Re: How do I add a static column to search results...

jsights · ‎11-27-2018

I have a search that is pulling the number of times a service makes a call to an operation per hour. I have the base search working properly and would now like to add a static column that shows the SLA for each operation, but I am unsure how to do that and would appreciate some guidance.

Thanks!

loggingAppId=APPNAME|eval callingAppAndOperation=callingAppId.".".loggingOperationName |bin _time span=1h |stats count As HourlyTotal by _time, callingAppAndOperation |sort -HourlyTotal |dedup callingAppAndOperation |sort callingAppAndOperation

DavidHourani · ‎11-28-2018

Hey t@jsights,

You should either use a csv file as a lookup or kvstore to list all your static SLAs per operation. Then use the lookup command like this :

loggingAppId=APPNAME|eval callingAppAndOperation=callingAppId.".".loggingOperationName |bin _time span=1h |stats count As HourlyTotal by _time, callingAppAndOperation |sort -HourlyTotal |dedup callingAppAndOperation |sort callingAppAndOperation | lookup callingAppAndOperation yourLookupDefintionName OUTPUTNEW SLA

Cheers,
David

renjith_nair · ‎11-28-2018

@jsights,

If you have different SLA for each type operation, try adding them into a lookup file and use it in your search.

i.e.
1. Create a look up table with Operation, SLA
2. Add the lookup to your search

Reference : https://docs.splunk.com/Documentation/Splunk/7.2.0/Knowledge/Aboutlookupsandfieldactions

Happy Splunking!

How do I add a static column to search results?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!