splunkninja

The dojo of Splunk. Learn, share, teach, mentor.

Joe Rizzo
  • Austin, TX
  • United States
Share
Share on Twitter
Share on Facebook

Joe Rizzo's Discussions

sum fields in same event
2 Replies

I need to sum fields by other fields in the same event. Here is an example event: _time                                somefieldname   somefieldvalue 6/26/10 3:09:23.000 AM     A                    …

Started this discussion. Last reply by Joe Rizzo Jun 30.

renaming searches, reports and dashboards
3 Replies

How can I rename searches, reports and dashboards? Thanks, Joe

Started this discussion. Last reply by Joe Rizzo Nov. 17, 2009.

 

Joe Rizzo's Page

Gifts Received

Gift

Joe Rizzo has not received any gifts yet

Give Joe Rizzo a Gift

Latest Activity

Joe Rizzo replied to Joe Rizzo's discussion 'sum fields in same event'
Thanks for the reply. I ended up splitting the event into multiple events using split. Then I could use stats and timechart as expected. Thanks, Joe
June 30
Michael Wilde replied to Joe Rizzo's discussion 'sum fields in same event'
Have you considered using " | makemv" to turn that event in to a multi-value field, so you end up with a=1 a=2 b=2 b=2 and then do an | eval a = a+a | eval b = b + b
June 28
Joe Rizzo added a discussion
sum fields in same event
I need to sum fields by other fields in the same event. Here is an example event: _time                                somefieldname   somefieldvalue 6/26/10 3:09:23.000 AM     A                       1                                         A    …
June 25
Joe Rizzo replied to Joe Rizzo's discussion 'renaming searches, reports and dashboards'
That is what I needed. Thanks! FYI - There is a bug in the clone operation. If you were to look at the entry for the original report and the clone in the user's savedsearches.conf you will notice that the key "displayview" is omitted from the clone…
November 16, 2009
Joe Rizzo was featured
Congratulate them!
November 16, 2009
Michael Wilde replied to Joe Rizzo's discussion 'renaming searches, reports and dashboards'
As of version 4.0.6. It is not possible to rename searches from the UI. However, all of splunk's configs are stored in fairly easy to understand config files. Searches, for example, are stored in "savedsearches.conf" (docs page link). Pop in to that…
November 16, 2009
Dave P replied to Joe Rizzo's discussion 'renaming searches, reports and dashboards'
I haven't figured out how to rename them, but I did figure out that if you clone them and give them a new name, it's essentially the same thing. If it's not, I haven't discovered the difference yet. -dave
November 14, 2009
Joe Rizzo added a discussion
renaming searches, reports and dashboards
How can I rename searches, reports and dashboards? Thanks, Joe
November 13, 2009
Joe Rizzo is now a member of splunkninja
Welcome Them!
November 13, 2009

Profile Information

Are you an existing splunk user?
Licensed
What do you do for your day job?
IT Manager (Online)
Web / Blog Address
http://www.swtor.com

Comment Wall

You need to be a member of splunkninja to add comments!

Join splunkninja

  • No comments yet!
 
 
 

Videos

Latest Splunk Community Postings

Loading feed

Latest Splunk Forum Posts

Loading feed

© 2010   Created by Michael Wilde.   Powered by .

Badges  |  Report an Issue  |  Terms of Service

Sign in to chat!