Splunk IT Service Intelligence

ITSI Base search for key values


I've created a log that I think is optimal for Splunk. Let me know if it isn't. For example, here's some output:

2018-12-12 07:33:55,638 Key=NumberOfSpeedProductsOnlyInHmPlan Value=597
2018-12-12 07:33:55,638 Key=NumberOfSpeedProductsOnlyInWriteStore Value=0
2018-12-12 07:33:55,638 Key=NumberOfSpeedProductsOnlyInReadStore Value=0
2018-12-12 07:33:55,638 Key=NumberOfSpeedProductsOnlyInHmPlanWriteStore Value=12
2018-12-12 07:33:55,653 Key=NumberOfSpeedProductsOnlyInHmPlanReadStore Value=0
2018-12-12 07:33:55,653 Key=NumberOfSpeedProductsOnlyInWriteStoreReadStore Value=0
2018-12-12 07:33:55,653 Key=NumberOfSpeedProductsOnlyInHmPlanWriteStoreReadStore Value=4
2018-12-12 07:33:55,669 Key=NumberOfSpeedArticlesOnlyInHmPlan Value=18
2018-12-12 07:33:55,685 Key=NumberOfSpeedArticlesOnlyInWriteStore Value=0
2018-12-12 07:33:55,685 Key=NumberOfSpeedArticlesOnlyInReadStore Value=0
2018-12-12 07:33:55,685 Key=NumberOfSpeedArticlesOnlyInHmPlanWriteStore Value=1840
2018-12-12 07:33:55,685 Key=NumberOfSpeedArticlesOnlyInHmPlanReadStore Value=3

I want to create a base search of this log to have a metric on each kind of Key.
I'm new to ITSI Splunk. Can you share some tips or pointers on how this is done?

This is what I've tried:

index=dit_ples_pmt | stats values(Value) as Value by Key | `gettime`

Now I'm creating metrics by setting the threshold fields to the above Keys. However this doesn't seem to work.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!