Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Performance data collecting and analytics

kiranmudunuru
New Member
‎12-20-2013 06:47 AM

I have a tool which has its performance data in its database. i am getting the output of it in a flat file and then intend to read it to provide some analytics based on the performance data that is captured.

However, need some assistance/ guidance on this. any tips on this will be most welcome.

Regards,
KM

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jordanperks
Path Finder
‎12-20-2013 06:54 AM

Install the Splunk Universal forwarder and point it at the file. If you want to do some predictions and anomaly detection check out the predict command (I think it was introduced in Splunk 6.0). http://docs.splunk.com/Documentation/Splunk/6.0/SearchReference/Predict

Here is an example of how I am using the predict command in order to determine when Symantec detects more viruses/hour than normal:
index=symantec (virus OR "security risk" OR "web attack") NOT "Tracking Cookies" earliest=-21d@d latest=now | rex "(?i) name: (?P[^,]+)" | bucket span=1h _time | timechart span=1h count(virus_host) as count | predict count | rename upper95(prediction(count)) as upper95 | fieldformat upper95=round(upper95,0) | sort -_time | eval Percent=round(upper95/count*100,0) | eval PercentAbove95thPecentile=round(100-Percent,0) | fields - Percent,lower95(prediction(count)),prediction(count) | fillnull value=0 count PercentAbove95thPecentile | head 10 | where PercentAbove95thPecentile>=1

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jordanperks
Path Finder
‎12-20-2013 06:54 AM

Install the Splunk Universal forwarder and point it at the file. If you want to do some predictions and anomaly detection check out the predict command (I think it was introduced in Splunk 6.0). http://docs.splunk.com/Documentation/Splunk/6.0/SearchReference/Predict

Here is an example of how I am using the predict command in order to determine when Symantec detects more viruses/hour than normal:
index=symantec (virus OR "security risk" OR "web attack") NOT "Tracking Cookies" earliest=-21d@d latest=now | rex "(?i) name: (?P[^,]+)" | bucket span=1h _time | timechart span=1h count(virus_host) as count | predict count | rename upper95(prediction(count)) as upper95 | fieldformat upper95=round(upper95,0) | sort -_time | eval Percent=round(upper95/count*100,0) | eval PercentAbove95thPecentile=round(100-Percent,0) | fields - Percent,lower95(prediction(count)),prediction(count) | fillnull value=0 count PercentAbove95thPecentile | head 10 | where PercentAbove95thPecentile>=1

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...