Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Deployment Architecture
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- how to find the immediate next passed build from t...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
anooshac
Communicator
03-02-2020
09:00 PM
Hi all,
I have json file for each of the builds of jenkins. I want to calculate the Mean time to recovery , that is time taken from a failed build to the next immediate passed build. I listed all the failed builds but i am not getting to get the value of the next passed build. Can anyone please help me in this!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
03-03-2020
12:59 AM
Like this:
| makeresults
| eval raw="{
\"JOB_NUM\" : \"1\",
\"JOB_TIME\" : \"1/1/2020\",
\"JOB_STATUS\" : \"PASS\",
\"JOB_DURATION\" : \"304\"
}:::{
\"JOB_NUM\" : \"1\",
\"JOB_TIME\" : \"1/1/2020\",
\"JOB_STATUS\" : \"FAIL\",
\"JOB_DURATION\" : \"304\"
}:::{
\"JOB_NUM\" : \"1\",
\"JOB_TIME\" : \"1/1/2020\",
\"JOB_STATUS\" : \"FAIL\",
\"JOB_DURATION\" : \"304\"
}:::{
\"JOB_NUM\" : \"1\",
\"JOB_TIME\" : \"1/1/2020\",
\"JOB_STATUS\" : \"FAIL\",
\"JOB_DURATION\" : \"304\"
}:::{
\"JOB_NUM\" : \"2\",
\"JOB_TIME\" : \"10/2/2020\",
\"JOB_STATUS\" : \"PASS\",
\"JOB_DURATION\" : \"239\"
}"
| eval host = "foo"
| makemv delim=":::" raw
| mvexpand raw
| rename raw AS _raw
| kv
| streamstats count AS _serial
| eval _time = _time - _serial
| rename COMMENT AS "Everything above generates sample event data; everything below is your solution."
| streamstats count(eval(JOB_STATUS=="PASS")) AS SessionID BY host JOB_NUM
| stats dc(JOB_STATUS) AS outcomes range(_time) AS recoveryTime BY SessionID host JOB_NUM
| where outcomes>1
| stats avg(recoveryTime) AS MTTR
| fieldformat MTTR = tostring(MTTR, "duration")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
03-03-2020
12:59 AM
Like this:
| makeresults
| eval raw="{
\"JOB_NUM\" : \"1\",
\"JOB_TIME\" : \"1/1/2020\",
\"JOB_STATUS\" : \"PASS\",
\"JOB_DURATION\" : \"304\"
}:::{
\"JOB_NUM\" : \"1\",
\"JOB_TIME\" : \"1/1/2020\",
\"JOB_STATUS\" : \"FAIL\",
\"JOB_DURATION\" : \"304\"
}:::{
\"JOB_NUM\" : \"1\",
\"JOB_TIME\" : \"1/1/2020\",
\"JOB_STATUS\" : \"FAIL\",
\"JOB_DURATION\" : \"304\"
}:::{
\"JOB_NUM\" : \"1\",
\"JOB_TIME\" : \"1/1/2020\",
\"JOB_STATUS\" : \"FAIL\",
\"JOB_DURATION\" : \"304\"
}:::{
\"JOB_NUM\" : \"2\",
\"JOB_TIME\" : \"10/2/2020\",
\"JOB_STATUS\" : \"PASS\",
\"JOB_DURATION\" : \"239\"
}"
| eval host = "foo"
| makemv delim=":::" raw
| mvexpand raw
| rename raw AS _raw
| kv
| streamstats count AS _serial
| eval _time = _time - _serial
| rename COMMENT AS "Everything above generates sample event data; everything below is your solution."
| streamstats count(eval(JOB_STATUS=="PASS")) AS SessionID BY host JOB_NUM
| stats dc(JOB_STATUS) AS outcomes range(_time) AS recoveryTime BY SessionID host JOB_NUM
| where outcomes>1
| stats avg(recoveryTime) AS MTTR
| fieldformat MTTR = tostring(MTTR, "duration")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
anooshac
Communicator
03-03-2020
02:23 AM
Hi @woodcock , i'm sorry, there was some issue with the data. Thanks a lot for the response!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
03-02-2020
10:20 PM
Generally, like this:
index="YouShouldAlwaysSpecifyAnIndex" AND sourcetype="AndSourcetypeToo"
| streamstats count(eval(FieldNameForOutcome=="FieldValueForSuccess")) AS SessionID BY host FieldNameForJobID And Other FIelds Here
| stats dc(FieldNameForOutcome) AS outcomes range(_time) AS recoveryTime BY SessionID host FieldNameForJobID And Other Fields Here
| where outcomes>1
| stats avg(recoveryTime) AS MTTR
| fieldformat MTTR = tostring(MTTR, "duration")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
03-03-2020
12:59 AM
Never mind. I did your homework for you, too. See my new answer (and see how it is EXACTLY the same as this answer).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
anooshac
Communicator
03-03-2020
12:21 AM
hi @woodcock, Thanks for the response! I don't know why am i getting no results found to this query.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
03-03-2020
12:47 AM
You understand that I made up all of the field names and values, right?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sumanssah
Communicator
03-02-2020
10:20 PM
Please try this
for shared sample log
| makeresults
| eval json = "{
\"JOB_NUM\" : \"1\",
\"JOB_TIME\" : \"1/1/2020\",
\"JOB_STATUS\" : \"FAIL\",
\"JOB_DURATION\" : \"304\"
}"
| rex "(?<json>\{.+)" | spath input=json | fields - json
For production, try
<your base search> | rex "(?<json>\{.+)" | spath input=json | fields - json
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
anooshac
Communicator
03-03-2020
12:24 AM
Hi @sumanssah , it gives table with all the fields. I want to get the immediate passed JOB_NUM which to the failed one.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sumanssah
Communicator
03-02-2020
10:00 PM
If you can add a sample log, would be easy for all to provide SPL.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
anooshac
Communicator
03-02-2020
10:07 PM
hi @splnsuman , below are some sample json files that i'm using.
P1_job.json
{
"JOB_NUM" : "1",
"JOB_TIME" : "1/1/2020",
"JOB_STATUS" : "FAIL",
"JOB_DURATION" : "304"
}
P2_job.json
{
"JOB_NUM" : "2",
"JOB_TIME" : "10/2/2020",
"JOB_STATUS" : "PASS",
"JOB_DURATION" : "239"
}
Like this there are many files for each of the build.
Get Updates on the Splunk Community!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
