Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to find if indexer replication error occurs more than "n" times in "x" mins interval?

apurva1707
New Member
‎03-31-2016 09:01 PM

I need a search query to find out if the replication error occurs for more than 3 times in an interval of 5 mins? I have to create a dashboard for it.

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎04-01-2016 12:14 AM

You need to define what replication error specifically means in your use case. One you do that, its quite simple, set your span for 5minutes..

yoursearch | bucket span=1m _time | stats count by host | where count > 3

This groups the events into 1 minute slices, and looks for more then 3 errors within that 5 minute window.

You can look here for specifics about different replication errors : http://docs.splunk.com/Documentation/Splunk/6.2.3/Indexer/Bucketreplicationissues

0 Karma
Reply

apurva1707
New Member
‎04-03-2016 11:55 PM

Thanks for the reply. I intend to make a dashboard on indexer replication error. Can you please refine yoursearch for this?

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...