Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Get New event and it's count

patelbhavin2426
Observer
‎11-29-2021 01:47 PM

I want to simply get new exceptions that occur within last 30 minutes which did not happened anytime last week on the same day.

I have this query to get exceptions for last weekday. 

 

 

 

earliest=-7d@d latest=-6d@d index=production "java.lang.NullPointerException*" | stats count by field6

 

 

 

Which gives me result :: 

 

abcd.handler.CreateBankHandler26
abcd.cr.RequestProcessor34
abcd.cr.SessionInfo1
abcd.cr.SSOServlet2
abcd.impl.ExportManagerImpl1
abcd.impl.ImportFileProcessor1
  

 

The second query 

 

 

 

earliest=-1d@d latest=now index=production  "java.lang.NullPointerException*" | stats count by field6

 

 

 

 

Which gives me result :: 

abcd.handler.CreateBankHandler27
abcd.cr.RequestProcessor7
abcd.cr.SessionInfo1
abcd.cr.BaseServlet6
abcd.cr.SSOServlet 

 

So, the result should be new events from the second query.

Name :: 

abcd.cr.BaseServlet

 

 

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-29-2021 03:18 PM 
earliest=-7d@d latest=-6d@d index=production "java.lang.NullPointerException*" | stats count by field6
| eval count=2
| append
  [ search earliest=-30m@m latest=now index=production "java.lang.NullPointerException*" | stats count by field6
  | eval count=1]
| stats sum(count) as count by field6
| where count=1
0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...