Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to convert the for loop in to splunk search

beenagulzar
New Member
‎02-15-2017 01:38 AM

i have a for loop statement need to get converted to splunk query .. i am not aware how to store the variable and use that in later search kindly need expert advice .

Here is the query
need to find the response time for the channel transaction
csv file has the following data :

Channel type time
channeltxn1 2210 09:10:00
channelmpn2 2210 09:12:15
channeltxn3 2210 10:12:00
channeltxn5 2210 12:00:00

channeltxn1 2100 10:16:00
channeltxn3 2100 11:11:00
channeltxn5 2100 11:15:00

for each unique Channel in to resultvalue where Channel=channeltxn* and type=2100
Responsetime ( (time where type=2210 and channel=resultvalue)- ( time where type=2100 and channel=resultvalue)) group by time in hour .

i can get the query for the first search but not aware how to store the value to resultvalue and get inside the loop for comparison. kindly need your help .

Thanks in advance.

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-15-2017 05:02 AM

Splunk doesn't do loops, searches work differently. Here's an approach, partly in pseudo-SPL:

| inputlookup your_lookup_here
... format the HH:MM:SS time into actual epoch values ...
| stats range(epoch_field) as duration values(type) as types by Channel

That will compute the difference between the smallest and largest time for each Channel, assuming each channel has exactly one request and response type. The values() will give you a list of types present for that Channel, mostly for checking/debugging.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...