Splunk IT Service Intelligence
Highlighted

ITSI Base search for key values

Engager

I've created a log that I think is optimal for Splunk. Let me know if it isn't. For example, here's some output:

2018-12-12 07:33:55,638 Key=NumberOfSpeedProductsOnlyInHmPlan Value=597
2018-12-12 07:33:55,638 Key=NumberOfSpeedProductsOnlyInWriteStore Value=0
2018-12-12 07:33:55,638 Key=NumberOfSpeedProductsOnlyInReadStore Value=0
2018-12-12 07:33:55,638 Key=NumberOfSpeedProductsOnlyInHmPlanWriteStore Value=12
2018-12-12 07:33:55,653 Key=NumberOfSpeedProductsOnlyInHmPlanReadStore Value=0
2018-12-12 07:33:55,653 Key=NumberOfSpeedProductsOnlyInWriteStoreReadStore Value=0
2018-12-12 07:33:55,653 Key=NumberOfSpeedProductsOnlyInHmPlanWriteStoreReadStore Value=4
2018-12-12 07:33:55,669 Key=NumberOfSpeedArticlesOnlyInHmPlan Value=18
2018-12-12 07:33:55,685 Key=NumberOfSpeedArticlesOnlyInWriteStore Value=0
2018-12-12 07:33:55,685 Key=NumberOfSpeedArticlesOnlyInReadStore Value=0
2018-12-12 07:33:55,685 Key=NumberOfSpeedArticlesOnlyInHmPlanWriteStore Value=1840
2018-12-12 07:33:55,685 Key=NumberOfSpeedArticlesOnlyInHmPlanReadStore Value=3

I want to create a base search of this log to have a metric on each kind of Key.
I'm new to ITSI Splunk. Can you share some tips or pointers on how this is done?

This is what I've tried:

index=dit_ples_pmt | stats values(Value) as Value by Key | `gettime`

Now I'm creating metrics by setting the threshold fields to the above Keys. However this doesn't seem to work.
Thanks!

0 Karma