Splunk Search

How to get concurrent transactions for multiple hosts?

drmed
Explorer

Hello,

I'm having trouble getting concurrent events by host.

I can get concurrent key transactions for a single host, and it appears accurate:
* sourcetype="*iis" Target_Type="key" host="na5" | concurrency duration=TimeTaken | timechart span=1h count(concurrency)

But when I try to get this for all hosts (Grouped by host), it’s comparing the data on all instances, artificially inflating number of concurrent transactions per host:
* sourcetype="*iis" Target_Type="key" | concurrency duration=TimeTaken | timechart span=1h count(concurrency) by host

Any ideas?

Tags (1)
0 Karma

manus
Communicator
0 Karma

strive
Influencer

Concurrency doesn't have by clause. You may have to try something like this
http://answers.splunk.com/answers/7269/how-to-calculate-concurrent-transactions-grouped-with-a-parti...

drmed
Explorer

Thanks. Hope we can get concurrency by clause soon. This seems like a very common use case. For now, we are going to use a dashboard with host selection in a dropdown.

I tried to get the query in strive's link above working. Unfortunately it doesn't work for our data. A lot of assumptions go into how your Splunk data is setup (start / stop / other transactions) to make this work:
sourcetype="*traceappender" | eval counter = if(searchmatch("Module.Begin"),1,-1) | sort 0 + _time | streamstats sum(counter) as concurrency by host | timechart span=1h count(concurrency) by host

0 Karma

JeToJedno
Explorer

I agree ... I repeatedly have had to use a cludge to get concurrency ... by ...

0 Karma
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...