cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ganeshkumarmoha
Explorer
Member since: ‎02-18-2024
‎09-13-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎02-18-2024
Activity Feed
View All

Splunk Search Optimization

by in Splunk Search
‎09-09-2024 06:22 AM
‎09-09-2024 06:22 AM
Hi Team, As per business requirement, need to get below details from same autosys batch and corresponding outputs to be displayed on the single row in a table: 1. Last execution time  2. Execution time of specific search keyword i.e., Completed invokexPressionJob and obtained queue id :: 3. Number of times "ERROR" keyword present index="<indexid>" Appid="<appid>" host IN (<host01>) source="<log_path01>" | stats latest(_time) as latest_time | convert ctime(latest_time) | append [search index="<indexid>" Appid="<appid>" host IN (<host01>) source="<log_path01>" | search "Completed invokexPressionJob and obtained queue id ::" | stats latest(_time) as last_success_time | convert ctime(last_success_time)] | append [search index="<indexid>" Appid="<appid>" host IN (<host01>) source="<log_path01>" | rex field=_raw "\s(?P<level>[^\/]+)\s\[main\]" | stats count(level) by level | WHERE level IN ("ERROR")] | append [| makeresults | eval job_name="Print Job"] | table latest_time last_success_time count(level) job_name | stats list(*) as * Above query works fine. From query performance prospective, am I achieving the output right way? Is there any other better to achieve it? Because, similar set to query I need to apply to 10 other batch jobs inside the Splunk dashboard. Kindly suggest!! ... View more
Labels

Re: Splunk Dashboard using panels - Performance is...

by in Dashboards & Visualizations
‎08-05-2024 06:35 AM
‎08-05-2024 06:35 AM
Thanks rickgalloway for quick response. Sorry, its typo error --> I need to display for last 7 days ONLY (BUT, NOT for 7 years)   ... View more

Splunk Dashboard using panels - Performance issue ...

by in Dashboards & Visualizations
‎08-05-2024 03:24 AM
‎08-05-2024 03:24 AM
Hi Team, I am developing Splunk dashboard to provide the weekly restart status of all enterprise application servers. Since this dashboard is intended to show the restart status for last 7 days of huge server count, totally 18 panels have been developed and using <condition match="****> option, I am hiding/un-hiding these panels for last 7 years. During validation, there's a delay in loading the panels due to performance factor and I am not sure, whether design approach followed is correct or not. Kindly advise how to effective improve the response time while loading the panels. ... View more
Labels

Log file validation based on serverhost and source

by in Splunk Search
‎06-10-2024 05:20 AM
‎06-10-2024 05:20 AM
Hi Team, For a business requirement, I need to validate log file generated for last an hour with combination of host and source in below order: Host  Source server001 c\:...\logpath1.txt server002 c\:...\logpath2.txt server003 c\:...\logpath3.txt server004 c\:...\logpath4.txt server005 c\:...\logpath5.txt   I knew, inputlookup keyword is single column based; however, I need it two columns to check the log file. Can you please suggest what is the best to accomplish my requirement? Thanks in advance! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-13-2024 12:32 AM
Karma given to
View All