×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
amar85
New Member
Member since: ‎02-12-2018
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-12-2018
Activity Feed
View All

Re: How to write a splunk query, where I need to s...

by in Splunk Search
‎02-13-2018 02:50 PM
‎02-13-2018 02:50 PM
[EDIT] That worked but I just slightly changed the way I am saving logs to splunk. So in Query 2- In my code I am saving like ( "Second message length{length} date{date}) length is something that I am setting dynamically in my code. date will be today's date. So, basically I will be extracting the value of length from Query 2 where date = "some random date" and then I will compare it with the count of Query 1 Query 1- index=staging "service-name" "First message" | timechart count by data.status ... View more

Re: How to write a splunk query, where I need to s...

by in Splunk Search
‎02-13-2018 10:26 AM
‎02-13-2018 10:26 AM
So my query looks like - Query 1- index=staging "service-name" "First message" | timechart count by data.status Query 2- index=staging "service-name" "Second message" | timechart count by data.status (This second query is bit tricky, as I need to extract the total items from a hashtable (which I am logging to splunk). So the count of Query 2 will be total items in that hashtable where key = "Second message" ) And then I need to send an alert if Count of Query 1 is not equal to Query 2 ... View more

Re: How to write a splunk query, where I need to s...

by in Splunk Search
‎02-12-2018 02:40 PM
‎02-12-2018 02:40 PM
Thank you for quick reply. "First" is literally a keyword that's how I am saving my logs to splunk But in the case of "second" I am actually logging a hashtable. So in my code I am doing something like this ("second", List( of Objects )) where "Second" is the key name. Value is the List( of Objects ). I will be actually comparing the count List( of Objects ) with the count of "First" ... View more

How to write a splunk query, where I need to send ...

by in Splunk Search
‎02-12-2018 02:20 PM
‎02-12-2018 02:20 PM
I am writing a Splunk query where I need to send an alert if the count of both queries are not same. I am trying something like this - (index=staging AND "service-name" ) AND {"first" | stats count by data.message} as query1 AND {"second" | stats count by data.message} as query2 | eval compare=if(match(query1,query2),"True","False") This doesn't return anything. Can anyone point me in the right direction ? Query 1- index=staging "service-name" "First message" | timechart count by data.status Query 2- index=staging "service-name" "Second message" | timechart count by data.status In my code I am saving logs like ( "Second message length{length} date{date}) length is something that I am setting dynamically in my code. date will be today's date or any random date. So, basically I need to extract the value of length from Query 2 where date = "some random date" and then I will compare it with the count of Query 1 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM