cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ermanoj21yadav
Explorer
Member since: ‎03-07-2022
‎03-18-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎03-07-2022
View All

Re: How to get value from two searches to match?

by in Other Usage
‎03-18-2022 10:12 AM
‎03-18-2022 10:12 AM
Exactly what I needed. Thanks Giuseppe !! ... View more

How to get value from two searches to match?

by in Other Usage
‎03-17-2022 11:35 AM
‎03-17-2022 11:35 AM
I have 2 logs. The first statement gets logged when a pod dies. The second gets logged when my app gets notified. Sometimes, the pod dies and my app doesn't get notified. I want to write an alert when the pod dies but my application doesn't get notified. Log1 (when a pod dies):   index=log1 "Forced deletion of orphaned Pod" | rex "podnamespace/(?<machineName>(.*?))\s"   Log2 (when my app gets notified):   index=conversation "*Clearing DMC pod" sourcetype="cui-orchestration-log" podname=<podNameWhichDied>   I tried several options, but I am unable to refer to the field 'machineName' created by rex in the Log1 inside Log2 even though machineName has the right pod name:   index=log1 "Forced deletion of orphaned Pod" | rex "podnamespace/(?<machineName>(.*?))\s" | stats count as podsCrashedCount by machineName| appendcols [search index=log2 "App is deleting pod" podname=$machineName| stats dc(podname) as deletedInApp] | where podsCrashedCount!=deletedInApp   ... View more
Labels

Re: How search and list the same session ID's occu...

by in Splunk Search
‎03-07-2022 01:51 PM
‎03-07-2022 01:51 PM
What if I want to plot it on a graph on timechart like how many sessionIds had more than 1 hosts over a specific period of time ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-18-2022 10:27 PM
Karma given to
View All