×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ccntech
Explorer
Member since: ‎02-25-2022
‎05-12-2022
Community Statistics
Posts 5
Solutions 0
Karma Given 2
Karma Received 1
Member Since ‎02-25-2022
Activity Feed
View All

Is there a way for me to read the contents of the ...

by in Splunk Search
‎03-23-2022 09:26 AM
‎03-23-2022 09:26 AM
we have a dashboard that checks endpoint health and creates a message, "Endpoint XYZ is available" The source is a path to a script /u01/splunk/etc/apps/<app_name>/bin/ping.sh Is there a way for me to read the contents of the script from the search bar? Is it possible to overwrite or append the script from the search bar if I am an app owner? I do not have Splunk server command line access. ... View more

Re: Monthly reporting

by in Splunk Search
‎03-21-2022 05:46 AM
1 Karma
‎03-21-2022 05:46 AM
1 Karma
that worked perfectly! Wow I cannot believe the power of the community.  you answered the post within about 5 minutes. Thank you so much. ... View more

Monthly reporting

by in Splunk Search
‎03-21-2022 05:37 AM
‎03-21-2022 05:37 AM
I am trying to create a report that will show month over month reporting for web service average response time as a percentage against a threshold sourcetype="web_logs" `web_resp_index` * | bucket _time span=month | stats count as total_count count(eval(resp_time>=500)) as fail_count count(eval(resp_time<500)) as success_count count(eval(resp_time=="")) as null_count by source _time | eval success_percent=round((resp_count/total_count)*100,2) | eval _time=strftime(_time, "%b") | Fields - total_count fail_count success_count null_count I now have : source _time success_percent www1 Jan 94.6 www1 Feb 93.2 www1 Mar 94.3 www2 Jan 98.5 www2 Feb 92.4 www2 Mar 84   I am looking to transpose and group so that I have 1 row per source and monthly columns Source Jan Feb Mar www1 94.6 93.2 94.3 www2 98.5 92.4 84 ... View more
Labels

Re: How to produce a table that can display 5xx st...

by in Splunk Search
‎03-12-2022 05:08 AM
‎03-12-2022 05:08 AM
This is perfect! Thank you for such a quick reply!  ... View more

How to produce a table that can display 5xx status...

by in Splunk Search
‎03-11-2022 06:05 PM
‎03-11-2022 06:05 PM
I am trying to produce a table that can display 5xx status code counts per host over a timeframe (this will eventually be month, but for the purpose of this example will be by day). I downloaded the tutorial data  with apache logs and can see the data spans 8 days: source="access.log" host="www*" sourcetype="access_combined_wcookie" status=500 |timechart span=1d count by host I want to take this and analyze web server log files at work and increase span to 1 month. Is there a way for me to pivot /transform this data to get a breakdown that would provide the following table: Daily 500 status code dashboard host 02-25-22 02-26-22 02-27-22 etc 03-03-22 www1 13 39 35 etc 28 www2 24 31 45 etc 35 www3 18 51 34 etc 36   As stated above, I would like this by MONTH: Jan, Feb Mar etc so teams can glance at this table and see which hosts are improving/degrading or meeting SLOs etc. I do not want to create a bar chart, but rather keep the above format.   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-12-2022 05:52 PM
Karma from
View All
Karma given to
View All