×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
2chs
Explorer
Member since: ‎10-07-2020
‎11-25-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎10-07-2020
View All

How to fetch relevant data from the different log ...

by in Splunk Search
‎11-25-2020 02:13 AM
‎11-25-2020 02:13 AM
    Hi There, I need to fetch some data based on a unique ID from the different log lines can you please help me with the search query. Example for relevant logs with unique ID will be: Time=DDMMY ID=001 INFO Requester=Bob Time=DDMMY ID=001 INFO Request Type=Normal Time=DDMMYY ID=001 INFO Request Status=success   So, need them in this format Time                ID   Requester Request Type Request Status DDMMYY        001       Bob               Normal              Success   Please Help. Thanks in advance.   ... View more

How to merge search results into a meaningful data...

by in Splunk Search
‎10-16-2020 04:05 AM
‎10-16-2020 04:05 AM
Hi There, Need to combine these two searches meaningfully, can someone help please.   1st Query: index=xyz .... | chart count(serviceName) as total count(eval(isPolicySuccessful="true")) as successTotal by serviceName   which gives something like below; serviceName      total     successTotal srvc1                   26429       26344 srvc2                       80               80 srvc3                        12              12   2nd Query: index=xyz .... | bin _time span=1s | stats count AS TPS by _time serviceName | eventstats max(TPS) as peakTPS by _time serviceName | eval peakTime=if(peakTPS==TPS,_time,null()) | chart max(TPS) AS "PeakTPS" eval(round(avg(TPS),2)) AS "AVG TPS" min(TPS) AS "MinTPS" first(peakTime) as peakTime by serviceName | fieldformat peakTime=strftime(peakTime,"%x %X") which gives something like below: serviceName     PeakTPS       AVG TPS      MinTPS        peakTime srvc33                11                         1.64                 1             10/15/20 16:34:40 srvc1                     1                          1.00                 1             10/15/20 16:44:42 srvc5                    2                           1.63                 1             10/15/20 20:35:22   Now the problem is how to merge these two results into a meaningful one? something like below: serviceName      total     successTotal   PeakTPS       AVG TPS      MinTPS        peakTime srvc1                   26429       26344                  1                          1.00                 1             10/15/20 16:44:42   Please help! ... View more

Re: How to count the values of a field and add it ...

by in Splunk Search
‎10-07-2020 06:36 AM
‎10-07-2020 06:36 AM
Thanks @ITWhisperer but not sure if am missing something, I get the below error: Error in 'eval' command: The arguments to the 'if' function are invalid.   ... View more

How to count the values of a field and add it to e...

by in Splunk Search
‎10-07-2020 02:13 AM
‎10-07-2020 02:13 AM
Hi There,  we have a search which covers multiple values as below (each field has a single value) | chart count(serviceName) as total avg(totalFrontendLatency) as elapsetime max(totalFrontendLatency) as maxelapsetime I wanted to add two extra results to the same search, but this time the field has two values for example: if we want count of a field "Processed", it has two cases case1: Processed=true case1: Processed=false How to count these by true or false and show in the same table as above? Please help. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-25-2020 12:02 PM
Karma given to
View All