Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Splunk Query
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Query
I would like to calculate the success rate of the Toup transaction via Channel( APP Or Web) in 4 API calls( E.g 4 Levels,Request will submit 1 do the validation and pass on level 2 and then at level 2 will do business validation and pass the transaction to next level and so on) in that few transactions may fail at level 1/2/3/4. The channel method will be available only in the Level 1 not in the Other level. Transaction ID is the only field comman in all the levels. If I apply filter on Channel the output only the list of transaction in Level 1 since Channel field available in level1.
1. If apply filter on Web/APP Channel I should get the list of transaction IDs respective of channel
2. Taking the transaction IDs as a input it should the validate the status of the transaction at each level (2/3/4).
Note: In level 2/3/4 the log has both App and web logs only based on the transaction ID from level 1 need to differentiate.
Https status -200(Success); 500(Failure)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ITWhisperer ,
Above is the 2 Sample events with transactionID, the log pattern will be same but only the Channel and Transaction ID will get different, So If Apply filter at Channel level its getting reflected the Level 1 Event only, Since there is no Channel event in remaining 3 events. I need to calculate whether the transaction is successfully passed at all level or failed in between.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am not seeing the sample events in a code block - please can you repost them
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have reposted the sample 2 sample logs with transactionID, Please consider the Channel as a field, the log pattern will be same but only the Channel and Transaction ID will get different, So If Apply filter at Channel level its getting reflected the Level 1 Event only, Since there is no Channel event in remaining 3 events. I need to calculate whether the transaction is successfully passed at all level or failed in between.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can add channel to all events with the same tran_id with eventstats
| eventstats values(channel) as channel by tran_id- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Level: 1
Time:01/09/2024 12:00:00.230
call_headers: "{\"platform\":\"android\",\"user-agent\\"device-id\":\"380C71F2-6546-3340D56648g\",\"channel\":\"APP\"}"
Channel:App
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg===========================================================================================================
Level: 2
Time:01/09/2024 12:02:00.230
http_status: 200
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg
==========================================================================================================
Level: 3
Time:01/09/2024 12:00:10.220
Req_domain: https://google.com/purchaseproduct
Req_method: POST
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg
==========================================================================================================
Level: 4
Time:01/09/2024 12:00:30.230
http_status: 200
Status:Completed
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Level: 1
call_headers: "{\"platform\":\"android\",\"user-agent\\"device-id\":\"380C71F2-6546-3340D56648g\",\"channel\":\"web\"}"
Channel:web
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
===========================================================================================================
Level: 2
http_status: 200
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
==========================================================================================================
Level: 3
Req_domain: https://google.com/purchaseproduct
Req_method: POST
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
==========================================================================================================
Level: 4
http_status: 200
Status:Completed
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Level: 1
call_headers: "{\"platform\":\"android\",\"user-agent\\"device-id\":\"380C71F2-6546-3340D56648g\",\"channel\":\"web\"}"
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
===========================================================================================================
Level: 2
http_status: 200
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
==========================================================================================================
Level: 3
Req_domain: https://google.com/purchaseproduct
Req_method: POST
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
==========================================================================================================
Level: 4
http_status: 200
Status:Completed
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please share some raw anonymised representative sample events in a code block to preserve formatting.
Please identify which fields (if any) you already have extracted.
Also, please share a representation of your expected output.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Level: 1
Time:01/09/2024 12:00:00.230
call_headers: "{\"platform\":\"android\",\"user-agent\\"device-id\":\"380C71F2-6546-3340D56648g\",\"channel\":\"APP\"}"
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg
===========================================================================================================
Level: 2
Time:01/09/2024 12:02:00.230
http_status: 200
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg
==========================================================================================================
Level: 3
Time:01/09/2024 12:00:10.220
Req_domain: https://google.com/purchaseproduct
Req_method: POST
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg
==========================================================================================================
Level: 4
Time:01/09/2024 12:00:30.230
http_status: 200
Status:Completed
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg
Unlock Database Monitoring with Splunk Observability Cloud
Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All
[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk
