×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
bjwarner
Engager
Member since: ‎08-02-2012
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎08-02-2012
Activity Feed
View All

Re: Searching across multiple saved searches

by in Splunk Search
‎10-04-2012 03:13 PM
‎10-04-2012 03:13 PM
Hi there. Thanks very much for your answer. Event types look to be just what I'm after. The query you entered "* | timechart count(eventtype)" shows a total across all event types. Do you know how I would write a query to show each eventtype as a separate line on the graph? ... View more

Searching across multiple saved searches

by in Splunk Search
‎10-03-2012 04:16 PM
‎10-03-2012 04:16 PM
Hi there, I am trying to use splunk to understand the alerts that are coming out of our system. We get approx 35K alerts per week. We currently use a series of bash/grep/awk scripts to process and get stats on these alerts, but I'm trying to see if it's any easier with splunk. I've setup a number of saved searches in splunk which correspond to "known errors/warnings" which occur in our system. These are just text patterns. There will be approx 100 of these saved searches once I've finished entering them. I'd like to build a report/chart, that we can run daily/weekly which shows: The number of matches for each saved search across a given period. Possibly some way of seeing a stacked histogram of matches for each saved search. This would aid in seeing correlations between different known errors. The number of lines which do NOT match ANY saved search. This is valuable information as it points to errors/warnings that we don't know about. I realize that this might be a big ask! Cheers, Ben ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All