Re: Create Dashboard and show error code & count

rajiv_kumar · ‎05-18-2011

We need to create Dashboard. In dashboard, need to show Error code (001, 002, 003...) in X-axis and count() in Y-axis in 1 hr span.
Please suggest me if any idea.

rajiv_kumar · ‎05-19-2011

I am looking x-axis should have Error Code(The code generated by my log Ex: Error:00001, Error:00002 etc) and Y- axis should have count(How many error happend during some period of time)

Masa · ‎05-19-2011

If you have the field called "Error", and specify the time range at search time;

| stats count by Error

Or,

earliest=-1h@h latest=@h | stats count by Error

Or,

earliest=-1h@h latest=@h | chart count by Error

Masa · ‎05-18-2011

Do you mean that X is time and Y is count, like a timechart example?

Assuming your event logs are like Splunk inernal web_access.log whih has status code, such as 200, 404 etc. The field name is called "status".

If you want to see the counts of each status code in timechart, and every 10 minutes time span for the past hour, please try the following query as an example.

index=_internal source="web_access.log" | timechart span=1h count by status

Try and show it in Report or Advanced Charting page. If the graph is what you are looking for, please save the search, create a dashboard from "Action" dropdown menue in Search page.

Create Dashboard and show error code & count

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation