sourcetype="test" If i do this query, it's correct ? source="test.csv" sourcetype="csv" | delete it will delete test.csv file please ? thanks in advance. Regards, Viat
... View more
Labels
- Labels:
-
sourcetype
07-28-2020
04:54 AM
Hello @gcusello and @isoutamo Thank you very for your help and explanation, its working 🙂 I have other question, i have this extraction : ref action prices 1674822 sales 0 1674822 purchases 200 3062981 purchases 0 3062981 sales 0 in this case, I dont want purchases with prices = 0. If action=purchase prices=0 => the ref not display i want have just this : ref action prices 1674822 sales 0 1674822 purchases 200 As the ref 3062981 has purchase with price=0, it doesn't display. can you help me on the command to use please ? documentation ? Thanks in advance.
... View more
07-28-2020
01:15 AM
Giuseppe, Thanks for the advice "od double = and parenthesys" 🙂 but The commande doesn't display what i want : index=main sourcetype="*" action=purchase OR action=sales | eval prices=if(action="purchase" AND prices="200", "ok", prices) | where prices = "ok" | table action prices The result only displays purchase with prices = 200 but no sales. so I think i have a condition pour sales for example : index=main sourcetype="*" action=purchase OR action=sales | eval prices=if(action="purchase" AND prices="200", "ok", prices) | eval prices=if(action="sales" AND prices=*, "ok", prices) | where status = "ok" | table action prices type If it's not possible, i wiil do two extraction (one for purchases and other for sales). Thanks in avance.
... View more
07-28-2020
12:55 AM
Hello Giuseppe, I know this command but i wanted display in my table, i have purchases (just prices=200) and sales (all prices). For example this result : action prices date purchase 200 28072020 sales 50 05062020 sales 200 10092019 purchase 200 12102019 ..... i will add type purchases and sales for my extraction (action prices date type) Thanks in advance for your help.
... View more
07-27-2020
02:41 PM
Hello Giuseppe, Thank you very much for your answer and your help. I tried this command : index=main sourcetype="*" action=purchase OR action=sales | eval prices=if((action=="purchase") AND (prices=="200"), "ok", prices) | where prices = "ok" | table action prices but it doesn't work 😞 result : purchase ok whereas i want too have sales for example : purchase 200 sales 300 sales 50 ...... Thanks in advance
... View more
07-27-2020
08:31 AM
Hello, I need help please. For purchases field, I want to display that prices equal to 200. And for sales field, display all. index=main sourcetype="*" action=purchase OR action=sales Can you help me please ? send me a documentation or advice please ? Thanks in advance for your help.
... View more
Labels
- Labels:
-
table
04-21-2020
12:32 AM
Hello richgalloway,
thanks for your answer.
if i remove 350 in the where clause, i will have this :
128 261313851 screen
307 538601320 aquarium
but this 261313851 invoice is not correct for me because it's contains too id = 350 so i want just :
307 538601320 aquarium
.......
How can i do please ?
Thank you very much for your help and your advice.
... View more
04-20-2020
01:00 PM
Hello,
I'm training on splunk, I need help.
I have an invoice list, extracted via this query :
sourcetype="*_invoice"
| where in (id,350,128,307)
| table id invoice ProductType
Result :
350 261313851 phone
128 261313851 screen
307 538601320 aquarium
.....
But I have to exclude invoice number 261313851 because it contains id = 350.
How can I do please ? foreach and condition if ?
| Foreach invoice [eval status_invoice=if(id!=350, "ok", "ko")]
| where status_invoice= "ok"?
Thank you in advance for your help.
Regards,
vita86
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-08-2020
05:43 PM
|
