Stack Overflow
Stack Overflow

Questions tagged [splunk-sum]

9 questions
2
votes
2 answers

Splunk Rex: Extracting fields of a string to a value

I'm a newbie to SPlunk trying to do some dashboards and need help in extracting fields of a particular variable Here in my case i want to extract only KB_List":"KB000119050,KB000119026,KB000119036" values to a column Expected…
Rczone
  • 493
  • 1
  • 5
  • 18
1
vote
1 answer

Splunk query for division of sums of entries within a time frame

I have in the Splunk logs messages with the following format: LogService product id=1 price=10.00 numberOfClients=4 profit=5.00 I need to create a query that will find all the records from the last day and will calculate: sum(price *…
user998692
  • 5,172
  • 7
  • 40
  • 63
0
votes
2 answers

Splunk how to exclude a certain vale from the list if exist

I have a log with payload something like this: "Stats":[ { errors: 0 type: "Disc" success: 878 }, { errors: 21 type: "cronJob" success: 25 }, …
Joe
  • 115
  • 4
  • 17
0
votes
1 answer

Indexer grouping in dropdown

I have 20 indexes where we want to display them in drop down in grouping manner ..how can we group them in a query ? for example:- index1,Index2,index3 should come with name abc.... Index 4, index 2, index 5 should come with name efg... so in drop…
Supriya Sharma
  • 21
  • 4
0
votes
1 answer

How to trigger spunk alert for every stat that appears on my query

I currently have a query that results in a couple stats being shown, "Statistics (5)" I use this query to get those Stats: index=ms-app environment=prod AND "*" | eval uri=replace(mvindex(split('request.uri', "?"), 0), "\/\d+[-+\w]+", "/:n"),…
monkey123
  • 183
  • 1
  • 3
  • 11
0
votes
1 answer

Need Splunk query for finding common elements between two fields when each field is a list

I have each event as a JSON object below which is indexed by Splunk. How can I have a Splunk query such that I find all such failures which happen to be present in both "failed" and "passed" arrays? "output":{ "date" : "21-09-2017" …
Zack
  • 2,078
  • 10
  • 33
  • 58
0
votes
1 answer

In Splunk, streamstats function give cumulative data on weekly basis but displaying data "Thursday to Thursday" instead "Monday to Sunday"

In Splunk, I want to display data in cumulative way on weekly basis but below query is counting data from "Thursday to Thursday" instead "Monday to Sunday". Please Help. index=c sourcetype=c | timechart count(eval(State = "Closed" OR State=…
sud
  • 57
  • 1
  • 1
  • 8
0
votes
1 answer

display selective fields in splunk in query

I am trying to create a table in splunk of some service endpoint and calculation time taken by each endpoint, now the problem i want to display selected endpoints based on time. This is the query i wrote to display the fields. index="test" |…
Demon
  • 21
  • 4
0
votes
1 answer

In splunk, how to create Private Lookup table for individual?

As I am working on network security project. I need to create private lookup table for individual users, such that any other user shouldn't see the content of other users Lookup table. I have created Lookup table by: curl -k -u username:pwd…
Sumangala Amati
  • 1
  • 3