Splunk Search

how to search event occurrence in the span of 0 to 2 seconds and 2 to 5 seconds and above 10 seconds

john_q
Explorer

i have a data which consists of multiple exceptions . so i have to figure out how many exceptions are occurred like 0 to 2 seconds and 2 to 5 seconds and 5 to 10 seconds timerenge in the span of last 24 hours. can you please tell me the search query . thanks in advance

i want to show output like:

ExcepitonsCount_0to2sec ExcepitonsCount_2to5sec ExcepitonsCount_5to10sec ExcepitonsCount_above10sec
101 102 103 104

Tags (1)
0 Karma
1 Solution

renjith_nair
SplunkTrust
SplunkTrust

Hi @john_q,

Does this work for you ?

"your search to filter exceptions"|timechart span=1s count|streamstats count as sec
|stats sum(eval(if(sec<3,count,null()))) as ExcepitonsCount_0to2sec ,sum(eval(if(sec>2 AND sec<6,count,null()))) as ExcepitonsCount_2to5sec ,sum(eval(if(sec>5 AND sec<11,count,null()))) as ExcepitonsCount_5to10sec ,sum(eval(if(sec>10,count,null()))) as ExcepitonsCount_above10sec
Happy Splunking!

View solution in original post

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Hi @john_q,

Does this work for you ?

"your search to filter exceptions"|timechart span=1s count|streamstats count as sec
|stats sum(eval(if(sec<3,count,null()))) as ExcepitonsCount_0to2sec ,sum(eval(if(sec>2 AND sec<6,count,null()))) as ExcepitonsCount_2to5sec ,sum(eval(if(sec>5 AND sec<11,count,null()))) as ExcepitonsCount_5to10sec ,sum(eval(if(sec>10,count,null()))) as ExcepitonsCount_above10sec
Happy Splunking!
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...