About satish

satish · ‎04-12-2023

Hi @scelikok Below are the example output details. The solution provided by @ITWhisperer appears to be working. Current Output: active_hmc frame_name frame_serial hmc_redundancy datacenter hcm5 POWER01 123456 NOT-OK NYC hcm5_hmc6 POWER02 876344 OK NYC Expected Output: active_hmc hmc_pair frame_name frame_serial hmc_redundancy datacenter hcm5 hcm5_hcm6 POWER01 123456 NOT-OK NYC hcm5_hmc6 hcm5_hmc6 POWER02 876344 OK NYC Thank you both for your quick help and support.

satish · ‎04-12-2023

@ITWhisperer Many thanks for your solution. The solution worked for me.

satish · ‎04-12-2023

Dear Experts.. Looking for help with a Splunk Query... I was working on a Splunk Query to identify the Frames connection to the HMC.. Im able to find the HMC's the frame is connected.. If a frame is connected with 2 hmc the active_hmc field will contain both hmc's separated by "_ " Incase the frame is connected with single HMC.. active_hmc contains only one HMC name.. I would like to create a new field that would contain the actual HMC pair name for each frame.. For the single HMC active frames, I would like to generate the HMC pair data by searching inside the entire table to see if there is a match.. For Example: ============== if the field value active_hmc=hmc50.. The same field also will have some frames connected wirh 2 hmcs like active_hmc=hmc49_hmc50. Would like to find that pairs and create a new field hmc_pair in the table with values hmc_pair=hmc49_hmc50. Could you help me with the query. Splunk query: ================== index=aix_os source=hmc | spath path=hmc_info{} output=LIST | mvexpand LIST | spath input=LIST | where category == "power_frame" | dedup hmc_name frame_name | stats values(hmc_name) as hmc_names dc(hmc_name) as hmc_count by frame_serial, frame_name, datacenter | eval active_hmc=mvjoin(mvsort(hmc_names), "_") | eval hmc_pair=mvjoin(mvsort(hmc_names), "_") | eval hmc_redundancy=if(hmc_count=2, if(match(active_hmc, "^([^_]+)_([^_]+)$") AND mvcount(mvdedup(hmc_names))=2, "OK", "missing"), "NOT-OK") | table active_hmc frame_name, frame_serial,hmc_redundancy, datacenter | sort +hmc_redundancy Thanks

satish · ‎01-27-2023

Hi Experts, Im using Splunk Dashboard Studio, I have multiple table, I would like to hide the tables where there are no results. Could you advise workaround for achieving the same using dashboard studio. Thanks

satish · ‎01-09-2023

@PaulPanther Let me try using Lookup.. Thanks Paul.

satish · ‎01-09-2023

@PaulPanther Could you advise if there is any way to validate the VLAN ID's For the below one the mismatch value is due to missing VLAN 285 and 2010.. Is there any way to do the comparison in that way. hyp_vm5 YG92412K 5_767_285_2010 MISMATCH hyp_vm6 YG92412K 5_767 MISMATCH

satish · ‎01-09-2023

Hi Experts, I would like to compare values in same field (vlan_ids) for equality based on a machine serial (hyp_serial). Would like validate whether the VLAN ID's are configured on both VM's under same hyp_serial are same or not equal. There will be 2 VM's under the same serial. Could you please help me with my requirement. index=lab source=unix_hyp | spath path=hyp_info{}{} output=LIST | mvexpand LIST | spath input=LIST | where category == "hyp_vlan" | table hyp_name hyp_serial vlan_ids Table Output: ------------------ hyp_name hyp_serial vlan_ids hyp_vm1 AE12893X 5_767_285_2010 hyp_vm2 AE12893X5_356_375_2010 hyp_vm3 ZX87627J9_49_43_44_3120 hyp_vm4 ZX87627J9_49_43_44_3120 hyp_vm5 YG92412K5_767_285_2010 hyp_vm6 YG92412K 5_767 Expected Output: ----------------- hyp_name hyp_serial vlan_ids VLAN CHECK hyp_vm1 AE12893X 5_767_285_2010 OK hyp_vm2 AE12893X 5_356_375_2010 OK hyp_vm3 ZX87627J 9_49_43_44_3120 OK hyp_vm4 ZX87627J 9_49_43_44_3120 OK hyp_vm5 YG92412K 5_767_285_2010 MISMATCH hyp_vm6 YG92412K 5_767 MISMATCH

satish · ‎12-25-2022

I have tried to add the below the option under the panel. It seems to have worked. "seriesColors": ["#61A84F","#FFBF00", "#FF0000"]

satish · ‎12-25-2022

Hi Experts, Im unable to find modify the pie chart colors using dashboard studio. I have tried to add field colors under options in dashboard studio. Unable to edit for specific visualisation in the source code field. Have a field called "supp_type", I was looking for pie chart to be green for value "current", Amber for "previous" and red for "old". When I include the charting.fieldcolors it doesn't accept or doesn't allow to save the panel code. Can you help me in adding that custom colors into dashboard studio. Query: ------------- index=lab host=hmclab | spath path=hmc_info{} output=LIST | mvexpand LIST | spath input=LIST | where category == "hmc" | search hmc_version=V* OR hmc_version=unknown | dedup hmc_name | eval supp_type=case(match(hmc_version,"^V10.*|^V9R2.*"), "current", match(hmc_version, "^V9R1.*"), "previous", match(hmc_version, "^V8.*|^V7.*"), "old") | chart count by supp_type useother=false Source Code from dashboard studio: ------------------------------------------------------ { "type": "viz.pie", "dataSources": { "primary": "ds_RxEsq1cK" }, "title": "HMC Versions", "options": { "chart.showPercent": true, "backgroundColor": "transparent", "charting.fieldColors": {"current":0x008000, "previous":0xffff00, "old":0xff0000} }, "context": {}, "showProgressBar": false, "showLastUpdated": false }

satish · ‎12-20-2022

@yuanliu Thank you for the solution as per my expectation.

satish · ‎12-20-2022

@richgalloway Below is the current and expected output details. basically I would like to find the filesystems above 40. Current Output from Statistics (They are currently grouped into Single row): --------------------------------------------------------------------------- hmc_name hmc_info{}.Filesystem hmc_info{}.fs_utilization labhmc /dev 1 /dev/shm3 /run0 /sys/fs/cgroup0 /46 /data2 /home4 /extra17 /dump1 /var14 /var/hsc/log25 /run/user/6010 /run/user/6041 /run/user/6000 Expected Output from Statistics (Each item into separate row): ---------------------------------------------------------------- hmc_name hmc_info{}.Filesystem hmc_info{}.fs_utilization labhmc /dev 1 labhmc /dev/shm 3 labhmc /run 0 labhmc /sys/fs/cgroup 0 labhmc / 46 labhmc /data 2 labhmc /home 4 labhmc /extra 17 labhmc /dump 1 labhmc /var 14 labhmc /var/hsc/log 25 labhmc /run/user/601 0 labhmc /run/user/604 1 labhmc /run/user/600 0

satish · ‎12-20-2022

Hi Splunk Experts, Im looking for help in splitting a table grouped into single row into multiple rows. I would like identify the filesystems that are above 40% and would like to collect stats and visuals. The Statistics for table is displayed as single row only. I tried mvexpand but it doesnt accept 2 fields, only accepts one field. If i apply for field but it generates many rows. Im missing something here. Can you please help me with workaround. Splunk Query: ---------------- index=lab_env host=labhmc earliest=-4h latest=now | spath path=hmc_info{} output=LIST | rename LIST as _raw | kv | rex field="hmc_info{}.fs_utilization" mode=sed "s/\%//g" | table hmc_name hmc_info{}.Filesystem hmc_info{}.fs_utilization Splunk Event: --------------- {"category": "hmc", "hmc_name": "labhmc", "hmc_uptime": "73", "hmc_data_ip": "127.0.0.1", "hmc_priv_ip": "127.0.0.1", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/dev", "fs_utilization": "0%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/dev/shm", "fs_utilization": "1%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/run", "fs_utilization": "3%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/sys/fs/cgroup", "fs_utilization": "0%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/", "fs_utilization": "46%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/data", "fs_utilization": "2%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/home", "fs_utilization": "4%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/extra", "fs_utilization": "17%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/dump", "fs_utilization": "1%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/var", "fs_utilization": "14%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/var/hsc/log", "fs_utilization": "25%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/run/user/601", "fs_utilization": "0%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/run/user/604", "fs_utilization": "1%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"} {"category": "hmc_filesystem", "hmc_name": "labhmc", "Filesystem": "/run/user/600", "fs_utilization": "0%", "hmc_version": "V8.65.22", "hmcmodel": "7164-r15", "hmcserial": "673456B", "datacenter": "LAB", "country": "DE"}

Posts	12
Solutions	1
Karma Given	3
Karma Received	0
Member Since	‎12-20-2022

Online Status	Offline
Date Last Visited	‎05-22-2023 12:20 PM

How to create new field based on table values?

How to hide table if no results are present in Das...

How to compare same field with values for equality...

Modifying pie chart colors in dashboard studio?

How to expand grouped table into single row?

Re: Splunk create new field based on table values