Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to do hierarchy query?

jojujose
New Member
‎05-24-2016 12:37 PM

For simplicity sake, my data definition looks like: (FileId,ObjectId,ParentObjectId)
My data sample may look like:
f1,o1,null
f1,o1,null
f1,o2,o1
f1,o3,o2
I am basically trying to see something like this in the o/p..
Max depth in hierarchy for the above data set will be 2 (since, o3->o2->o1)
Also, I am interested in looking at the depth across fileIds..like a group by of the above results over fileIds
Any help in this will be appreciated!

0 Karma
Reply

sundareshr
Legend
‎05-24-2016 05:23 PM

Install the Splunk 6.x Dashboard Examples App and look at the Sankey Chart. Its a custom visualization for hierarchical data.

0 Karma
Reply

rafamss
Contributor
‎05-24-2016 02:57 PM

Hi jojujose,

With base in your sample, I believe that you need use the transaction command for this. This command classify the start and end of each event.

Veja se isto ajuda: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Transaction

[]s
RM

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...