Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About nishantberiwal
nishantberiwal
New Member
Member since:
04-28-2020
06-05-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 04-28-2020 |
Activity Feed
- Posted Re: Alternate to EventStats | Using EventStats for a longer duration results in data loss on Splunk Search. 05-05-2020 01:27 AM
- Posted Re: Alternate to EventStats | Using EventStats for a longer duration results in data loss on Splunk Search. 05-05-2020 01:09 AM
- Posted Re: Alternate to EventStats | Using EventStats for a longer duration results in data loss on Splunk Search. 05-05-2020 12:46 AM
- Posted Re: Alternate to EventStats | Using EventStats for a longer duration results in data loss on Splunk Search. 05-05-2020 12:45 AM
- Posted Re: Alternate to EventStats | Using EventStats for a longer duration results in data loss on Splunk Search. 05-05-2020 12:36 AM
- Posted Alternate to EventStats | Using EventStats for a longer duration results in data loss on Splunk Search. 04-28-2020 12:09 AM
- Tagged Alternate to EventStats | Using EventStats for a longer duration results in data loss on Splunk Search. 04-28-2020 12:09 AM
- Tagged Alternate to EventStats | Using EventStats for a longer duration results in data loss on Splunk Search. 04-28-2020 12:09 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
05-05-2020
01:27 AM
The Join query on 3 days not only returned results but also took about 430 KB compared to single query which is not able to handle 3days plus consumes 450 MB
... View more
05-05-2020
01:09 AM
Lastly - This query could not keep up when did 3 days, but it was a great alternative.....The only alternate way I found to make this work is by joining 3 different queries where 'Total' is calculated separately and 'ErrorMsg' is counted separately.
... View more
05-05-2020
12:46 AM
Can you tell what does this "first(Total) as Total" do.
its also working if I simply do 'by Total'
... View more
05-05-2020
12:45 AM
Actually ignore me the first solution worked, there need to be 'vldcxrs' also in the fields line
... View more
05-05-2020
12:36 AM
Thanks, I am using the first solution where when adding this line
first(Total) as Total by ErrorMsg, tpid, carrierCode
It resulting in no results to be displayed for some reason.
... View more
04-28-2020
12:09 AM
Hi Team,
Is there an alternative to count all the events to 'eventstats' using it results in data loss if exceed the duration only works fine until 6 or 7 hours so.
My search is basis 'transactionStatus = all', it works fine if I specify it as 'Failed' but using fail it doesnt calculate percentage by Total...but only by Total failed events or data count.
My BaseSearch.... **transactionStatus=*** earliest=-**1d**
| eventstats count as "Total"
| rex field=_raw "Error response from Sabre pad for getDetails : ErrorType : BusinessLogic Code : ERR.SWS.HOST.ERROR_IN_RESPONSE, Message\s*:\s*(?.+)"
| rex field=vldCxrs "carrierCode=(?..)"
| search carrierCode=*
| stats count(eval(transactionStatus="FAILED")) as "Failed_Count" by Total, ErrorMsg, tpid, carrierCode
| eval Error_Percent=round((Failed_Count/Total)*100,2)
| fields tpid, carrierCode, ErrorMsg, Error_Percent, Failed_Count, Total
| sort -Failed_Count
Regards
Nishant
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
