Re: How to do hierarchy query?

jojujose · ‎05-24-2016

For simplicity sake, my data definition looks like: (FileId,ObjectId,ParentObjectId)
My data sample may look like:
f1,o1,null
f1,o1,null
f1,o2,o1
f1,o3,o2
I am basically trying to see something like this in the o/p..
Max depth in hierarchy for the above data set will be 2 (since, o3->o2->o1)
Also, I am interested in looking at the depth across fileIds..like a group by of the above results over fileIds
Any help in this will be appreciated!

sundareshr · ‎05-24-2016

Install the Splunk 6.x Dashboard Examples App and look at the Sankey Chart. Its a custom visualization for hierarchical data.

rafamss · ‎05-24-2016

Hi jojujose,

With base in your sample, I believe that you need use the transaction command for this. This command classify the start and end of each event.

Veja se isto ajuda: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Transaction

[]s
RM

How to do hierarchy query?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation