Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

If I have DataError field which has 10 different message text but I need to exclude 2 out 10 and 8 as stats result?

Naga1
Loves-to-Learn Lots
‎05-28-2023 08:27 PM

If I have DataError field which has 10 different message text but I need to exclude two out 10 I need only 8 as stats result ?Please suggest any solution here?

Labels (2)
Labels
0 Karma
Reply

yeahnah
Motivator
‎05-28-2023 08:59 PM

Hi @Naga1 

The are a number of methods.

As you have not provided any example of the DataError field values, I'll assume they are short and concise.  Generally, the simplest and most efficient way is do exclude them at base search time.  Something like this

...your search query... NOT DataError IN("value1 to exclude", "value1 to exclude")  ``` this will exclude the 2 DataError messages you want to ignore``` 
| stats count BY DataError

Or, it can be just as quick to do the stats count on all values and then exclude the ones you do not want to see afterwards.

...your search query... 
| stats count BY DataError
| search NOT DataError IN("value1 to exclude", "value1 to exclude")

It really depends on the data.

Anyway, hope that helps get you going.

0 Karma
Reply

Naga1
Loves-to-Learn Lots
‎05-29-2023 12:07 AM

If I have long values with lot of special character and quotation mark(")How the search string differs between value and separator.

 

Long errors may be : 

1. ART.117.4002] Adapter Runtime (Adapter Service): Unable to invoke adapter service cip.atsJob.connectors.cipdb.jobCatalog:saveJobCatalog with connection cip.atsJob.connectors.cipdb:atsJobDb.
[ADA.1.316] Cannot execute the SQL statement "?= call SAVE_JOB_CATALOG( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)". "
(23000/1400) ORA-01400: cannot insert NULL into ("ATSJOB"."ATS_JOB_CATALOG"."JOB_TITLE")
ORA-06512: at "ATSJOB.SAVE_JOB_CATALOG", line 55
ORA-06512: at line 1 "
ORA-01400: cannot insert NULL into ("ATSJOB"."ATS_JOB_CATALOG"."JOB_TITLE")
ORA-06512: at "ATSJOB.SAVE_JOB_CATALOG", line 55
ORA-06512: at line 1

 

 

2. "Error in ATS_JOB_FEED.AVATURE_GLOBAL job processing either jobTitle or JobDescription value is null,chk ATS_JOB_CATALOG for job details using job code:%dynamic value% and ATS code:AVATURE_GLOBAL
See CIP Framework Log for more details, Interface Code: ATS_JOB_FEED.AVATURE_GLOBAL”

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...