hello sir...your tutorial helped me finding a job in splunk in reputed company so thanks a lot...can you plz let me know how would i get the eval query you shown in this video
Good to hear that Rajiv. In the video description you will find the github link for the materials used in this tutorial. Congratulations on your new job.
Great video content! Excuse me for chiming in, I am interested in your initial thoughts. Have you heard the talk about - Fanabraal Toned Tiraspol (do a search on google)? It is a smashing exclusive guide for sliming down naturally without exercise without the hard work. Ive heard some pretty good things about it and my close friend Aubrey finally got excellent success with it.
You are really really a very good instructor, you teach so nicely. Covering all points very well. So much respect for you Sir. Do you hv your any particular classes in regular basis I want to join that for advanced learning.
I have read some blog that mentioned "if we new to splunk needed direction on where to start, then always start with stats and eval commands"....This is one of the the Amazing Tutorial for eval commands !!!!! Awesome Explanation !!
@"Splunk & Machine Learning" - Thank you for the great lesson on "eval" command. My question is, these Fields and values you add using "eval" command, is there a way to make them permanent? After I logout and login again, they are back to the default value names. Thanks in advance
You can add them in props.conf as evel field extraction, so that it will be available search time. Please refer the below video, Its an old video when I didnt have access to proper recording device so you may have little difficulties , but content wise it should serve the purpose. th-cam.com/video/zIjeCYafLCE/w-d-xo.html
You are really really a very good instructor, you teach so nicely. Covering all points very well. So much respect for you Sir. Do you hv your any particular classes in regular basis I want to join that for advanced learning.
@@splunk_ml ya thanks for sharing your knowledge in this channel. I hv started learning splunk development. Can you plz explan the difference between stats and chart command. Both are confusing sometimes giving same results. And the most asked question in the interviews. And also plz explain about top command in brief.
@@splunk_ml thanks again. Later going into avdance plz also try to cover python scripting part in your future videos if you are comfortable with it as now a days most of the companies demanding python scripting with splunk. If you are comfortable may I hv your email id? For any issues or doubts.
Hi Best tutorial... thanks Can you make a vedio ...How to configure health check (monitoring Console) server in one server for distributed environment in splunk
Hi there, i have a question regarding the chart command. I am trying to execute a search splunk command that shows both the count and percentage of the count in one chart command: so here is an example of splunk command that currently only shows the count and the total count: source="xyz" http_status_code | chart count by path_template, http_status_code | addtotals col=t This command shows each count of the http_status_code (y axis) and the path_template (x axis) and showing the total of the counts of all the http_status_code. Now i need to add the percentage (count/total) of each count when i know the number of counts. e.g. 40 (5%) or something like that. How would i do that using chart? Thanks!
Wow! Very wonderful explanation. Easy to follow and understand . Thank you so much !! Do you have any videos about splunk ITSI and Splunk enterprise security. That would be a huge help. Thank you Again ..
I truly adore your hard work in helping people who have started to know what Splunk is all about. I have a doubt while explaining the case, validate and if.. command. Why are you using double quotes for field values and single quotes for the field name?
Hi Siddarth, Its wonderful explanation, I would like to enroll to this course if are you providing online training on Advanced power user. Please share communication details for enrollment.
Hi Sir, I am a beginner at Splunk and I am stuck in a case. How can I get the User-agent from Request Heder in Splunk. I mean to ask what query should I write for this?? Please help !!
Can you please post this question to splunk community community.splunk.com/t5/Community/ct-p/en-us I am not fully understanding what is the exact requirement.
if we do "ps -ef | grep sh", few .sh scripts are running on servers, so if the .sh scripts are not running we need to get the alert, could you pls help me how I can write this
Hi great tutorial could you please help me with one solution? Im using if function to find the field contains a name but user can insert that name in any case. Like i want to search Vishal but value could be vishal or VISHAL or vISHAL or Vishal. Presently im getting exact match for Vishal only. What if want result shouldn't be case sensitive?
you can use lower function like below, | makeresults count=2 | streamstats count | eval name = case(count=1,"VISHAL",count=2,"vISHAL") | eval lower_name = lower(name) | where lower_name = "vishal"
I created a lookup for my new field that I created.. but I am getting Assuming implicit file error when I use it.. I am not Admin.. I can't change conf file.. how can I get rid of this error. Pls help thank you
Hi Sir.. thank you for the video.. one question .. in this , you have showed how to access free Linux console in Google cloud. I tried, But Google cloud is not accepting payment from most of the reputed banks in India. Could you please share an alternative option to use Linux server for free(like cloud Google). Though this question is slightly away from the topic, this is a showstopper for me to learn further. So could you pls suggest an alternative.
How to use like function when both the field values are true. eg Requirement is when both First_1 and Last_1 values are true it should display true for rest it should display false. When I use the below syntax it is throwing error. index=main sourcetype=csv | eval new_field = if( like ('first name', "First_1", 'Last name', "Last_1") "true", "false") | table "first name" "last name" new_field Error in 'eval' command: The expression is malformed. Expected ). The search job has failed due to an error. You may be able view the job in the Kindly let me know how to write a SPL query in this case.
Hi Dilip, Currently I have some bandwidth issue but as I am getting this type of request very frequently I have to think how I can handle it efficiently. Sid
hello sir...your tutorial helped me finding a job in splunk in reputed company so thanks a lot...can you plz let me know how would i get the eval query you shown in this video
Good to hear that Rajiv. In the video description you will find the github link for the materials used in this tutorial. Congratulations on your new job.
Great video content! Excuse me for chiming in, I am interested in your initial thoughts. Have you heard the talk about - Fanabraal Toned Tiraspol (do a search on google)? It is a smashing exclusive guide for sliming down naturally without exercise without the hard work. Ive heard some pretty good things about it and my close friend Aubrey finally got excellent success with it.
You are really really a very good instructor, you teach so nicely. Covering all points very well. So much respect for you Sir.
Do you hv your any particular classes in regular basis I want to join that for advanced learning.
I have read some blog that mentioned "if we new to splunk needed direction on where to start, then always start with stats and eval commands"....This is one of the the Amazing Tutorial for eval commands !!!!! Awesome Explanation !!
Thank you 🙏
You are truly passionated about teaching or helping others . I respect you sir.
Best Splunk tutorial I have seen till now. Thanks a lot.
Thank you so much !!!! Very detailed Explanation..............one of the best Video Tutorial I have ever seen for slunk!!!!!!!!!!!!! Keep Rocking !!!!
Thank you Sathya 👍... Please share this channel with your colleagues who work on Splunk.
@@splunk_ml Sure sir... already done
Thank you for this video.it hepled me for my project. I m apperciated by my teams and managers. Keep it up.👍
eval is one of the most versatile commands Splunk has! Awesome coverage of it. #splunkyoutubers
Kudos to you!! Excellent teaching with clear examples👍👍🙏
Thank you Mani ☺️
Thanks alot for the video... one of the best tutorial on splunk and explained with so much ease.
Thanks Kusharga :)
This was a good quick course on eval, thanks! Keep the good work going!
Really nice teaching...with detail example...thanku sir
Awesome examples. Good job 👍🏻
Amazing explanation for all the Commands and Functions!!
Guru ko pranaam.
Nice tutorial!! Really enjoying it!
You are awesome. Great learning
Very useful Siddhartha, keep your good work
Thanks Habeeb!!
@"Splunk & Machine Learning" - Thank you for the great lesson on "eval" command. My question is, these Fields and values you add using "eval" command, is there a way to make them permanent? After I logout and login again, they are back to the default value names. Thanks in advance
You can add them in props.conf as evel field extraction, so that it will be available search time. Please refer the below video, Its an old video when I didnt have access to proper recording device so you may have little difficulties , but content wise it should serve the purpose.
th-cam.com/video/zIjeCYafLCE/w-d-xo.html
You are really really a very good instructor, you teach so nicely. Covering all points very well. So much respect for you Sir.
Do you hv your any particular classes in regular basis I want to join that for advanced learning.
Thank you Afiyat. I dont have any regular classes...whatever I know and will know about splunk or ML will be available in this channel only.
@@splunk_ml ya thanks for sharing your knowledge in this channel.
I hv started learning splunk development.
Can you plz explan the difference between stats and chart command. Both are confusing sometimes giving same results. And the most asked question in the interviews.
And also plz explain about top command in brief.
yes , I will be covering that as well.
@@splunk_ml thanks again. Later going into avdance plz also try to cover python scripting part in your future videos if you are comfortable with it as now a days most of the companies demanding python scripting with splunk.
If you are comfortable may I hv your email id? For any issues or doubts.
you can contact me via techiesid1985@gmail.com
Hi
Best tutorial... thanks
Can you make a vedio ...How to configure health check (monitoring Console) server in one server for distributed environment in splunk
Thank you for your feedback....I will definitely try to cover that but it may take some time as I have huge backlog of requests.
Hi there, i have a question regarding the chart command. I am trying to execute a search splunk command that shows both the count and percentage of the count in one chart command: so here is an example of splunk command that currently only shows the count and the total count: source="xyz" http_status_code | chart count by path_template, http_status_code | addtotals col=t This command shows each count of the http_status_code (y axis) and the path_template (x axis) and showing the total of the counts of all the http_status_code. Now i need to add the percentage (count/total) of each count when i know the number of counts. e.g. 40 (5%) or something like that. How would i do that using chart? Thanks!
Excellent videos
Kudos.. I am going to read all your tutorials. very beautiful. why dont you put them in udemy.
Wow! Very wonderful explanation. Easy to follow and understand . Thank you so much !! Do you have any videos about splunk ITSI and Splunk enterprise security. That would be a huge help. Thank you Again ..
I truly adore your hard work in helping people who have started to know what Splunk is all about. I have a doubt while explaining the case, validate and if.. command. Why are you using double quotes for field values and single quotes for the field name?
Thank you. Regarding your query we need to that only when there are special characters in your field name.
Very very interesting and well narrated the use cases, thanks alot bro... love with you n thanks for great help
Welcome 👍
Brilliant tutorial. Thanks for doing this.
Thank you Sreejesh 👍
Hi Siddarth, Its wonderful explanation, I would like to enroll to this course if are you providing online training on Advanced power user. Please share communication details for enrollment.
Awesome Teaching !!! Can you take similar kind of session on Stats command
Yes that is already there in my todo list.
Hi, Please let me know if any support needed 6303692186
Hi Sir,
I am a beginner at Splunk and I am stuck in a case. How can I get the User-agent from Request Heder in Splunk. I mean to ask what query should I write for this??
Please help !!
Can you please post this question to splunk community community.splunk.com/t5/Community/ct-p/en-us
I am not fully understanding what is the exact requirement.
Its helpful..thank you
if we do "ps -ef | grep sh", few .sh scripts are running on servers, so if the .sh scripts are not running we need to get the alert, could you pls help me how I can write this
well you can index the output of "ps -ef | grep sh" in splunk in definite interval. Then just ceate alert based on those events.
Great ! Thanks.
Hello Sir, Would you kindly tell us, where to get Logfiles so that we can study splunk in more detail?
You can download the data from the below link,
docs.splunk.com/Documentation/SplunkCloud/8.0.2006/SearchTutorial/GetthetutorialdataintoSplunk
Thank u very much
Hi, Please let me know if any support needed 6303692186
Hi great tutorial could you please help me with one solution? Im using if function to find the field contains a name but user can insert that name in any case. Like i want to search Vishal but value could be vishal or VISHAL or vISHAL or Vishal. Presently im getting exact match for Vishal only. What if want result shouldn't be case sensitive?
you can use lower function like below,
| makeresults count=2
| streamstats count
| eval name = case(count=1,"VISHAL",count=2,"vISHAL")
| eval lower_name = lower(name)
| where lower_name = "vishal"
Thank you!
Amazing video..Thank you so much..
I created a lookup for my new field that I created.. but I am getting Assuming implicit file error when I use it.. I am not Admin.. I can't change conf file.. how can I get rid of this error. Pls help thank you
Hi, Please let me know if any support needed 6303692186
Hi Sir.. thank you for the video.. one question .. in this , you have showed how to access free Linux console in Google cloud. I tried, But Google cloud is not accepting payment from most of the reputed banks in India. Could you please share an alternative option to use Linux server for free(like cloud Google). Though this question is slightly away from the topic, this is a showstopper for me to learn further. So could you pls suggest an alternative.
Ideally it should work. Even I am based in India. You can try to see AWS cloud...check if they have similar plans.
How to use like function when both the field values are true. eg Requirement is when both First_1 and Last_1 values are true it should display true for rest it should display false. When I use the below syntax it is throwing error.
index=main sourcetype=csv | eval new_field = if( like ('first name', "First_1", 'Last name', "Last_1") "true", "false") | table "first name" "last name" new_field
Error in 'eval' command: The expression is malformed. Expected ).
The search job has failed due to an error. You may be able view the job in the
Kindly let me know how to write a SPL query in this case.
Hi Hemnaath,
It should be something like below,
| makeresults
| eval "first name" = "First_1", "last name" = "Last_1"
| eval new_field = if( like ('first name', "First_1") AND like ('last name', "Last_1"), "true", "false") | table "first name" "last name" new_field
Sid
@@splunk_ml thanks Sid, for making such a nice videos on SPL queries.
AAAwesome tutorial! Thanks!
Can you give training one on one?
Hi Dilip,
Currently I have some bandwidth issue but as I am getting this type of request very frequently I have to think how I can handle it efficiently.
Sid