Splunk Commands : "append" vs "appendpipe" vs "appendcols" commands detail explanation

แชร์
ฝัง

ความคิดเห็น • 21

  • @CJNR99729
    @CJNR99729 6 ปีที่แล้ว +2

    It is a very good video to understand the commands

  • @horaciorodriguezcobian9726
    @horaciorodriguezcobian9726 3 ปีที่แล้ว

    Thanks for the video!!, one question, using selfjoin command with append command is faster that join command when you are trying to join two result datasets using a match condition between both datasets?

  • @rotrose7531
    @rotrose7531 2 ปีที่แล้ว

    Sir, I am a beginner, I want to follow your video, can you please suggest how to get the TMDB app into Splunk? I just want to type the same thing and get the same result. Thank you in advance.

  • @abbashussainzaidi6005
    @abbashussainzaidi6005 6 ปีที่แล้ว +1

    Amazing Video , thank you for that.

  • @santhoshig7784
    @santhoshig7784 4 ปีที่แล้ว

    Hi Sid, one question. In selfjoin video, you told that selfjoin command checks and compares next rows(adjacent rows) and return result which is common. Whereas in this video for the result set at 4:32, genre_id 28 and 99 respectively are not in adjacent rows(next rows). Then how is it creating a row for 28 and 99 with name field of subsearch? ideally it should compare next row with same genre_id and since its not same, it should return same first table right? please clarify.

    • @splunk_ml
      @splunk_ml  4 ปีที่แล้ว +1

      actually what I wanted to say was that genre_id can be in adjacent rows or separated by few rows, the selfjoin works in same ways. Unfortunately the example I choose most of the rows were adjacent. So the behavior you are seeing is correct.

  • @dittprashant
    @dittprashant 6 ปีที่แล้ว +1

    Appreciate your effort

  • @shivkumarpatel7940
    @shivkumarpatel7940 2 ปีที่แล้ว

    can you help in this
    sourcetype=access_* action=purchase
    | stats dc(clientip) as clientip BY categoryId
    | append
    [search sourcetype=access_* action=purchase
    | top 1 clientip BY categoryId]
    | table categoryId, clientip, count
    results sharing the same field values please help in the reformat the output.. i think by using the rename command

  • @alexkamalov1169
    @alexkamalov1169 4 ปีที่แล้ว

    Sid, is it possible to turn on 'Transcript' bit on ? It is not showing any transcripts

    • @splunk_ml
      @splunk_ml  4 ปีที่แล้ว

      :( I am not able to see any settings related to "Transcipt" Alex. May be something needs to set in your youtube player?

    • @alexkamalov1169
      @alexkamalov1169 4 ปีที่แล้ว

      @@splunk_ml Thanks so much for your reply, Sid. I've been very much following your uploads and learning tons. Thank you! If you click on triple dot, right next to "SAVE", it should give an option of "Open Transcript". If you check your other uploads, it does display transcript. However, on this upload, it does not display. Unfortunately, I cannot upload a screenshot for your reference. But as a simple reference, your upload th-cam.com/video/R86phfbo9KQ/w-d-xo.html does contain a ready transcript.

  • @shashanksekhar2048
    @shashanksekhar2048 3 ปีที่แล้ว

    Hi Sir... Very nice explaination... I have one doubt..I have 2 searches that are fetching fields and showing as table command....I am trying to combine these 2 searches using appendcols...but sometimes the numbers of rows won't be matching....so it is mapped to the wrong row...eventhough Im using sort based on time...
    As the number of rows are not matching it's jus mapping first set of rows...
    Is there any way to overcome this please...any suggestions will be appreciated...

    • @splunk_ml
      @splunk_ml  3 ปีที่แล้ว +1

      appendcols will never make sure the proper mapping. Its just appending columns from the second search. If you need to maintain proper mapping please use join command.

    • @shashanksekhar2048
      @shashanksekhar2048 3 ปีที่แล้ว

      @@splunk_ml Thanq so much for reply Sid..But join will cause performance issues..we are dealing with huge data..That's why..

  • @gowthamipulugu5183
    @gowthamipulugu5183 4 ปีที่แล้ว

    In dbxquery,how to use field value from 1 select query in another select query...it's more of like dbxquery inner query.please provide the syntax

    • @splunk_ml
      @splunk_ml  4 ปีที่แล้ว

      you mean the subquery? well you can write the whole qur=ery including the subquery and then execute it using dbxquery.

  • @rajenderprasad1193
    @rajenderprasad1193 4 ปีที่แล้ว

    Thànk you.. I want to achieve all my lookup values to displayed even though there are no related events.. and I am using inputlookup with chart command..but I am getting 1 instead of 0.. how can I get 0 for the no events.. pls help..thnk u

    • @splunk_ml
      @splunk_ml  4 ปีที่แล้ว

      can you please elaborate ur question? u can send me email if it is too much writing here.

  • @谢心哲
    @谢心哲 4 ปีที่แล้ว

    how to find a index value in csv

  • @AbhishekVerma-hx8bq
    @AbhishekVerma-hx8bq 5 ปีที่แล้ว

    please provide path of the previous video u r refering in this video in starting for "index="tmdb_index" set up.

    • @splunk_ml
      @splunk_ml  5 ปีที่แล้ว

      Hi Abhishek,
      I have created the path in the video. Thanks for pointing this out. FYI the link as well.
      th-cam.com/video/JshI6JT60Rs/w-d-xo.html
      Sid