Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Query format for viewing server name with count on respect of color

sushil_sh
Engager
‎07-31-2021 04:35 AM

Hi Team,

 

I am very new in Splunk and i need your help to change my query as per requirement  

 

Please validate my syantax  as per requirement How do we get list of server name with count(which is change color like grey or Uninitialized) instead of count of server (server name comes under ServerName)

 

Please find my syntax and result

 

sourcetype=ABC Category IN ("Support","Patch") HealthValue IN(Grey, Uninitialized,) | bin _time span=1d | dedup ServerName HealthValue _time | timechart count(ServerName) as "QTY Servers" by HealthValue

 

 

sushil_sh_0-1627731180493.png

i am waiting for quick response

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-31-2021 06:02 AM 
sourcetype=ABC Category IN ("Support","Patch") HealthValue IN(Grey, Uninitialized,) | bin _time span=1d | stats count by ServerName HealthValue _time

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-31-2021 05:01 AM 
sourcetype=ABC Category IN ("Support","Patch") HealthValue IN(Grey, Uninitialized,) | bin _time span=1d | dedup ServerName HealthValue _time | stats values(ServerName) as "Servers" by HealthValue _time
0 Karma
Reply
Solved! Jump to solution

sushil_sh
Engager
‎07-31-2021 05:39 AM

Thanks for your response

@ITWhisperer  how do we get clour cout on the refference of server name

 

Eg:- suppose  one server change color 3 time in time _time then how do i express  this query in syntax

like below

ServerColourCount Time
xyzGrey31:00

 

Thanks in advance

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-31-2021 06:02 AM 
sourcetype=ABC Category IN ("Support","Patch") HealthValue IN(Grey, Uninitialized,) | bin _time span=1d | stats count by ServerName HealthValue _time
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...