Splunk Search

How to show status of two urls of which one is printed in logs and other should have default value in a table format?

sid1808
Loves-to-Learn

Hi I have a task to display the Status of two of the urls in the following table format :

URL Name In Usage Status
http://lonmd1273241:4001/gmsg-mds/ Yes Up
http://sfomd1273241:4001/gmsg-mds/ No Up

 

The http://lonmd1273241:4001/gmsg-mds/ is printed in live logs for the application and the http://sfomd1273241:4001/gmsg-mds/ is not printed in logs. Can someone please help with a query to cretae such a table in a dashboard. Status code is also printed in logs  for http://lonmd1273241:4001/gmsg-mds/  which is used to display status column.

Any help with query to produce such a dashboard would be help full 

Labels (6)
0 Karma

sid1808
Loves-to-Learn

Got your point but how to display this as a table format

 

0 Karma

martinpu
Communicator

stats command results in tabular results.

It depends on your data format, the query assumes your search outputs a field with name  'URL name' and contains a field with name Status.

Try running the query with the 
| search index=your_index your_keywords 
to see if you get results

and then add the stats command to the end and see if there are results from that.

Probably your fields are named differently or your base query doesn't get the results you want.

0 Karma

martinpu
Communicator

Make a lookup file with the URL names in format: 

URL name
http://lonmd1273241:4001/gmsg-mds/
http://sfomd1273241:4001/gmsg-mds/



| inputlookup gmsg-mds_urls.csv
| join 'URL name'
[ search your query 
| stats latest(Status) as Status, count as appearance_count by 'URL name']
| eval  'In Usage'=if(appearance_count>0, "Yes","No")
| table 'URL name' 'In Usage' Status


If the values 'In Usage' & Status are to be retrieved from the logs then you need the URL to also be in logs.
If you need additional URLs to be visible then modify the lookup file to add them, they should be an exact match otherwise the join will not work.

 

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...