Can someone please help me to remove passive hosts in splunk. the query i am using is:
| metadata type=hosts
| sort recentTime
| convert ctime(recentTime) as Latest
You should compare the recentTime with the current time, work out the difference and compare the difference with a threshold to identify those hosts
Example query:
| metadata type=hosts | eval diff=now()-recentTime | eval threshold=3600 | where diff>threshold
Note: query not tested but you should get the idea
Related
Consider this query:
| makeresults count=100000
| eval a=if(random()%2==0,"apple", "banana")
| eval b=if(random()%2==0,"cherry","date")
| eval c=if(random()%2==0,"eggplant",if(random()%2==0,"fig",if(random()%2==0,"grape","huckleberry")))
| eval x=random()
| eval y=random()%x
What I'd like is to simply add:
| fit y from x by a, b, c
Then, I would get a total of n models (16 in this case) created and applied to the data, which I can then do stuff with.
Unfortunately, Splunk's fit command does not support a by clause.
The question is, how can I use the commands that ARE available to accomplish the same thing?
I've tried using map but that is limited to 10 subqueries.
I've tried using foreach but that complains: "Search pipeline may not contain non-streaming commands"
Are there commands available to me that will let me do what I'm trying to do?
I am new to BDD specflow.
I have to write a scenario wherein after I capture an image, i have to select a value for each defined attribute for that image from a selection list
For Eg:
|Body Part |Location |Group |
| Leg | Left | Skin |
| Hand | Upper | Burn |
| Arm | Right | Ulcer |
I need a way in which i can select a different value for each attribute, every time.
Thanks in advance!
You are looking for Scenario Outline;
Scenario outlines allow us to more concisely express these examples through the use of a template with placeholders, using Scenario Outline, Examples with tables and < > delimited parameters.
Specflow takes each line in the Example table and create from the line a scenario to execute.
I am currently connecting SQL server to robot framework, so i can read my data table name in robot. and I want to use for loop to check table name, somehow, ":FOR" loop keyword cannot found, but I have installed libraries such as operating-system, collections, string, built-in, diff-library and so on. anyone can help me why i cannot use for loop? any help will be appreciated.
The robot framework users guide has a whole section on how to use the for loop. From that section:
The syntax starts with :FOR, where colon is required to separate the
syntax from normal keywords. The next cell contains the loop variable,
the subsequent cell must have IN, and the final cells contain values
over which to iterate. These values can contain variables, including
list variables.
Here's an example from the user's guide, reformatted to use pipes (for clarity):
*** Test Cases ***
| Example 1
| | :FOR | ${animal} | IN | cat | dog
| | | log | ${animal}
| | | log | 2nd keyword
| | Log | Outside loop
Maybe you are not escaping indented cells; as the Tip in the documentation says. Try writing loops like this:
:FOR ${index} IN RANGE ${start} ${stop}
\ log to console index: ${index}
\ Call a Keyword
I am using Twinkle (A SPARQL Query Tool). I did a SPARQL over a RDF file, and got a results file like below. Since it doesn't seems a typical file format like CSV, do you know a library to parse this format? Any programming language is fine.
---------------------------------------------------------------------
| name |
=====================================================================
| "Egypt"^^<http://www.w3.org/2001/XMLSchema#string> |
| "Iraq"^^<http://www.w3.org/2001/XMLSchema#string> |
| "Jordan"^^<http://www.w3.org/2001/XMLSchema#string> |
| "Kuwait"^^<http://www.w3.org/2001/XMLSchema#string> |
| "Libya"^^<http://www.w3.org/2001/XMLSchema#string> |
| "Mauritania"^^<http://www.w3.org/2001/XMLSchema#string> |
| "Somalia"^^<http://www.w3.org/2001/XMLSchema#string> |
| "Sudan"^^<http://www.w3.org/2001/XMLSchema#string> |
| "Syrian Arab Republic"^^<http://www.w3.org/2001/XMLSchema#string> |
| "Tunisia"^^<http://www.w3.org/2001/XMLSchema#string> |
| "United Arab Emirates"^^<http://www.w3.org/2001/XMLSchema#string> |
| "Yemen"^^<http://www.w3.org/2001/XMLSchema#string> |
---------------------------------------------------------------------
That's not any standard format, so you'd have to write a parser for that by hand; it looks like the default CLI output of a query command for a database (which one I wonder?).
The query command from the CLI probably has the option to provide standard SPARQL results formats, such as SPARQL/XML or SPARQL/JSON, which you can use any standard RDF library, such as Jena or Sesame if you are working in Java, to parse the results in that format. That is the best way to accomplish what you're attempting.
Generally, you should not interface programmatically with CLI output and instead use API's provided with the database.
That looks like it could be Jena output.
The ResultSetFormatter class contains ways to format results in all the standard formats (XML, JSON, TSV, CSV) as well as this display format in text.
ResultsetFormatter.outputAsXML
ResultsetFormatter.outputAsJSON
ResultsetFormatter.outputAsTSV
ResultsetFormatter.outputAsCSV
The text format is not for parsing - more for simple display and debugging.
The command line has args to set the results format e.g. --results json
And the query form in Fuseki allows you to choose the output format.
The format you see is a Typed RDF literal. The URI http://www.w3.org/2001/XMLSchema#string is a XSD type "string" saying that your value is just a "string" (it could be an "int", etc...). If you just want the value, you can omit the URI after "^^" or use the STR function in your SPARQL query.
In a FitNesse query table, is it possible to load a symbol with the returned results?
example of what I would like to do:
|Query: GetPlayers|
| name | age | ID |
| jones | 36 | $ID1= |
| smith | 27 | $ID2= |
Or alternatively, just have one $ID symbol which is loaded with a collection.
Is this possible?
Unfortunately I believe this is still an unresolved issue in FitNesse. There is a PivotalTracker entry for it, that no one has take one yet: https://www.pivotaltracker.com/story/show/1893214. I've looked at it, but haven't been able to solve it myself.
We currently work around this by having a driver that can do equivalent query. Then we get the value back from the query. It is much more cumbersome, but works for now.
I completely agree that this should be possible. But as far as I know, it has not been fixed yet.
Maybe I don't understand your problem, but this is working fine for me:
|Query: whatever|whatever_param |
|key |value |
|a_key |$symbol= |
|check |$symbol|a_value|
I use Cslim, and the method whatever.query() returns a list of maps that correspond to the keys (the key a_key have the value a_value for this exemple)