Splunk Search

How to correct a query that calculates a certain value when a particular condition is met?

payyachamy
Observer

I have a query that calculates a certain value when a particular condition is met.

| eval Other_Failures = Total_requests - (OpFail + FuncFail) |  where httpcode!=200 

But I'm not getting any events from this. How can I correct this?

Labels (4)
0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@payyachamy 

Can you please share more details about your search like sample OUTPUT or Event from search before calculation logic ?

KV

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

It depends on the rest of your search and what you have in your events - one piece of a jigsaw puzzle is not always enough to work out what the picture is :grinning_face:

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...