Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Error and Warning Count by Hour or date or timestamp

satyajit2007
Explorer
‎11-11-2020 11:46 PM

I have my spark logs in Splunk . 

I have got 2 Spark  streaming jobs running .It will have different logs ( INFO, WARN, ERROR etc) .

I want to create a dashboard for the error Count  by hour or any better way ( suggest please)

index=myindex AND (sourcetype=sparkjob1 OR sourcetype=sparkjob2 ) | stats count as total_logs count(eval(level="INFO")) as total_errors</query>

Please also advise if you have any better suggestion with useful dashboard. 

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

thambisetty
SplunkTrust
SplunkTrust
‎11-11-2020 11:59 PM 
index=myindex (sourcetype=sparkjob1 OR sourcetype=sparkjob2 )  | timechart count as total_logs count(eval(level="ERROR")) as total_errors span=1h
————————————
If this helps, give a like below.

View solution in original post

Reply
Solved! Jump to solution
Solution

thambisetty
SplunkTrust
SplunkTrust
‎11-11-2020 11:59 PM 
index=myindex (sourcetype=sparkjob1 OR sourcetype=sparkjob2 )  | timechart count as total_logs count(eval(level="ERROR")) as total_errors span=1h
————————————
If this helps, give a like below.
Reply
Solved! Jump to solution

satyajit2007
Explorer
‎11-12-2020 12:10 AM

thank you a lot .

1) As i have 2 applications Source types, do i need to make separate graphs? Can i do something by which i can identify those error/Info/warn belongs to which Job ?

2) Also If i need to do to add some texts like error, failed, exceptions to the ERROR bucket in the above example?

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...