Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Query

dinesh001kumar
Engager
‎09-01-2024 05:33 AM

I would like to calculate the success rate of the Toup transaction via Channel( APP Or Web) in 4 API calls( E.g 4 Levels,Request will submit 1 do the validation and pass on level 2 and then at level 2 will do business validation and pass the transaction to next level and so on) in that few transactions may fail at level 1/2/3/4.  The channel method will be available only in the Level 1 not in the Other level. Transaction ID is the only field comman in all the levels. If I apply filter on Channel the output only the list of transaction in Level 1 since Channel field available in level1.

1. If apply filter on Web/APP Channel I should get the list of transaction IDs respective of channel

2. Taking the transaction IDs as a input it should the validate the status of the transaction at each level (2/3/4).

 

Note: In level 2/3/4 the log has both App and web logs only based on the transaction ID from level 1 need to differentiate.

Https status -200(Success); 500(Failure)

Labels (1)
Labels
0 Karma
Reply

dinesh001kumar
Engager
‎09-01-2024 10:43 AM

Hi @ITWhisperer ,

Above is the 2 Sample events with transactionID, the log pattern will be same but only the Channel and Transaction ID will get different, So If Apply filter at Channel level its getting reflected the Level 1 Event only, Since there is no Channel event in remaining 3 events. I need to calculate whether the transaction is successfully passed at all level or failed in between.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-01-2024 01:05 PM

I am not seeing the sample events in a code block - please can you repost them

0 Karma
Reply

dinesh001kumar
Engager
‎09-01-2024 09:15 PM

@ITWhisperer ,

 

I have reposted the sample 2 sample logs with transactionID, Please consider the Channel as a field, the log pattern will be same but only the Channel and Transaction ID will get different, So If Apply filter at Channel level its getting reflected the Level 1 Event only, Since there is no Channel event in remaining 3 events. I need to calculate whether the transaction is successfully passed at all level or failed in between.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-02-2024 03:08 AM

You can add channel to all events with the same tran_id with eventstats

| eventstats values(channel) as channel by tran_id
0 Karma
Reply

dinesh001kumar
Engager
‎09-01-2024 09:12 PM

Level: 1

Time:01/09/2024  12:00:00.230
call_headers: "{\"platform\":\"android\",\"user-agent\\"device-id\":\"380C71F2-6546-3340D56648g\",\"channel\":\"APP\"}"

Channel:App
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg

===========================================================================================================

Level: 2

Time:01/09/2024  12:02:00.230
http_status: 200
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg


==========================================================================================================
Level: 3

Time:01/09/2024  12:00:10.220
Req_domain: https://google.com/purchaseproduct
Req_method: POST
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg


==========================================================================================================
Level: 4

Time:01/09/2024  12:00:30.230
http_status: 200
Status:Completed
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg
0 Karma
Reply

dinesh001kumar
Engager
‎09-01-2024 09:11 PM

Level: 1
call_headers: "{\"platform\":\"android\",\"user-agent\\"device-id\":\"380C71F2-6546-3340D56648g\",\"channel\":\"web\"}"

Channel:web
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj

===========================================================================================================

Level: 2
http_status: 200
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
==========================================================================================================
Level: 3
Req_domain: https://google.com/purchaseproduct
Req_method: POST
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
==========================================================================================================
Level: 4
http_status: 200
Status:Completed
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj

0 Karma
Reply

dinesh001kumar
Engager
‎09-01-2024 10:40 AM

Level: 1
call_headers: "{\"platform\":\"android\",\"user-agent\\"device-id\":\"380C71F2-6546-3340D56648g\",\"channel\":\"web\"}"
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj

===========================================================================================================

Level: 2
http_status: 200
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
==========================================================================================================
Level: 3
Req_domain: https://google.com/purchaseproduct
Req_method: POST
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj
==========================================================================================================
Level: 4
http_status: 200
Status:Completed
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: tdgdbdjkksolsksujj

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-01-2024 07:32 AM

Please share some raw anonymised representative sample events in a code block to preserve formatting.

Please identify which fields (if any) you already have extracted.

Also, please share a representation of your expected output.

0 Karma
Reply

dinesh001kumar
Engager
‎09-01-2024 10:38 AM

Level: 1

Time:01/09/2024  12:00:00.230
call_headers: "{\"platform\":\"android\",\"user-agent\\"device-id\":\"380C71F2-6546-3340D56648g\",\"channel\":\"APP\"}"
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg

===========================================================================================================

Level: 2

Time:01/09/2024  12:02:00.230
http_status: 200
call_severity: 1
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg
==========================================================================================================
Level: 3

Time:01/09/2024  12:00:10.220
Req_domain: https://google.com/purchaseproduct
Req_method: POST
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg
==========================================================================================================
Level: 4

Time:01/09/2024  12:00:30.230
http_status: 200
Status:Completed
log_env: test
message: /api/subscriptiontypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
Function: /api/producttypes/Prepaid/products/10669413a39dee7fcd8422d80826067b
tran_id: dghhaxkhhjxh00765sg

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...