About ARaman77

ARaman77 · ‎03-28-2022

Hi we have a microservices based system and have several services running , the developers put unti a lookup table the complete search string, . I am ablr to retrieve the string from lookup but not able to execute it | inputlookup searchstring.csv | streamstats count as Rowcount | where Rowcount =1 | search Search_String a sample of what is there in Search_String , this one is simple but sometimes there are complex queries index=abc* AND source= xyz* AND host=* AND ERROR=50* | stats count as 5xx_Errors how to make the Search string in lookup execute

ARaman77 · ‎03-12-2021

I did use the where clause and it dint work

ARaman77 · ‎03-11-2021

My question is not on the search string, my question is how to use field like CorrelationID, SessionID or TransactionID as a variable

ARaman77 · ‎03-11-2021

I have a question, in microservice based platform where are getting several logs for the different application. Each application tracks unique transactions via a id, either a CorrelationId, SessionId, transactionid I want to be able to put this is a lookup application.csv file and use it for same dashboard so my lookup will look like Application SourceLogs Unique_Identifier App1 Application1.logs CorrelationId App2 Application2.logs SessionId App3 Application3.logs TransactionId I have created a input where the user can select the Application via tkn_app index=application_logs | lookup application.csv SourceLogs as source | search Application=$tkn_app$ | bin span=5m _time | stats dc(Unique_Identifier) AS TPS by _time however this searches for Correlationid , SessionId and TransactionId and not the actual values, how to I make it so Unique_Identfier searches for the right metadata Note the logs are in json format, so the fields Correlationid , SessionId and TransactionId are autodetected by Splunk

ARaman77 · ‎10-21-2020

I am sorry if my questions are naive , but after some working around I was able to extract some CPU information index=oslogs AND host=xxxxxx AND sourcetype=top AND pctCPU>0 | stats avg(pctCPU) as avgCPU by PID however the PID will change on redeployment and restart of service , is there a way to get the process name to get the same query

ARaman77 · ‎10-17-2020

There are some liberty services and in some host we have many microservice , I want to monitor CPU / memory usage in the particular host , is there a splunk query that will help me get this

ARaman77 · ‎10-10-2020

I want the colour of errCount to change depending on whether is greater 200, 100 or Less than 100

ARaman77 · ‎10-09-2020

Can you let me know how to use it

ARaman77 · ‎10-09-2020

Sorry its not working

ARaman77 · ‎10-09-2020

I am trying to create a timechart of errors with but is not working index=xxx AND source = xxxx AND (Error* OR Exception*) | timechart distinct_count(txnid) as errCount | eval RAG = case ( errCount > 200, “Red”, errCount > 100 AND errCount <=200, “Amber” , 1==1, “ Green”) <option name=“charting.fieldcolors”>{“Red”: 0xD93F3C, “Amber”: 0xFF9933, “Green”: 0x009933}</option>

Posts	11
Solutions	0
Karma Given	0
Karma Received	1
Member Since	‎10-09-2020

Online Status	Offline
Date Last Visited	‎03-29-2022 03:23 AM

How to complete search string in lookup?

Fields as variables

CPU utilization

Colour in timechart

How to complete search string in lookup?

Re: Fields as variables

Re: Fields as variables

Fields as variables

Re: CPU utilization

CPU utilization

Re: Colour in timechart

Re: Colour in timechart

Re: Colour in timechart

Colour in timechart