Activity Feed
- Posted Splunk Search Optimization on Splunk Search. 09-09-2024 06:22 AM
- Posted Re: Splunk Dashboard using panels - Performance issue during loading on Dashboards & Visualizations. 08-05-2024 06:35 AM
- Posted Splunk Dashboard using panels - Performance issue during loading on Dashboards & Visualizations. 08-05-2024 03:24 AM
- Tagged Splunk Dashboard using panels - Performance issue during loading on Dashboards & Visualizations. 08-05-2024 03:24 AM
- Posted Log file validation based on serverhost and source on Splunk Search. 06-10-2024 05:20 AM
- Karma Re: Alert notification whenever any server(s) log not updating more than an hour for richgalloway. 02-18-2024 09:50 AM
- Karma Re: Alert notification whenever any server(s) log not updating more than an hour for gcusello. 02-18-2024 09:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
09-09-2024
06:22 AM
Hi Team, As per business requirement, need to get below details from same autosys batch and corresponding outputs to be displayed on the single row in a table: 1. Last execution time 2. Execution time of specific search keyword i.e., Completed invokexPressionJob and obtained queue id :: 3. Number of times "ERROR" keyword present
index="<indexid>" Appid="<appid>" host IN (<host01>) source="<log_path01>"
| stats latest(_time) as latest_time
| convert ctime(latest_time)
| append [search index="<indexid>" Appid="<appid>" host IN (<host01>) source="<log_path01>"
| search "Completed invokexPressionJob and obtained queue id ::"
| stats latest(_time) as last_success_time
| convert ctime(last_success_time)]
| append [search index="<indexid>" Appid="<appid>" host IN (<host01>) source="<log_path01>"
| rex field=_raw "\s(?P<level>[^\/]+)\s\[main\]"
| stats count(level) by level
| WHERE level IN ("ERROR")] | append [| makeresults | eval job_name="Print Job"]
| table latest_time last_success_time count(level) job_name
| stats list(*) as *
Above query works fine. From query performance prospective, am I achieving the output right way? Is there any other better to achieve it? Because, similar set to query I need to apply to 10 other batch jobs inside the Splunk dashboard. Kindly suggest!!
... View more
08-05-2024
06:35 AM
Thanks rickgalloway for quick response. Sorry, its typo error --> I need to display for last 7 days ONLY (BUT, NOT for 7 years)
... View more
08-05-2024
03:24 AM
Hi Team, I am developing Splunk dashboard to provide the weekly restart status of all enterprise application servers. Since this dashboard is intended to show the restart status for last 7 days of huge server count, totally 18 panels have been developed and using <condition match="****> option, I am hiding/un-hiding these panels for last 7 years. During validation, there's a delay in loading the panels due to performance factor and I am not sure, whether design approach followed is correct or not. Kindly advise how to effective improve the response time while loading the panels.
... View more
- Tags:
- panel condition
Labels
- Labels:
-
Classic dashboard
06-10-2024
05:20 AM
Hi Team, For a business requirement, I need to validate log file generated for last an hour with combination of host and source in below order: Host Source server001 c\:...\logpath1.txt server002 c\:...\logpath2.txt server003 c\:...\logpath3.txt server004 c\:...\logpath4.txt server005 c\:...\logpath5.txt I knew, inputlookup keyword is single column based; however, I need it two columns to check the log file. Can you please suggest what is the best to accomplish my requirement? Thanks in advance!
... View more
Labels
- Labels:
-
lookup
