In my scenario i have to compare counts of two different JVM
A- Jvm B-jvm jvma1 jvmb1 jvma2 jvmb2 jvma3 jvmb3
Have to compare count of the jvm
Expected output:
A- Jvm count B-jvm count jvm1 10 jvmb1 20 jvm2 20 jvmb2 40 jvm3 100 jvmb3 200
If those jvm logs are ingested with a monitor input, I expect the source field will contain the log name, yes?
source
So you could start with a simple and efficient:
| tstats count where index=yourindex source="/ws/jvm*" by source
Please provide more information on the data that you have and what it looks like in splunk, your question does not make much sense this way...
I have 6 jvm
/ws/jvma1/test.logs
/ws/jvmb1/test.log
Both the paths have same log file have to compare the count of jvma1 and jvmb1.How to find volume comparision from both the path.
Do you've any sample query that you're using right now to do some sort of reporting of those? E.g. a query to show count of all JVMs.
