I have a search that is working fine
index=event_db environment=prod release = 2020150015
| timechart count as Events
However, I'd like to modify this to search for any release in an array of releases. I'm aware of the "in" operator.
The catch is that the array of releases I've been provided ("Releases") is formatted slightly differently like so:
[ver2020.15.0015, ver2020.15.0016, ver2020.22.0019] // in general, many more than 3!
Is there a way to use the in operator and some mapping to get
release in
[2020150015, 2020150016, 2020220019] ?
Can this be put in the search?
This is part of a panel so if it's simpler I could have code elsewhere to convert [ver2020.15.0015, ver2020.15.0016, ver2020.22.0019] into [2020150015, 2020150016, 2020220019]
However, as mentioned I'm a newbie so my knowledge of where to put code to transform an array is limited :)
I have a fieldset section and a panel with a query in it.
The "Releases" array is populated in the fieldset section as so:
<input type="text" token="Releases">
<label>Release or Releases</label>
<default>*</default>
</input>
The user enters ver2020.15.0015 or perhaps ver2020.15.*.
I can't just have the user enter 2020150015 as the ver2020.15.0015 format is used elsewhere.
Perhaps there's a way to create new field Releases_Alt right after getting this?
Let me know of any other info I can provide. As I said, I'm new to Splunk so I'm still struggling with terminology.
Try this query. It uses a subsearch to build the IN argument. Subsearches in Splunk run before the main search and the output of the subsearch replaces the subsearch itself.
index=event_db environment=prod release IN (
[ | makeresults
| eval Releases=replace ($Releases|s$, "[ver\.]+","")
| return $Releases ] )
| timechart count as Events
The makeresults command is there because even subsearches have to start with a generating command. makeresults creates a "dummy" event that allows other commands to work.
The eval command does the work of converting release versions into the desired format. Note the use of |s with the Releases token. This construct ensures the contents of the token are enclosed in quotation marks, which is expected by the replace function.
Finally, the return command with $ returns the results of the eval, but without the field name itself. Without it, the subsearch would return releases="2020150015, 2020150016, 2020220019", which wouldn't work.
Related
I saw in cytoscape application we have features like find and filter by keywords and degree. I tried a workaround following the original docs. Here you can see the demo webdemo.intolap.com/cytoscape (view-source for the source code or snippet). The filter works well partially. Example, "apple" will display apple and it's connected nodes (1st level) just what I am looking for.
But the problem I am facing is about resetting the graph and filter again with a
different keyword. It seems the filter function does not work after the text box is cleared and then keyed in a different keyword.
I mean when I clear the text box, it resets the graph to original which is correct. I did that using an init() function which reinstates the graph. But then if I search for "Ball" filter does not work. Any help please. Thanks!
actually there is a reasonably good explanation in the official docs here, but to be honest, I too struggled with this feature at first:
Basically, you can filter the specific collection you want to search by just inserting a filter query. So if you want to filter all nodes, you can use this:
cy.nodes(filterQuery);
If you want to filter all elements, just call this:
cy.elements(filterQuery);
If you want to make it easy, you can use this short version (short for cy.filter(...)):
cy.$(filterQuery);
The filter query itself is not that hard, you can do this (assuming that you have a node with the id "first" or an attribute like nodeColor "#2763c4"):
cy.$('[id != "first"]');
cy.$('[id = "first"]');
cy.$('[nodeColor = "#2763c4"]');
cy.$('[weight > 50]');
Additionally, you can specify the target collection within your filter query like this:
cy.$('node[id != "first"]');
Lastly, if you need complex filtering, you can use a function to apply that logic to the filter, for that just do this:
cy.$(function(element, i){
return element.isNode() && element.data('weight') > 50;
});
Sounds like you are trying to cy.filter on a cytoscape instance that no longer exists at that point. That's why it works the first time, but not the second time (after you reinstate the graph, which probably means destroy & create).
You need to make sure you point your filter handlers to the active cytoscape instance.
I am trying to run the following query
index=one /thispath/file*.pdf
I know that using wildcards in the middle of a string is not recommended, but I have too many different files: file001.pdf, fileabc.pdf and others.
What can I do? I am more worried about bogus results than processing speed.
Thanks!
It's not recommended, but it works. Just do it.
index=one "/thispath/file*.pdf"
I think you could do this one of 3 ways, actually, depending on your needs:
| makeresults | eval field="/thispath/fileone.pdf"
tell splunk to look for both the beginning and end of something
| search field="/thispath/file*" AND field="*.pdf"
filter after the event search using wildcards
| where like(field, "/thispath/file%.pdf")
filter after the event search using regex
| where match(field, "/thispath/file.*.pdf")
I'm kind of new to selenium IDE and automated test and I don't know much about programming languages. I have a question concerning verifyText command as verifyTextPresent is deprecated. If I put the target word/text in * * will it work as if I was using verifyTextPresent? Could waitForText work?
I am trying to verify that the search function of a website is working as expected. I search the word "client" and I want to verify that the word is present in the results.
clickAndWait css=div.cf-tooltip-text
type id=edit-global-search client
clickAndWait id=edit-submit-global-search
verifyText id=content-column *client*
This works, but in the Log I can not understand what it really does. Also if I try the word on its own "client" I get an error which I understand because it compares it to the text of the whole column. I also tried to put an irrelevant word between asterisks such as youwillnotfindthetext (just to make sure that everything between asterisks will pass the test) and there I had an error too.
So it seems to be working somehow but I want to ask some of you expert guys.
Thanks
If you put a * in starting and ending means it will look for the inner text containing in the specific element. If a text is present as you given in the script it will return a pass. If the text u specified in the script is not present, it will throw an error. That's what happens when you put youwillnotfindthetext in between the *.
Check this link Selenium: test if element contains some text
I have been developing a web application using domino, therein I have dblookup-ing the field from notes client; Now, this is working fine but the format of value is missing while using on web.
For example in lotus notes client the field value format is as above
I am one, I am two, I am one , I am two, labbblallalalalalalalalalalalalalalalalalalaallllal
Labbbaalalalallalalalalalaalallaal
Hello there, labblalalallalalalllaalalalalalalalalalalalalalalalalalalalalalalala
Now when I retrieve the value of the field on web it seems it takes 2 immediate after 1. and so forth, I was expecting line feed here which is not happening.
The field above is multi valued field. Also on web I have used computed text which does db lookup from notes client.
Please help me what else could/alternate solution for this case.
Thanks
HD
Your multi-valued field has display options associated with it and the Notes client honors those. Obviously, your options are set up to display entries separated by newlines.
The computed text that you are using for the web does not have options like that and the field options are irrelevant because you aren't displaying the field. Your code has to insert the #Newlines. That's pretty easy because #DbLookup returns a list, and if you concatenate a list and a scalar, the scalar will be appended to each element of the list. (Look at the third example under "concatenation, pairwise" here to see what I mean.
The way you've worded your question is a little unclear to me, but what you need in your computed text formula is either something like this:
list := #DbLookup(etc,. etc.);
list + #Newline;
Or something like this:
multiValueFieldContainingListWithDbLookupResult + #NewLine;
I used #implode(Dblookupreturnedvalue;"");
thanks All :)
I making a virtual assistant client for my University project and there is a slight problem in getting a tag return based on match string.
The system works like this:
1. The user speech input is converted into a string.
2. The string is then matched to column in table.
3. The matching column returns its id which then return two tags from another table.
The problem is for calling someone, how should I go around it?
I mean, the user will say something like this: "Call Arya", here I can't have predefined command for each person so I have to use "MATCH" or "LIKE" selectors in SQL.
But then if I use these selectors then it will return me the tag for say opening facebook app even if I just "facebook", as the commands for facebook will be "open facebook" or "run facebook".
So how to work around it. Please help.