×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Brad
Explorer
Member since: ‎07-23-2024
‎11-22-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎07-23-2024
Activity Feed
Topics I've Started
View All

Re: Finding changes in a field

by in Splunk Search
‎11-22-2024 05:06 AM
‎11-22-2024 05:06 AM
OK, trying: index="myindex" host="our-hosts*" source="/var/log/nic-errors.log" | rex "RX\serrors\s(?<rxError>\d+)\s" | rex "RX\spackets\s(?<rxPackets>\d+)\s" | rex "RX\serrors\s+\d+\s+dropped\s(?<rxDrop>\d+)\s" | sort - _time | streamstats current=f last(rxError) as priorErr last(_time) as priorTim by host | where not (rxError=priorErr) | chart last(rxError), last(rxPackets), last(rxDrop) by host Will that show me when rxError changes? ... View more

Re: Finding changes in a field

by in Splunk Search
‎11-22-2024 04:51 AM
‎11-22-2024 04:51 AM
Right now I'm just running proof of concept.  I'll move the field definitions to the indexers later.  Right now I'm trying to detect if diff pos1=last(rxError) pos2=last-1(rxError) I want to detect when the value or rxError changes from last-1 to last.  Working on that.   ... View more

Re: Finding changes in a field

by in Splunk Search
‎11-22-2024 04:06 AM
‎11-22-2024 04:06 AM
We are collecting every 10 minutes and have about 1000 servers with another 1000 coming early next year.  We have interest long term in monitoring all of the output for general network health.  The task at hand is being able to check if there are network issues when we also notice Ceph OSD issues.  The advice for that is to look for dropped packets on the host side.  So, that is what I'm trying to capture and detect when the dropped packet value changes.   ... View more

Finding changes in a field

by in Splunk Search
‎11-21-2024 09:19 AM
‎11-21-2024 09:19 AM
We are trying to watch the NIC statistics for our OS interfaces.  We are gathering data from a simple   ifconfig eth0 | grep -E 'dropped|packets' > /var/log/nic-errors.log   For my search, I have:   index="myindex" host="our-hosts*" source="/var/log/nic-errors.log" | rex "RX\serrors\s(?<rxError>\d+)\s" | rex "RX\spackets\s(?<rxPackets>\d+)\s" | rex "RX\serrors\s+\d+\s+dropped\s(?<rxDrop>\d+)\s" | chart last(rxError), last(rxPackets), last(rxDrop) by host   which displays the base data.  Now I want to watch if rxError increases and flag that.  Any ideas? The input data will look something like:   RX packets 2165342 bytes 33209324712 (3.0 GiB) RX errors 0 dropped 123 overruns 0 frame 0 TX packets 1988336 bytes 2848819271 (2.6 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-22-2024 11:03 AM
Karma given to
View All