Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do i get top services and put it in chart??

RashmiGowda
Explorer
‎06-30-2014 01:22 AM

Hello,

I need to get the top 25 services from the requesting system and have to put it in a chart with the SUCCESS and FAILURE of transactions. So m using query like this. Can any one suggest how to use "TOP" Command with chart to get the top 25 services.

Query:

index="abc" requestingSystem="RS" | top limit=25 lookup_service_operation_name | transaction messageIdentifier maxspan=1m | search eventcount="2"| chart count as Transactions, count(eval(responseMessageField like"Success%" OR responseMessageField like"SUCCESS%")) as Success, count(eval(responseMessageField!="Success" AND responseMessageField!="SUCCESS")) as Failures by lookup_service_operation_name.

But this query is not helping to get the top 25 services and also count of the transactions for services also not correct.
Can any one plz help me out in this..?

Thanks in advance.

Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-30-2014 05:04 AM

Without knowing your data this is just a guess...

index=abc requestingSystem=RS (start OR success OR failure)
| transaction messageIdentifier maxspan=1m startswith="start" endswith="success OR failure"
| eval success = if(match(responseMessageField, "(?i)success"), 1, 0)
| chart count as Transactions, sum(success) as Success by lookup_service_operation_name
| eval Failures = Transactions - Success
| sort - Transactions | head 25
0 Karma
Reply

RashmiGowda
Explorer
‎06-30-2014 08:08 AM

martin_mueller - thank you,

The data is in the xml format. it will contain the start time, end time and other user data with success and failure.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...