Splunk Enterprise

table dataset



The query above calculates some fields for period of time as at the time picker
also, we have an alert which every 6 minutes the values for 2 minuets
i want to save the results of the alert and at the end calculate the results of a whole week

i saw that there is an option to use table dataset

my question is if table dataset is the right option, if yes - how can i do it
if not, what is the best way to achieve my goal 

| stats count as Total_Requests 
    count(eval(Request_Status=500 OR Request_Status=501 OR Request_Status=502 OR Request_Status=503 OR Request_Status=599 OR F5_statusCode=0 OR F5_statusCode="connection limit")) as Requests_Returned_Errors
    count(eval(Request_Status=504 OR F5_serverTime>20000)) as Requests_Returned_Timeouts 
    by API 

| fields API Total_Requests Requests_Returned_Errors Requests_Returned_Timeouts 
| lookup APIs_Owners.csv API OUTPUT Owner 
| eval
    Owner = if(isnotnull(Owner) , Owner ,"null - edit lookup") 
| fields API Total_Requests TotalErrors Requests_Returned_Errors Requests_Returned_Timeouts SLO* Owner


Labels (1)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...