Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About yuvrajsharma_13
yuvrajsharma_13
Explorer
Member since:
08-29-2023
01-27-2024
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 0 |
| Member Since | 08-29-2023 |
Activity Feed
- Karma Re: Left join not returning values as expected. for tscroggins. 01-27-2024 06:07 PM
- Posted Re: Left join not returning values as expected. on Splunk Search. 01-27-2024 03:42 PM
- Posted Left join not returning values as expected. on Splunk Search. 01-27-2024 03:40 PM
- Posted PII Data scan on Splunk Search. 09-18-2023 09:05 AM
- Posted Re: How can I get the time difference between two events? on Splunk Search. 09-12-2023 08:24 AM
- Karma Re: How can I get the time difference between two events? for gcusello. 09-12-2023 08:16 AM
- Posted Re: How can I get the time difference between two events? on Splunk Search. 09-11-2023 08:27 PM
- Posted How can I get the time difference between two events? on Splunk Search. 09-11-2023 08:20 PM
- Karma Re: Timechart with Failurepercentage and appendcols for bowesmana. 09-01-2023 07:48 AM
- Posted Re: Timechart with Failurepercentage and appendcols on Splunk Search. 08-30-2023 02:36 PM
- Posted Timechart with Failurepercentage and appendcols on Splunk Search. 08-29-2023 07:56 AM
- Tagged Timechart with Failurepercentage and appendcols on Splunk Search. 08-29-2023 07:56 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-27-2024
03:42 PM
@gcusello
... View more
01-27-2024
03:40 PM
I am joining two splunk query to capture the values which is not present in subquery. Trying to find the account which opend today but not posted. But quary not retuning any values. Let me know if we have other way to get the values ? Query 1 : Returns Account opened today. index=a "digital account opened" | rename msg.requestID AccountID | table AccountID Query 2 : Account posted today. index=b "/api/posted" 200 | rex "GET /api/posted (?<accountID>\d+) HTTP 1.1" table AccountID Final Query : index=a "digital account opened" | rename msg.requestID AccountID | table AccountID | join type=left AccountIDOpened [ search index=b "/api/posted" 200 | rex "GET /api/posted (?<accountID>\d+) HTTP 1.1" table AccountID ] | search AccountIDOpened =null | table _time,AccountIDOpened
... View more
09-18-2023
09:05 AM
Need help to write a generic query to capture PII Data ( social security numbers / credit card numbers / email addresses ) from application log ?
... View more
Labels
- Labels:
-
field extraction
09-12-2023
08:24 AM
@gcusello , that helped, however now I have to change my query as we are not receiving response for few Unique_ID so difference is showing as 0 seconds. I am using subsearch for this, so it should capture events for which we received response . Subsearch itself is not returning any results. After this I need to work on time difference. index=web* "Message sent to Kafka" | where UNIQUE_ID IN ( [ search index=web* "Response received from Kafka" | fields UNIQUE_ID ]) | table UNIQUE_ID, _time
... View more
09-11-2023
08:27 PM
Updated Query : Time difference is coming as "12/31/23 19:00:30:295 " index=web* "Message sent to Kafka" OR "Response received from Kafka" | stats earlies(_time) as Msg_received, latest(_time) as Response_Kafka by Unique_ID | eval difference=Response_Kafka-Msg_received | eval difference=strftime(difference,"%d-%m-%Y %H:%M:%S") | eval Msg_received=strftime(Msg_received,"%d-%m-%Y %H:%M:%S") | eval Response_Kafka=strftime(Response_Kafka,"%d-%m-%Y %H:%M:%S")
... View more
09-11-2023
08:20 PM
I am looking at logs for asynchronous calls ( sending msg & receiving ack from kafka ) . So we have 2 event , first one is when we receive the message and start processing then send it to Kafka , second one is when we receive response back from kafka. I have unique message ID to track both event. I want to capture average processing time for all unique ID. In below query I have not added condition for unique ID. in below query I am not getting "Diffrence" value. Can you please help !! index=web* "Message sent to Kafka" OR "Response received from Kafka" | stats earlies(_time) as Msg_received, latest(_time) as Response_Kafka | eval difference=Response_Kafka-Msg_received | eval difference=strftime(difference,"%d-%m-%Y %H:%M:%S") | eval Msg_received=strftime(Msg_received,"%d-%m-%Y %H:%M:%S") | eval Response_Kafka=strftime(Response_Kafka,"%d-%m-%Y %H:%M:%S")
... View more
08-30-2023
02:36 PM
Thank you @bowesmana for quick response. I am writing down the exact query here. I have to combine both the queries to get Failure % using timechart. Query 1 ( Success ) : index=dl* ("Record_Inserted") | fields msg.attribute.ticketId | rename msg.attribute.ticketId as ticketId | table ticketId,_time | timechart span=1d dc(ticketId) Query 2 ( Failure ) : index=dl* ("Error_MongoDB") | fields msg.attribute.ticketId | rename msg.attribute.ticketId as ticketId | table ticketId,_time | timechart span=1d dc(ticketId)
... View more
08-29-2023
07:56 AM
I am using below query to get search result and calculate the failure percentage but not getting the expected result. index=dl* ("Error_MongoDB") | timechart span 1d count as Failure | appendcols [search index=dl* ("inserted Record") | timechart span=1d count as Success | eval (FailurePercentage = Failure/Sucess)*100 | field _time,Failure,Sucess,FailurePercentage I am getting all the values except FailurePercentage. What could be the reason ?
... View more
- Tags:
- timechart
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-27-2024
10:54 PM
|
