cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
samakshkhatri
Engager
Member since: ‎02-09-2022
‎02-28-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎02-09-2022
View All

Why is Lookup file not being created within app co...

by in All Apps and Add-ons
‎02-10-2022 03:25 AM
‎02-10-2022 03:25 AM
I have an application named "TA-training_samaksh_for_splunk". I have to run the following query   index="training_samaksh" source="/home/devuser/tutorialdata/www1/access.log" | table ip_address, request_method,time_taken | outputlookup createinapp=true testwritecsv_lookup   The transforms.conf has the following lookup defined [testwritecsv_lookup] filename = test.csv The "test.csv" file always get created/updated in the "/splunk/etc/apps/search/lookups" or "/spunk/etc/users/<username>/TA-training_samaksh_for_splunk/lookups" and not in "/splunk/etc/apps/TA-training_samaksh_for_splunk/lookups" even though I am running the search within the app.  Any solution for this? ... View more
Labels

Re: How to get count for different values in a fie...

by in Splunk Search
‎02-09-2022 11:36 PM
1 Karma
‎02-09-2022 11:36 PM
1 Karma
This worked! Thanks a lot ... View more

How to get count for different values in a field w...

by in Splunk Search
‎02-09-2022 11:18 PM
‎02-09-2022 11:18 PM
I have a Data Model called Web_Events with a root object called Access.  There is a field in Access called 'status_category' with values "client error", "server error", "okay" or "other". I am trying to list the count of events which have 'status_catgory' as "client error" and "server error" hour by hour So I want to generate a table of following format _time client_error_count server_error_count 2022-01-26:17:30:00 <count of client error> <count of server error> 2022-01-26:18:30:00 <count of client error> <count of server error>   Can anyone help me with this? The closest I could achieve was as following:  _time Access.status_category error_count 2022-01-26:17:30:00 server error 2 2022-01-26:18:30:00 client error 6 2022-01-26:18:30:00 server error 7   with help of this query: (status_code is another field which contains values of HTTP status codes) | tstats count(Access.status_code) as error_count from datamodel=Web_Events.Access where Access.status_code!=200 earliest="01/26/2022:00:00:00" latest="02/02/2022:23:59:59" BY Access.status_category _time span=1h | table _time, Access.status_category, error_count | sort _time   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-28-2022 08:24 AM
Karma from
View All