cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
vamshiverma
Explorer
Member since: ‎09-25-2020
‎09-30-2020
Community Statistics
Posts 8
Solutions 0
Karma Given 5
Karma Received 0
Member Since ‎09-25-2020
Activity Feed
View All

Re: How to count valid and invalid requests at the...

by in Splunk Search
‎09-30-2020 01:53 AM
‎09-30-2020 01:53 AM
@richgalloway   slick and smooth way to solve, thanks a lot!! 😊 ... View more

Re: How to count valid and invalid requests at the...

by in Splunk Search
‎09-30-2020 01:50 AM
‎09-30-2020 01:50 AM
Thank you !! @Nisha18789  , it's working. 😀 ... View more

Re: How to count valid and invalid requests at the...

by in Splunk Search
‎09-30-2020 01:48 AM
‎09-30-2020 01:48 AM
Thank you! @askkawalkar. It helped a lot. Awesome!😊 ... View more

Re: How to count valid and invalid requests at the...

by in Splunk Search
‎09-29-2020 12:58 PM
‎09-29-2020 12:58 PM
@richgalloway Thank you for the reply, I appreciate it. I tried to run the same query but it is throwing "Error in 'eval' command: The arguments to the 'searchmatch' function are invalid."     ... View more

How to count valid and invalid requests at the sam...

by in Splunk Search
‎09-29-2020 11:14 AM
‎09-29-2020 11:14 AM
Hello, I want to display the total count of events and failed events count. In my case, it is determined by the field DETAIL The following query does return the count by sourcetype "foo.bar.* and having error or exception.     index=myindex sourcetype=foo.bar.* DETAIL ="*error*" OR DETAIL ="*exception*"| stats count(UNIQUE_ID) as Fail by sourcetype     Sourcetype Fail foo.bar.cat 3 foo.bar.dog 2     I tried to query using the following to determine total events for individual sourcetype and the fails for the same. But, the fails are always returned as zero.       index=myindex sourcetype=foo.bar*| eventstats count(UNIQUE_ID) as Total by sourcetype | search index=myindex sourcetype=foo.bar* DETAIL ="*error*" OR DETAIL ="*exception*"|stats count(UNIQUE_ID) as Fail by src| fields sourcetype Total Fail     Sourcetype Total Fail foo.bar.cat 153 0 foo.bar.dog 128 0   I tried using subsearch for the below query, but this one doesn't even work at all.     index=myindex sourcetype=foo.bar*| eventstats count(UNIQUE_ID) as Total by sourcetype | stats count(eval( DETAIL ="*error*" OR DETAIL ="*exception*")) as fail values(Total) as Total by src | fields src Total fail       I appreciate your time and support! Thanks!! ... View more
Labels

Re: How to group by field and calculate Error rate...

by in Splunk Search
‎09-25-2020 09:59 AM
‎09-25-2020 09:59 AM
@493669  I wonder is there any way to return foo.bar.* services even they have no results. For example, using this query if I have no error rate for foo.bar.banana it is not showing up. I want to display all the servicenames regardless if the error_rate is non-existent, I want it to be default set to zero. -Thank you! ... View more

Re: How to group by field and calculate Error rate...

by in Splunk Search
‎09-25-2020 09:43 AM
‎09-25-2020 09:43 AM
@493669  Awesome! Worked like a charm. Thank you! ... View more

How to group by field and calculate Error rate ?

by in Splunk Search
‎09-25-2020 07:09 AM
‎09-25-2020 07:09 AM
Hello, I'm trying to determine the Error rate for individual servicename . I'm having trouble while performing group by followed by error_rate determining query. This is how I calculate the Count for the individual servicenames.   index=myindex ServiceName="foo.bar.*" |stats count by ServiceName   ServiceName Count foo.bar.apple 10 foo.bar.banana 20   The following query determines the failure rate i.e status NOT OK , for the entire service , in my case  apple and banana services.   index=myindex ServiceName="foo.bar*" | eventstats count(HTTPStatus) as Total | where HTTPStatus!=200 | stats count(HTTPStatus) as Error, values(Total) as Total | eval fail_rate = Error*100/Total | fields fail_rate   fail_rate 0.0012   I want to have something like below, individual error rates for the services foo.bar.apple, foo.bar.banana. ServiceName Count fail_rate foo.bar.apple 10 0.0010 foo.bar.banana 20 0.0014   This is the query I'm trying to achieve the above table. I'm aware that, we need store count for each service name and again we need to run the query separately to determine the fail count, we cannot do this in parallel.   index=myindex ServiceName="foo.bar*" | eventstats count(HTTPStatus) as Total by ServiceName | where HTTPStatus!=200 | stats count(HTTPStatus) as Error, values(Total) as Total | eval fail_rate = Error*100/Total | fields fail_rate     I appreciate your support and time! Vamshi.   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-30-2020 02:17 PM
Karma given to