traverse through each record and check whether tha...

avi123 · ‎07-08-2024

Hi All,

I have one set of output having 8 closed tickets for two consecutive months as a result of splunk query. I also need to check whether each one of them breached SLAs or not based on their level of priority. How to traverse through each and every record through splunk query?

Please Note: I also need to put in the formula to check which tickets got breached and what is the breach age and finally average age for breach of tickets. Please suggest how to proceed with this use case.

ITWhisperer · ‎07-08-2024

It depends on what data you have in your events and how they are linked. For example, is the ticket number unique to the ticket. Do subsequent events contain all the information from previous events for the same ticket? Is the SLA fixed for all tickets or is there a way to determine that the SLA is from the ticket (via a lookup perhaps)? Please provide more detail, ideally some anonymised representative sample events so we can see what you are dealing with.

traverse through each record and check whether that ticket breached SLA or not

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI

Join the Conversation

traverse through each record and check whether that ticket breached SLA or not

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI