Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Query for Multiple URLs

kvanwagoner
New Member
‎12-06-2019 04:16 AM

I'm sure this will be easy for you guys but I"m struggling with it..
I need to modify this query to look for both the http://open/FinalNumbers as well as a URL of https://apicorp.company/open/FinalNumbers

"A GET was made to Open API - Status: OK (http://open/FinalNumbers" | spath AppID | search Environment=prod | timechart count by Environment | bin span=7d _time | stats avg(prod)

Please help!

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jpolvino
Builder
‎12-06-2019 07:02 AM

Sounds like you want to OR the URLs:

"A GET was made to Open API - Status: OK (http://open/FinalNumbers" OR "A GET was made to Open API - Status: OK (https://apicorp.company/open/FinalNumbers" | spath AppID | search Environment=prod | timechart count by Environment | bin span=7d _time | stats avg(prod)

Also before the first pipe, you should specify an index and sourcetype at a minimum for efficiency.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jpolvino
Builder
‎12-06-2019 07:02 AM

Sounds like you want to OR the URLs:

"A GET was made to Open API - Status: OK (http://open/FinalNumbers" OR "A GET was made to Open API - Status: OK (https://apicorp.company/open/FinalNumbers" | spath AppID | search Environment=prod | timechart count by Environment | bin span=7d _time | stats avg(prod)

Also before the first pipe, you should specify an index and sourcetype at a minimum for efficiency.

0 Karma
Reply
Solved! Jump to solution

kvanwagoner
New Member
‎12-06-2019 12:49 PM

Thanks! That worked!

0 Karma
Reply
Solved! Jump to solution

jpolvino
Builder
‎12-06-2019 01:16 PM

Please "accept as answer" the solution that fixes the issue, to help others. Thanks, and glad it worked!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...