cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
kp_pl
Engager
Member since: ‎03-12-2024
‎04-09-2024
Community Statistics
Posts 6
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎03-12-2024
Activity Feed
View All

Re: Multiseries chart

by in Dashboards & Visualizations
‎03-21-2024 03:32 AM
‎03-21-2024 03:32 AM
Nice 🙂   It is almost what I need and expect. Just give me one more hint regarding _time . I want to show data from the past, from last monday between 9am and 5pm .   ... View more

Re: Multiseries chart

by in Dashboards & Visualizations
‎03-21-2024 01:49 AM
‎03-21-2024 01:49 AM
of course, the chart is correct , explanation is bad  - my mistake so the first series - no doubt timechart count by kmethod the second one of course sum/avg numbers timechart avg(duration)   All data comes from access.log which format is something like : TIMESTAMP;IP;HTTP_METHOD;METHOD;RETURN_CODE;DURATION;BYTES;UUID                 ... View more

Re: Multiseries chart

by in Dashboards & Visualizations
‎03-20-2024 04:20 PM
‎03-20-2024 04:20 PM
Well - I always have problem with clear explanation, sorry about it. So look at the graph below It is exactly  what I need . One "series" - bars is a count for each uniqe value >> timechart count by kmethod Second series , black line, just a simple sum or average function >> timechart sum(kmethod)       ... View more

Multiseries chart

by in Dashboards & Visualizations
‎03-20-2024 03:27 PM
‎03-20-2024 03:27 PM
At the beginning two examples : the first one: index=s1 | timechart sum(kmethod) avg(kduration)   generates two series chart second one uses 'count by': index=s1 | timechart count by kmethod   generates just one series .   I would like to join both timecharts and kind of merge "count by" with simple "avg" or "sum" so  : -first one 'stacked bar' from second example -second one 'line' from second series of the first example   Any hints ?   K.   ... View more
Labels

Re: HOw to import ODL files

by in Getting Data In
‎03-14-2024 05:12 AM
‎03-14-2024 05:12 AM
ITWhisperer - thanks for your answer  - fits perfect!   Is the creation of own source-type difficult -  any hints, tutorials about it ?   KP       ... View more

HOw to import ODL files

by in Getting Data In
‎03-13-2024 12:11 AM
‎03-13-2024 12:11 AM
Is Oracle Diagnostic Logging ( ODL) format supported in any way by Splunk ? On the forum I have found only one topic regarding it but it had been written 8 years ago ? This format, I read and analyze every day, is used by SOA and OSB diagnostic logs. It is, more or less, like csv structure but instead of tab/space/comma, each value is pakced into brakets Below example with the short descrption [2010-09-23T10:54:00.206-07:00] [soa_server1] [NOTIFICATION] [] [oracle.mds] [tid: [STANDBY].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000I3K7DCnAhKB5JZ4Eyf19wAgN000001,0] [APP: wsm-pm] "Metadata Services: Metadata archive (MAR) not found." Timestamp, originating: 2010-09-23T10:54:00.206-07:00 Organization ID: soa_server1 Message Type: NOTIFICATION Component ID: oracle.mds Thread ID: tid: [STANDBY].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)' User ID: userId: <anonymous> Execution Context ID: ecid: 0000I3K7DCnAhKB5JZ4Eyf19wAgN000001,0 Supplemental Attribute: APP: wsm-pm Message Text: "Metadata Services: Metadata archive (MAR) not found." Any solution, hints how to manage it in Splunk ? regards KP. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-09-2024 04:20 PM
Karma given to
View All