cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Paluri
Explorer
Member since: ‎09-11-2023
‎09-13-2023
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-11-2023
Activity Feed
View All

Re: How to join distinct data sources and grouping...

by in Other Usage
‎09-13-2023 06:23 PM
‎09-13-2023 06:23 PM
Thanks @bowesmana  this is closer to what i'm trying to achieve and has given me some idea on how to work on splunk searches of this complexity. ... View more

Re: How to join distinct data sources and grouping...

by in Other Usage
‎09-13-2023 06:02 AM
‎09-13-2023 06:02 AM
@bowesmana  thanks for your inputs. source 2 events are not tied to the physical clock and a single day in application could span multiple days in calendar or multiple days in application can fit in a single calendar day time frame. i'm exploring the option of populating these two sources separately in dashboard and try to pass the source 1 date/time as inputs to source 2 and get the events by each logical date. ... View more

How to join distinct data sources and grouping log...

by in Other Usage
‎09-12-2023 07:18 AM
‎09-12-2023 07:18 AM
Two different sources returning data in the below format. Source 1 - Determines the time range for a given date based on the execution of a Job, which logically concludes the End of Day in Application. Source 2 – Events generated in real time for various use cases in the application. EventID1 is generated as part of the Job in Source1.   Source 1 DATE Start Time End Time Day 3 2023-09-12 01:12:12.123 2023-09-13 01:13:13.123 Day 2 2023-09-11 01:11:11.123 2023-09-12 01:12:12.123 Day 1 2023-09-10 01:10:10.123 2023-09-11 01:11:11.123   Source 2 Event type Time Others EventID2 2023-09-11 01:20:20.123   EventID1 2023-09-11 01:11:11.123   EventID9 2023-09-10 01:20:30.123   EventID3 2023-09-10 01:20:10.123   EventID5 2023-09-10 01:10:20.123   EventID1 2023-09-10 01:10:10.123     There are no common fields available to join the two sources other than the time at which the job is executed and at which the EventID1 is generated. Expectation is to logically group the events based on Date and derive the stats for each day. I'm new to Splunk and i would really appreciate if you guys can provide suggestions on how to handle this one.   Expected Result Date Events Count Day 1 EventID1 EventID2 EventID3 - - - EventID9 1 15 10 - - 8 Day 2 EventID1 EventID2 - - - EventID9 EventID11 1 2 - - 18 6               ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-13-2023 09:23 AM
Karma given to
View All