Questions tagged [splunk-calculation]
93 questions
0
votes
1 answer
Splunk using info_min_time as timestamp instead of _raw
I am having the following Splunk query to forward some data to a Splunk Summary index:-
index=* eventId="USER_LOGIN_SUCCESS" userRole!=*FF_* userType!="FirstFuel" sourcetype="firstengage"
| eval datetime=strftime(_time, "%Y-%m-%d %H:%M:%S")
|…
Sumit Desai
- 1,542
- 9
- 22
0
votes
0 answers
Splunk query to use counter loop on earliest and latest date range
Refer below splunk spl query:
This query is giving the output for 1 day only, like below:
Column Header: HotScanMQ | Variance (i.e. Today_30May2023)
I want the output to be displayed in below format:
HotScanMQ | Variance Day1 (30May2023) | Variance…
sHaShAnk K
- 27
- 3
0
votes
0 answers
calculating median, avg for total results in splunk
I need to build a report, that contains approx 500 thousand events. the requirement is that the report will contain three rows -
I need to count if httpStatus is ok or not, and classify each eventId in its propper position. (the requirement is that…
badbuda
- 93
- 6
0
votes
2 answers
How to find time duration between two splunk events which has unique key
First Event
17:09:05:362 INFO com.a.b.App - Making a GET Request and req-id: [123456]
Second Event
17:09:06:480 INFO com.a.b.App - Output Status Code: 200 req-id:"123456"
I tried to use index="xyz" container="service-name" | transaction "req-id"…
Sat
- 3,520
- 9
- 39
- 66
0
votes
1 answer
Array in the Splunk Search
Object{1}
->a{4}
col1: "1"
col2: "2"
col3: "3"
col3: "4"
->b[2]
0{2}
col5: "55"
col6: "66"
1{2}
col5: "5555"
col6: "6666"
I want to query in the Splunk such that I can obtain the above…
Kasis Shrestha
- 75
- 5
0
votes
1 answer
Splunk Query to get comma separated value as single value
In logs we have a value "device=xyz,1" here we need to consider "xyz,1" as a single value and display it in a table format. But now when we run a query it just displays device value as "xyz" and misses out ",1". how to consider it as a single…
Nithya
- 1
- 2
0
votes
2 answers
Splunk-Dashboard - how to add links as field in table visualization?
I'm sending as a - payload.url field - some link for each event,
but in the dashboard - table it's appeare as text and not as link.
maybe someone tried to do it?
i've added - Visit example website
the tage into the payload and try to sent it in two…
0
votes
2 answers
How to calculate time duration between two events in splunk which dont have common element
First Event
06:09:17:362 INFO com.x.y.ConnApp - Making a GET Request
Second Event
06:09:17:480 INFO com.a.b.Response - Output Status Code: 200
Now I want to calculate duration of these two events for every request. I went over the solutions on…
Sat
- 3,520
- 9
- 39
- 66
0
votes
0 answers
Hi, I am tryinig to create a Splunk query to get the daily disk usage of our Fileshare servers using the sourcetype="PerfmonMk:LogicalDisk"
This is what I currently have and it shows me the usage, but I would like to have a panel that shows how much was used each day.
index=perfmon (host=server1 OR host=server2) sourcetype="PerfmonMk:LogicalDisk" instance="F:\\Data_2022_00_T3"
| bin…
Ken Stevens
- 1
- 1
0
votes
1 answer
Enrich Splunk search data based on temporal correlation from another search
I am trying to enrich my table1 data by adding field_to_enrich1 and 2 where fields 1-3 are the same and the _time is right before the _time of my event in table1.
To clarify based on comments, "right before" I mean the first log event that happens…
johnnyb
- 1,745
- 3
- 17
- 47
0
votes
1 answer
Splunk query for showing day wise percentage
Ask: Generate a graph which should show day wise percentage of API success/Availability data in a Splunk dashboard.
Data(search based on specific string) is based on the total number of Success calls on API Named as 'ABC' and Total number of failure…
fregp
- 29
- 2
- 6
0
votes
2 answers
How to check if two field match in SPLUNK
number1= AnyNumber from 1 to 100
number2= AnyNumber from 1 to 100,
This is how my data looks in Splunk
{[-]
field1: number1,
fiedl2: number2,
...
}
I want to check if these two fields match or doesn't,
my Splunk Query
| search filed1 !=…
Milton Palaguachi
- 21
- 1
- 4
0
votes
2 answers
Parsing last part of URL in Splunk
I've an URL like
https://officedomain.com/CDs/ProductMarketingName/Product/Version/MartkingName_Product_Version.exe
and wrote the following query in Splunk search
index= sourcetype=
| rex field=URL_Field…
iamMobile
- 959
- 2
- 17
- 35
0
votes
1 answer
Create a Splunk alert from a log file when a file with name hello.imp is below 10 bytes
I'm trying to write a Splunk query where it searches for a file called hello.imp from a log file and returns with a output if the file size is below 10 bytes. I have the index and log location but unable to find the exact query. Please help me out…
MSC
- 1
0
votes
1 answer
Splunk: Combining multiple chart queries to get a single table
As on today we have two queries that are running
1st query: Count of api grouped by apiName and status
index=aws* api.metaData.pid="myAppName"
| rename api.p as apiName
| chart count BY apiName "api.metaData.status"
| multikv forceheader=1
| table…
Vikhyath Maiya
- 3,122
- 3
- 34
- 68