splunk query

bapun18 — Wed, 09 Sep 2020 12:38:33 GMT

Hi Folks,

i have a requirement to create relevant query in Splunk to retrieve daily count of records from Kafka server for all topics disctintively along with total records.

Below is my Query it runs though but is very slow to process.

Can you please help me to accelerate the data in populating :

index=blc_db sourcetype=jmx EventType="messages"
| where IN(mbean_property_topic,"ciot_pdx_vision_er_gorr_modify","ciot_pdx_vision_er_gorr_subscription_account","ciot_pdx_vision_er_gorr_transaction","ciot_pdx_vf_sharepoint_group_tac_list","com_vodafone_smartlife","com_witsoftware_vodafone_smartlife","android_com_vodafone_smartlife","android_com_crvsh_vodafone_smartlife","prod_ciot_mongo","ciot_pdx_unipart_dispatches_uk","ciot_pdx_vf_italy_liveperson","ciot_pdx_mongodb_flow_orchestrator_transaction","ios_com_vodafone_smartlife","ios_com_crvsh_vodafone_smartlife","my_com_maxis_smartlife","android_my_com_maxis_smartlife","ios_my_com_maxis_smartlife","ciot_pdx_vss_events","ciot_pdx_vss_events_detailed","ciot_nginx_cg_01","ciot_pdx_chatlingual_full","ciot_pdx_vision_er_gorr_refund")
| bin _time span=1d
| stats range(Count) as countPerHost by host, _time, mbean_property_topic
| stats count(host) as hostCount, sum(countPerHost) as totalCountPerDay by _time, mbean_property_topic

Re: splunk query

ITWhisperer — Wed, 09 Sep 2020 13:12:54 GMT

Can you provide some sample data from

index=blc_db sourcetype=jmx EventType="messages"

so we can see what it is you are dealing with

topic Re: splunk query in Splunk Search

splunk query

Re: splunk query