Displayed with undefined range while using rangmap...

deepthi5 · ‎05-26-2016

I have define only <1 <2 ❤️ i don't know from where the first row is picked up can some one help in resolving this.

index=* sourcetype=AMS_samplelog
| search server ="1"
| rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
| stats  count as "Server-1" by range
| appendcols [
    search index=* sourcetype=AMS_samplelog
   | search server ="2"
   | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
   | stats  count as "Server-2" by range]
| appendcols [
   search index=* sourcetype=AMS_samplelog
  | search server ="3"
  | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
  | stats  count as "Server-3" by range]
| appendcols [
   search index=* sourcetype=AMS_samplelog
  | search server ="4"
  | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
  | stats  count as "Server-4" by range]
| appendcols [
   search index=* sourcetype=AMS_samplelog
  | search server ="5"
  | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
  | stats  count as "Server-5" by range]
| appendcols [
    search index=* sourcetype=AMS_samplelog
   | search server ="6"
   | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
   | stats  count as "Server-6" by range]
| appendcols [
    search index=* sourcetype=AMS_samplelog
   | search server ="7"
   | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
   | stats  count as "Server-7" by range]
| appendcols [
    search index=* sourcetype=AMS_samplelog
   | search server ="8"
   | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
   | stats  count as "Server-8" by range]
| appendcols [
    search index=* sourcetype=AMS_samplelog
    | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
    | stats  count as "Total" by range]
| table range, Server-1, Server-2, Server-3, Server-4, Server-5, Server-6, Server-7, Server-8, Total

This is the result:

range   Server-1    Server-2    Server-3    Server-4    Server-5    Server-6    Server-7    Server-8       Total
           16493       20285       19466       19370       18649       32698       23075       26399      176899
<1          4451        5619        5377        5413        5083        8684        6548        7302       48477
<2            80         275         180         149         164         683         351         390        2272
<3            24          26          34          38          24          64          44          40         294
>3            26          40          28          40          34          54          48          50         320

woodcock · ‎05-27-2016

Try this:

index=* sourcetype=AMS_samplelog
| eval server = "Server-" . server
| rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
| chart count BY range server
| addtotals row=t col=f

Displayed with undefined range while using rangmap in the search query

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...