I have grafana on sage and made a mage v2 query that works like a charm
group="platform_client" env="prod" event='all-requests-result'
serviceName='myServiceName' result="error"
$customFilter | timechart limit=0 count by serviceName
But I don't like how it went with $customFilter variable. I made it "custom" type with values 1=1, | dedup ip. 1=1 is a crutch for "do not apply additional filters". Is there a more elegant way to do it?
Related
I was trying to write a simple FluxQL Query in Grafana Dashboard that uses a variable
m1(of type constant)(which contains the name of the measurement)
I created the variable m1 in grafana dashboard variables
m1 = my-measurement
and tried to run the following queries but non of them worked and they either say expression request error or No Data)
i.e
SELECT count("fails") FROM "/^${m1:raw}$/"
SELECT count("fails") FROM "/^${m1}$/"
SELECT count("fails") FROM $m1" (expression request error)
SELECT count("fails") FROM "$m1"
SELECT count("fails") FROM "${m1}"
The only query worked was without dashboard variables
SELECT count("fails") FROM "my-measurement"
How can I use the variables to work for that query.
On the similar ground I tried to make a custom variable(myVar) for which we take integer input values from user and on that basis where clause should work, but same error occurs either no data or expression request error
What I tried was
SELECT count(*) from "my-measurement-2" WHERE ("value" > $myVar)
How should I solve these issues?Please help
You may have a problem with
1.) syntax
SELECT count("fails")
FROM "${m1:raw}"
2.) data
You may correct query syntax, but query can be very inefficient. Query execution may need a lot of time - so it's better to have timefilter, which will use selected dashboard time range (make sure you have some data in that time range)
SELECT count("fails")
FROM "${m1:raw}"
WHERE $timeFilter
3.) Grafana panel configuration
Make sure you are using suitable panel - for query above Stat panel is a good option (that query returns only single value, not timeseries, so time series panel types may have a problem with that).
Generally, use query inspector to see how are variables interpolated - there can be "magic", which is not obvious - e.g. quotes which are added around numeric variables, so then it is string filtering and not numeric filtering on the InfluxDB level.
id | name
1 | jack
2 | tomas
I want to find a row if the name is a substring of Ttomas.
So the result should be
id | name
2 | tomas
Is this possible?
Yes, this is possible in Ruby on Rails and SQL. Depends a bit on the database you use, but something like this should work:
Modelname.where("? LIKE CONCAT('%', name, '%')", 'Ttomas')
It's possible.
The brute-force way would be to iterate through all your users and check if name is a substring. But this horribly inefficient.
If you want to utilize SQL lookups, you need to look into gems like pg_search or elasticsearch for full search functionality.
I looked through some similar question but couldn't find an example of this sort of logic- what im looking for is a way to parse through a large return of usernames in powershell. User names that are not service accounts or kiosks have a specific naming convention of 6 grouped numeric characters: for example- username123456. I was thinking there has to be a way of using the where-object command but can't find anything on the syntax on technet or other PS resources. The one liner to get a return from the local domain is:
Search-ADAccount -PasswordNeverExpires | Select-Object Name, Enabled
This returns a list of domain accounts that have the password set to never expire. I want to only see the ones with the above naming convention ^^ I know you can achieve this with regex but my regex is quite rusty---if it can be done with where-object that would be optimal. I also looked into using pattern, but it seems to be for more complex returns than this... Thanks!
Are they under a specific OU? You could then use the -Searchbase parameter to limit the scope of the search to that OU.
Otherwise, Regex is probably going to be a good option to accomplish this.
Search-ADAccount -PasswordNeverExpires | Select-Object Name, Enabled | Where {
$_.name -match '\D\d{6}$'
}
I am new to splunk and facing an issue in comparing values in two columns of two different queries.
Query 1
index="abc_ndx" source="*/jkdhgsdjk.log" call_id="**" A_to="**" A_from="**" | transaction call_id keepevicted=true | search "xyz event:" | table _time, call_id, A_from, A_to | rename call_id as Call_id, A_from as From, A_to as To
Query 2
index="abc_ndx" source="*/ jkdhgsdjk.log" call_id="**" B_to="**" B_from="**" | transaction call_id keepevicted=true | search " xyz event:"| table _time, call_id, B_from, B_to | rename call_id as Call_id, B_from as From, B_to as To
These are my two different queries. I want to compare each values in A_from column with each values in B_from column and if the value matches, then display the those values of A_from.
Is it possible?
I have run the two queries separately and exported the results of each into csv and used vlookup function. But the problem is there is a limit of max 10000 rows of data which can be exported and so I miss out lots of data as my data search has more than 10000 records.
Any help?
Haven't got any data to test this on at the moment, however, the following should point you in the right direction.
When you have the table for the first query sorted out, you should 'pipe' the search string to an appendcols command with your second search string. This command will allow you to run a subsearch and "import" a columns into you base search.
Once you have the two columns in the same table. You can use the eval command to create a new field which compares the two values and assigns a value as you desire.
Hope this helps.
http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Appendcols
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Eval
I'm not sure why there is a need to keep this as two separate queries. Everything is coming from the same sourcetype, and is using almost identical data. So I would do something like the following:
index="abc_ndx" source="*/jkdhgsdjk.log" call_id="**" (A_to="**" A_from="**") OR (B_to="**" B_from="**")
| transaction call_id keepevicted=true
| search "xyz event:"
| eval to=if(A_from == B_from, A_from, "no_match")
| table _time, call_id, to
This grabs all events from your specified sourcetype and index, which have a call_id, and either A_to and A_from or B_to and B_from. Then it transactions all of that, lets you filter based on the "xyz event:" (Whatever that is)
Then it creates a new field called 'to' which shows A_from when A_from == B_from, otherwise it shows "no_match" (Placeholder since you didn't specify what should be done when they don't match)
There is also a way to potentially tackle this without using transactions. Although without more details into the underlying data, I can't say for sure. The basic idea is that if you have a common field (call_id in this case) you can just use stats to collect values associated with that field instead of an expensive transaction command.
For example:
index="abc_ndx" index="abc_ndx" source="*/jkdhgsdjk.log" call_id="**"
| stats last(_time) as earliest_time first(A_to) as A_to first(A_from) as A_from first(B_to) as B_to first(B_from) as B_from by call_id
Using first() or last() doesn't actually matter if there is only one value per call_id. (You can even use min() max() avg() and you'll get the same thing) Perhaps this will help you get to the output you need more easily.
I first want to say that I am just learning powershell and this might be a very simple answer, but I have done some research and can't find the exact thing I am looking for.
My Goal:
I am using the SQL cmdlets to try and exclude some databases that we need to run scripts on. Below is my code to get the databases
$ExcludeDBs=Invoke-Sqlcmd -ServerInstance $EDDSServer -Database EDDS -InputFile $InactiveCaseSQLPath
This works fine, it is after this when I am trying to use a foreach loop and try to compare the properties so I can determine which SQL cluster it is on. Below is my code:
$str="__SQL Cluster 13 (ALL NEW CASES HERE)"
$ExcludeDbs | foreach{
if($ExcludeDBs | Where-Object SQLclusterName -eq $str){
$SQLClusterName="ClusterNameSQL"}
}#end foreach loop
I get the following error:
Cannot bind parameter 'FilterScript'. Cannot convert the "SQLclusterName" value of type "System.String" to type "System.Management.Autom
ation.ScriptBlock".
I think this has something to do with type casting, but I am not sure where to go from here. Any help would be very much appreciated.
SQLClustername is being handled as a string - is it a field being returned from your query?
Also, you shouldn't need the where-object inside the foreach
$str="__SQL Cluster 13 (ALL NEW CASES HERE)"
$ExcludeDbs | foreach{
if($_.SQLclusterName -eq $str){
$SQLClusterName="ClusterNameSQL"}
}#end foreach loop