Splunk Search

extract different models by audio and vedio type per day

splunkuseradmin
Path Finder

Hello Everybody,

I would like some help in sorting out different models with same kind and showing in a chart with type audio vs video for time span=1d.
my fields looks something like this.

_time callMediaType devicetype
3/17 13:12:23 audio CSF123
-------------------------- TCT312

3/17 15:17:20 audio. TCT321
--------------------------- SEP432
3/18 12:15:13. video. TAB123
----------------------------CSF145
3/18 14:23:12 audio. AMR-23-11XX-SIP
----------------------------TAB343
3/18 17:23:11 video. TCT231
----------------------------AMR-42-12XX-sip
3/19 12:23:14 audio. SEP073
----------------------------CSF678

Note:- where in 1st event shows in device type (callingpartydevice=CSF123 to calledpartydevice=TCT312).

I only need CSF*,TCT*,TAB* models from device_type.

  1. I need time chart per day with separate audio chart vs video chart with devicetypes (CSF,TCT,TAB) only.
  2. I also can do multi-series mode to compare audio and video.
0 Karma

adonio
Ultra Champion

can you kindly elabore?
i am not clear as to how your data looks like and what: "1st event shows in device type (callingpartydevice=CSF123 to calledpartydevice=TCT312)." means
in general, you can do something like this:
... your search ... (device_type=CSF* OR device_type=TCT* OR device_type=TAB*) | timechart span=1d count as event_count by device_type

hope it helps

0 Karma

splunkuseradmin
Path Finder

these are the fields till where i have reach with logs.
this point i have these fields in my table, so i need to make a timechart using this by extracting needed data and making either statcked bar chart or individual chart by showing audio vs video for those particular models only.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...