- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How to set count for the alert condition
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Everyone,
I have one requirement.
I need to set one alert when node response time is greater the 5000ms and that to 2-3 node response time should be greater then 5000ms.
I have taken one not sure how to take multiple count of node response time
Can someone guide me on that.
Below is my query:
index=abc ns=blazegateway (app_name=way-a)OR(app_name=way-b) (nodeUrl ="*") Trace_Id=* "*" | stats count by Trace_Id Span_Id ns app_name Log_Time caller nodeUrl nodeHttpStatus nodeResponseTime |rename caller as "Caller"|rename nodeUrl as "Node" |rename nodeHttpStatus as "NodeHttpStatus"|rename nodeResponseTime as "NodeResponseTime"| fields - count| |sort 10 -NodeResponseTime|where NodeResponseTime >5000
Thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @aditsss,
You can count multiple NodeResponseTime and apply conditions on the count.
index=abc ns=blazegateway (app_name=way-a)OR(app_name=way-b) (nodeUrl ="*") Trace_Id=* "*" | stats count by Trace_Id Span_Id ns app_name Log_Time caller nodeUrl nodeHttpStatus nodeResponseTime |rename caller as "Caller", nodeUrl as "Node", nodeHttpStatus as "NodeHttpStatus", nodeResponseTime as "NodeResponseTime" | fields - count | where NodeResponseTime >5000 | eventstats count(NodeResponseTime) as ncount | where ncount > 2 | fields - ncount
If this reply helps you, an upvote/like would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @aditsss,
You can count multiple NodeResponseTime and apply conditions on the count.
index=abc ns=blazegateway (app_name=way-a)OR(app_name=way-b) (nodeUrl ="*") Trace_Id=* "*" | stats count by Trace_Id Span_Id ns app_name Log_Time caller nodeUrl nodeHttpStatus nodeResponseTime |rename caller as "Caller", nodeUrl as "Node", nodeHttpStatus as "NodeHttpStatus", nodeResponseTime as "NodeResponseTime" | fields - count | where NodeResponseTime >5000 | eventstats count(NodeResponseTime) as ncount | where ncount > 2 | fields - ncount
If this reply helps you, an upvote/like would be appreciated.
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
