Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

extract different models by audio and vedio type per day

splunkuseradmin
Path Finder
‎03-17-2019 02:37 PM

Hello Everybody,

I would like some help in sorting out different models with same kind and showing in a chart with type audio vs video for time span=1d.
my fields looks something like this.

_time callMediaType devicetype
3/17 13:12:23 audio CSF123
-------------------------- TCT312

3/17 15:17:20 audio. TCT321
--------------------------- SEP432
3/18 12:15:13. video. TAB123
----------------------------CSF145
3/18 14:23:12 audio. AMR-23-11XX-SIP
----------------------------TAB343
3/18 17:23:11 video. TCT231
----------------------------AMR-42-12XX-sip
3/19 12:23:14 audio. SEP073
----------------------------CSF678

Note:- where in 1st event shows in device type (callingpartydevice=CSF123 to calledpartydevice=TCT312).

I only need CSF*,TCT*,TAB* models from device_type.

  1. I need time chart per day with separate audio chart vs video chart with devicetypes (CSF,TCT,TAB) only.
  2. I also can do multi-series mode to compare audio and video.
0 Karma
Reply

adonio
Ultra Champion
‎03-17-2019 05:40 PM

can you kindly elabore?
i am not clear as to how your data looks like and what: "1st event shows in device type (callingpartydevice=CSF123 to calledpartydevice=TCT312)." means
in general, you can do something like this:
... your search ... (device_type=CSF* OR device_type=TCT* OR device_type=TAB*) | timechart span=1d count as event_count by device_type

hope it helps

0 Karma
Reply

splunkuseradmin
Path Finder
‎03-17-2019 10:07 PM

these are the fields till where i have reach with logs.
this point i have these fields in my table, so i need to make a timechart using this by extracting needed data and making either statcked bar chart or individual chart by showing audio vs video for those particular models only.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...