Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Multiple Events - Looking for Matching Data

jon0149
New Member
‎08-14-2019 03:09 AM

I would like to show a count for every time I get a "burst" of similar events.
This would be defined as more than one event having the same data in one field across them:

So :
- Event 001 would have a "subject" field with text always in the same format subject = "Report: <EventName>"
- Event 002 would have the same setup but with either the same or a different <EventName>.

I would like to be able to view all the events where there is another event with the same <EventName> and also display the results in a Dashboard. Thereby analyzing trends between similar events.

Does anyone know how I might achieve this?

Thanks

0 Karma
Reply

Sukisen1981
Champion
‎08-14-2019 08:44 AM

Hi @jon0149 - You do need to provide a sample of your events and what you need in more clear statements, if you expect a more detailed answer.
That being said,you best bet is to
1- extract events using regex based on the eventname
2- do a stats , values, list , table of the events
3- Save as a panel in a dashboard
4- You might have a text input dropdown in your dashboard which would be the eventnames , selcting one would show you the events with timestaoms for that particular eventname across the range of your search

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...