Splunk Search

command to find count of specific errors

navd
New Member

I want to find number of 500 , 200 , 300 error present in the logs . I have already fields extracted for error_code
so I am doing something like this index="abc" |stats count(eval(error_code=502)) AS error_code which is working but how do I include in query for other error codes ?

Tags (1)
0 Karma
1 Solution

jluo_splunk
Splunk Employee
Splunk Employee

Hi Navd,

There are a couple approaches here. If you like, you could do it defining each error code you care about, and then use stats to count across them. For example..

index=navd sourcetype=test (error_code=200 OR error_code=300 OR error_code=500) 
| stats count by error_code

You could also continue using the method you're currently using, though I think it's a bit verbose. For example..

index=navd sourcetype=test 
| stats count(eval(error_code=200)) as "200_Errors", count(eval(error_code=300)) as "300_Errors", count(eval(error_code=500)) as "500_Errors"

If you'd like all the different errors present, you could aggregate across them all by using this..

index=navd sourcetype=test 
| stats count by error_code

View solution in original post

0 Karma

jluo_splunk
Splunk Employee
Splunk Employee

Hi Navd,

There are a couple approaches here. If you like, you could do it defining each error code you care about, and then use stats to count across them. For example..

index=navd sourcetype=test (error_code=200 OR error_code=300 OR error_code=500) 
| stats count by error_code

You could also continue using the method you're currently using, though I think it's a bit verbose. For example..

index=navd sourcetype=test 
| stats count(eval(error_code=200)) as "200_Errors", count(eval(error_code=300)) as "300_Errors", count(eval(error_code=500)) as "500_Errors"

If you'd like all the different errors present, you could aggregate across them all by using this..

index=navd sourcetype=test 
| stats count by error_code
0 Karma
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...