Splunk Search
Highlighted

How can I search count by DN based on my sample event?

New Member

How can I do search count by dn here? tag=101 means search. I have already used transaction conn to separate based on connection numberalt text

0 Karma
Highlighted

Re: How can I search count by DN based on my sample event?

Legend

Try this instead of using transaction

*EDITED*

 your base search | eventstats values(dn) as dn by conn | where tag=101 | timechart count by dn usenull=f useother=f
0 Karma
Highlighted

Re: How can I search count by DN based on my sample event?

New Member

Thnx for the reply. Sorry but it says "No results". If i don't use transaction then the events are not grouped based on conn number. The DN value is only present after the binding is complete so I used transaction so that the dn and SRCH are grouped in same event.

0 Karma
Highlighted

Re: How can I search count by DN based on my sample event?

New Member

The graphs should look like this. The first one is for Search count by DN and the second one is for Search count duration by DN. I need help with both pleasealt text

0 Karma
Highlighted

Re: How can I search count by DN based on my sample event?

Legend

Try the edited query

0 Karma
Highlighted

Re: How can I search count by DN based on my sample event?

New Member

I did. It doesn't work. I think you'd be able to solve it if I can send you the log file

0 Karma
Highlighted

Re: How can I search count by DN based on my sample event?

Legend

That'll be great. Share a few events

0 Karma
Highlighted

Re: How can I search count by DN based on my sample event?

New Member

alt text

Thnx.Ive added a link to the image url for you.

0 Karma
Highlighted

Re: How can I search count by DN based on my sample event?

Legend

I don't see the link. All I see is alt text. Just paste a few events to your original question

0 Karma
Highlighted

Re: How can I search count by DN based on my sample event?

New Member

This is a preview of how the data is indexed initiallyalt text

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.