Re: Create Dashboard and show error code & count

rajiv_kumar · ‎05-18-2011

We need to create Dashboard. In dashboard, need to show Error code (001, 002, 003...) in X-axis and count() in Y-axis in 1 hr span.
Please suggest me if any idea.

rajiv_kumar · ‎05-19-2011

I am looking x-axis should have Error Code(The code generated by my log Ex: Error:00001, Error:00002 etc) and Y- axis should have count(How many error happend during some period of time)

Masa · ‎05-19-2011

If you have the field called "Error", and specify the time range at search time;

| stats count by Error

Or,

earliest=-1h@h latest=@h | stats count by Error

Or,

earliest=-1h@h latest=@h | chart count by Error

Masa · ‎05-18-2011

Do you mean that X is time and Y is count, like a timechart example?

Assuming your event logs are like Splunk inernal web_access.log whih has status code, such as 200, 404 etc. The field name is called "status".

If you want to see the counts of each status code in timechart, and every 10 minutes time span for the past hour, please try the following query as an example.

index=_internal source="web_access.log" | timechart span=1h count by status

Try and show it in Report or Advanced Charting page. If the graph is what you are looking for, please save the search, create a dashboard from "Action" dropdown menue in Search page.

Create Dashboard and show error code & count

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases