Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Multiple Events - Looking for Matching Data

jon0149
New Member
‎08-14-2019 03:09 AM

I would like to show a count for every time I get a "burst" of similar events.
This would be defined as more than one event having the same data in one field across them:

So :
- Event 001 would have a "subject" field with text always in the same format subject = "Report: <EventName>"
- Event 002 would have the same setup but with either the same or a different <EventName>.

I would like to be able to view all the events where there is another event with the same <EventName> and also display the results in a Dashboard. Thereby analyzing trends between similar events.

Does anyone know how I might achieve this?

Thanks

0 Karma
Reply

Sukisen1981
Champion
‎08-14-2019 08:44 AM

Hi @jon0149 - You do need to provide a sample of your events and what you need in more clear statements, if you expect a more detailed answer.
That being said,you best bet is to
1- extract events using regex based on the eventname
2- do a stats , values, list , table of the events
3- Save as a panel in a dashboard
4- You might have a text input dropdown in your dashboard which would be the eventnames , selcting one would show you the events with timestaoms for that particular eventname across the range of your search

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...