Splunk Search

nomv similar values with count

niyaz006
Path Finder

I have data like below,

TaskName - Status
Task 1 - New
Task 1 - Running
Task 1 - Running
Task 1 - Pause
Task 1 - Running
Task 1 - Done

I want the output to be,
New(1) - Running(2) - Pause(1) - Running(1) - Done(1).

I was able to get New - Running - Running - Pause - Running - Done with the below query,

index="default" | stats list(status) as status delim=" - " by task | nomv status
0 Karma

koshyk
Super Champion

But how are you going to differentiate the Running(2) and Running(1) in the 3rd occurence? Its same Task as well, so you want to do transaction when the job state changes?

0 Karma

niyaz006
Path Finder

I want to figure out how many statuses each task changes before it gets completed. That way, we want to categorize the simple running jobs without much status changes... and ones which undergo lot of status changes (it could be that there are manual interventions required). So we can try and figure out which one can be automated and which ones require optimization.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...