Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Want to see data by host

sunnyparmar
Communicator
‎06-16-2015 01:46 AM

Hi,

In the below given query i want to see the data by host but unable to see. Kindly suggest

index=sc-perfmon (counter="Avg. Disk sec/Read" OR counter="Avg. Disk sec/Write" ) by host | timechart avg(Value) by counter

Thanks
Ankit

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

chimell
Motivator
‎06-16-2015 03:48 AM

Hi sunnyparmar
Try this search code

|set union [search index=sc-perfmon counter="Avg. Disk sec/Read"| timechart avg(Value) by host] [ search index=sc-perfmon counter="Avg. Disk sec/Write" | timechart avg(Value) by host]

View solution in original post

Reply
Solved! Jump to solution
Solution

chimell
Motivator
‎06-16-2015 03:48 AM

Hi sunnyparmar
Try this search code

|set union [search index=sc-perfmon counter="Avg. Disk sec/Read"| timechart avg(Value) by host] [ search index=sc-perfmon counter="Avg. Disk sec/Write" | timechart avg(Value) by host]
Reply
Solved! Jump to solution

sunnyparmar
Communicator
‎06-16-2015 04:04 AM

Hey,

thanks for the reply but it is given below error when I am running the below query

index=sc-perfmon (counter="Avg. Disk sec/Read" OR counter="Avg. Disk sec/Write" ) | set union [search index=sc-perfmon counter="Avg. Disk sec/Read"| timechart avg(Value) by host] [ search index=sc-perfmon counter="Avg. Disk sec/Write" | timechart avg(Value) by host]

ERROR

Error in 'set' command: This command must be the first command of a search.

Thanks & Regards
Sunny

0 Karma
Reply
Solved! Jump to solution

chimell
Motivator
‎06-16-2015 04:08 AM

Don't add something to the search code that i gave you just run it
it works well will my data
Delete index=sc-perfmon (counter="Avg. Disk sec/Read" OR counter="Avg. Disk sec/Write" ) and re-run

0 Karma
Reply
Solved! Jump to solution

chimell
Motivator
‎06-16-2015 04:12 AM

Note that the search which contain a set command always begin with | set

0 Karma
Reply
Solved! Jump to solution

sunnyparmar
Communicator
‎06-16-2015 04:20 AM

Ultimate.. it works...thanks once again

0 Karma
Reply
Solved! Jump to solution

chimell
Motivator
‎06-16-2015 05:11 AM

Good thanks

0 Karma
Reply
Solved! Jump to solution

stephane_cyrill
Builder
‎06-16-2015 01:50 AM

HI TRY THIS

 index=sc-perfmon (counter="Avg. Disk sec/Read" OR counter="Avg. Disk sec/Write" )  | timechart avg(Value)  by host
Reply
Solved! Jump to solution

sunnyparmar
Communicator
‎06-16-2015 02:22 AM

Hey,

Thanks for the reply but if I did it by host only then query runs and it is showing data by host. Then when I will click on show events under it, it will show data for further parameter (Avg. Disk sec/Read and Avg. Disk sec/Write)but what I want that it will show data hostwise for both (counter="Avg. Disk sec/Read" OR counter="Avg. Disk sec/Write") counters in output.

and

Second query is not running.. it is giving an error.

Regards
Ankit

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...