Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

If I have DataError field which has 10 different message text but I need to exclude 2 out 10 and 8 as stats result?

Naga1
Loves-to-Learn Lots
‎05-28-2023 08:27 PM

If I have DataError field which has 10 different message text but I need to exclude two out 10 I need only 8 as stats result ?Please suggest any solution here?

Labels (2)
Labels
0 Karma
Reply

yeahnah
Motivator
‎05-28-2023 08:59 PM

Hi @Naga1 

The are a number of methods.

As you have not provided any example of the DataError field values, I'll assume they are short and concise.  Generally, the simplest and most efficient way is do exclude them at base search time.  Something like this

...your search query... NOT DataError IN("value1 to exclude", "value1 to exclude")  ``` this will exclude the 2 DataError messages you want to ignore``` 
| stats count BY DataError

Or, it can be just as quick to do the stats count on all values and then exclude the ones you do not want to see afterwards.

...your search query... 
| stats count BY DataError
| search NOT DataError IN("value1 to exclude", "value1 to exclude")

It really depends on the data.

Anyway, hope that helps get you going.

0 Karma
Reply

Naga1
Loves-to-Learn Lots
‎05-29-2023 12:07 AM

If I have long values with lot of special character and quotation mark(")How the search string differs between value and separator.

 

Long errors may be : 

1. ART.117.4002] Adapter Runtime (Adapter Service): Unable to invoke adapter service cip.atsJob.connectors.cipdb.jobCatalog:saveJobCatalog with connection cip.atsJob.connectors.cipdb:atsJobDb.
[ADA.1.316] Cannot execute the SQL statement "?= call SAVE_JOB_CATALOG( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)". "
(23000/1400) ORA-01400: cannot insert NULL into ("ATSJOB"."ATS_JOB_CATALOG"."JOB_TITLE")
ORA-06512: at "ATSJOB.SAVE_JOB_CATALOG", line 55
ORA-06512: at line 1 "
ORA-01400: cannot insert NULL into ("ATSJOB"."ATS_JOB_CATALOG"."JOB_TITLE")
ORA-06512: at "ATSJOB.SAVE_JOB_CATALOG", line 55
ORA-06512: at line 1

 

 

2. "Error in ATS_JOB_FEED.AVATURE_GLOBAL job processing either jobTitle or JobDescription value is null,chk ATS_JOB_CATALOG for job details using job code:%dynamic value% and ATS code:AVATURE_GLOBAL
See CIP Framework Log for more details, Interface Code: ATS_JOB_FEED.AVATURE_GLOBAL”

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...