Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to get events after error occured.

Mondaya13
Explorer
‎08-13-2024 07:17 AM

Hello everyone, I am trying to get the queue or event counts with status=“spooling” that happened after the very first error(status=“*error*”) occurred. How could I do this? Thank you in advance. 


this is for our company’s printer server. 

Labels (4)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎08-13-2024 07:33 AM

Please share some anonymised but representative events that you are dealing with, preferably in a code block to preserve any formatting data.

0 Karma
Reply

Mondaya13
Explorer
‎08-13-2024 07:52 AM

So I have events with:

sourcetype=winprintmon host=bartender2020
type=PrintJob
printer="*"(gets all printer) ex: zebra1065
could have status of "printing"/"printing,error"/"spooling"


so what I wanted to do is if a printer has error(status="printing,error") at 6am, get the events of that printer that has status="spooling"(which is the queue) that occurred after 6am and count them. 

Desired result format:

printer name      |          Counts of spooling(queue)         |

Hope this explains better, been dealing with this for days 
Thank you so much in advance! 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...