extract different models by audio and vedio type p...

splunkuseradmin · ‎03-17-2019

Hello Everybody,

I would like some help in sorting out different models with same kind and showing in a chart with type audio vs video for time span=1d.
my fields looks something like this.

_time callMediaType devicetype
3/17 13:12:23 audio CSF123
-------------------------- TCT312

3/17 15:17:20 audio. TCT321
--------------------------- SEP432
3/18 12:15:13. video. TAB123
----------------------------CSF145
3/18 14:23:12 audio. AMR-23-11XX-SIP
----------------------------TAB343
3/18 17:23:11 video. TCT231
----------------------------AMR-42-12XX-sip
3/19 12:23:14 audio. SEP073
----------------------------CSF678

Note:- where in 1st event shows in device type (callingpartydevice=CSF123 to calledpartydevice=TCT312).

I only need CSF*,TCT*,TAB* models from device_type.

I need time chart per day with separate audio chart vs video chart with devicetypes (CSF,TCT,TAB) only.
I also can do multi-series mode to compare audio and video.

adonio · ‎03-17-2019

can you kindly elabore?
i am not clear as to how your data looks like and what: "1st event shows in device type (callingpartydevice=CSF123 to calledpartydevice=TCT312)." means
in general, you can do something like this:
... your search ... (device_type=CSF* OR device_type=TCT* OR device_type=TAB*) | timechart span=1d count as event_count by device_type

hope it helps

splunkuseradmin · ‎03-17-2019

these are the fields till where i have reach with logs.
this point i have these fields in my table, so i need to make a timechart using this by extracting needed data and making either statcked bar chart or individual chart by showing audio vs video for those particular models only.

extract different models by audio and vedio type per day

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?